Attention travelers: The Department of Homeland Security and the U.S. Secret Service are both advising extreme caution when using hotel business center computers following the arrest of hackers suspected of compromising the devices with keylogging malware.
“The attacks were not sophisticated, requiring little technical skill, and did not involve the exploit of vulnerabilities in browsers, operating systems or other software,” explains the U.S. Secret Service in a July 10 memo to hotel operators. “The malicious actors were able to utilize a low-cost, high impact strategy to access a physical system, stealing sensitive data from hotels and subsequently their guests’ information.”
The crooks in question targeted hotels in the Dallas/Fort Worth area, but as the Secret Service explained, the act of installing malware on a publicly available computer requires little effort or tech know-how – heck, it likely happens by accident every single day. As such, you’re well advised to avoid using public hotel computers to access your personal email, banking or e-commerce accounts. Assume all public computers are loaded with malware, because given the high volume of people who use them daily, they probably are.
For starters, Techlicious recommends accessing your flight boarding pass using your airline's mobile app as a safety (and convenience!) measure where possible. And Krebs on Security has another great recommendation for travelers: If you must print something out at a hotel computer, create a throwaway email address and use your mobile device to forward the needed file to that address.
[Hotel computer via Shutterstock]