Our cyber attack team was hired by one of the leading hotel chains to simulate an attack on one of their central hotels in Europe. This hotel was a particularly interesting case study as it was a frequent choice for world leaders and high-level politicians. The property maintained a WiFi network, as is the norm with most hotels around the world.
Attacking the WiFi network
WiFi is typically a weak link in a hotel’s cybersecurity, as there is no isolation between the devices connected to the hotel network, meaning every guest can potentially be exposed to cyber-attacks. Since the WiFi password is visible, hackers could easily gain access, infect the entire network, and spy on the traffic of all the guests.
That’s is precisely what we did. We connected to the WiFi network, redirected every user to a fake portal that tricked them into downloading malware, allowing us to take over a laptop belonging to one of the hotel’s employees. From there, the rest was easy. We were able to access several folders that contained credentials for the hotel’s PMS systems. Armed with this information, we then connected to the hotel’s PMS systems allowing us to book rooms, read hotel guest information, and control the smart TVs of the hotel.