The FBI warned people traveling abroad that attackers are targeting users on hotel networks by tricking them into installing malware under the guise of software updates. The agency's Internet Crime Complaint Center says any government, business or academic personnel traveling abroad should be especially wary.
The FBI issued an advisory this week alerting international travelers about
attempts to infect their computers with malware when they log on to hotel
networks.
In an intelligence note from the FBI's Internet Crime Complaint Center
(IC3), the agency warned that attackers have been targeting travelers abroad
when they use the Internet connection in their hotel rooms. According to the
FBI, when the victims attempted to set up the hotel room Internet connection,
they were presented with a pop-up window notifying them to update a "widely-used
software product."
"If the user clicked to accept and install the update, malicious
software was installed on the laptop,"
according to IC3. "The
pop-up window appeared to be offering a routine update to a legitimate software
product for which updates are frequently available."
The FBI recommends checking the author or digital certificate of any
prompted update to see if it corresponds to the software vendor, and advises
travelers to update the software on their laptops immediately before traveling.
The warning follows a December report from Bloomberg that cited unnamed
sources alleging that iBAHN, one of the largest providers of hotel Internet
service in the world, had been compromised. The company has denied the
accusation. The FBI warning does not include any information about specific
hotel chains or service providers.
The scant details offered in the intelligence note, however, make it
difficult to know exactly what travelers should do beyond the basics, argued
Graham Cluley, senior technology consultant at Sophos.
"What's fascinating about the advisory is what it doesn't say,"
he
blogged. "And without more information it's hard to know how computer
users are supposed to take meaningful action to protect themselves other than follow
the normal advice of running security software, being careful what you install,
running a VPN to hide your browsing from snoopers, etc.
"It's certainly very peculiar that the FBI didn't share more
information in its warning, or mention where in the world it believes it has
seen these attacks taking place," he added. "By coincidence, earlier
this week, for the first time in almost ten years, a Chinese defense minister
visited the United States. The day before the FBI's warning was issued, US
Defense Secretary Leon Panetta met his Chinese counterpart Liang Guanglie in
Washington DC, and
told
the world's press that the two countries must work together to avoid cyber
war, and emphasized the
importance of the
relationship between China and the USA."
There is inherent risk in connecting to public WiFi networks due to the
ability of attackers to target unsuspecting users and peddle scams and malware,
said John Harrison, senior manager at Symantec Security Response.
"It is also unfortunately all too easy for hackers to set up rogue WiFi
access points with the sole purpose of intercepting your Internet
traffic€”whether that is accessing your social media and financial accounts or
tricking users with fake software updates," he said. "Just because a
network name says 'Free WiFi,' 'Hotel XYZ WiFi' or even the brand name of your
ISP or coffee shop does not ensure it is legitimate.
"Corporate users should only connect to their networks using VPN
software to ensure encrypted connections between their laptops and their
corporate networks," Harrison added.
"Beyond that, standard security best practices apply: They should use a
modern endpoint or Internet security software on their computers and mobile
devices, and they should be wary of any pop-ups requesting them to download
updates and other potential social engineering scams. Software updates should
only be installed through corporate software updating mechanisms, internal
servers or by users going directly to their software publishers' Websites."
Email
Print
