Possible Security Issues with the Wifi at the Hampton Inn
Dec 25, 2017, 8:02 pm
#1
Original Poster
Join Date: Jun 2012
Programs: HHonors:Gold,Marriot:Silver,United:Gold, Delta:Gold
Posts: 94
Possible Security Issues with the Wifi at the Hampton Inn
I'm noticing that I'm getting a lot of requests for sites that use a secure connection come back with invalid certificates. When I investigated it looks like the wifi is trying to replace the certificate. I'm not sure what's going on here, however this is a huge amount of concern for anyone trying to use the wifi for any personal or business communications. (I.e. bank, general web surfing, email, flyertalk, etc)
I'm im the Laurinburg, NC location, so I can't speak for the other locations.
Image of the browser notice:
https://pbs.twimg.com/media/DR23_ddVoAEFNrg.jpg
I'm im the Laurinburg, NC location, so I can't speak for the other locations.
Image of the browser notice:
https://pbs.twimg.com/media/DR23_ddVoAEFNrg.jpg
Dec 25, 2017, 8:38 pm
#2
Join Date: Jul 2014
Location: Madison, WI (MSN)
Programs: Delta Platinum, Hilton & Marriott Plastic Gold, Chick-fil-A Signature
Posts: 441
Have you actually signed in yet or did your 24 hours expire so you must sign in again? The wayport stuff is the gateway where you have to sign in to your hhonors account, enter room number and name, etc. Try visiting a non- HTTPS site (e.g. chicken.com) and see if you get redirected to the sign in gateway.
Dec 25, 2017, 8:51 pm
#4
Join Date: Jul 2017
Location: Ohio
Programs: Hilton Diamond, Marriott Titanium, Hyatt Globalist, American Platinum, Southwest A-list
Posts: 98
In today’s day and age, why on Earth would anyone use WiFi at a hotel or any public venue (coffee shops, etc.) to access bank accounts, credit card accounts, or any other sensitive information. I’m not excusing poor WiFi security, but at the same time, an ounce of prevention is worth a pound of cure. I personally NEVER access these accounts with public WiFi. I’ve known colleagues who have experienced banking and email hacking issues after using hotel WiFi (particularly at one non Hilton, independent hotel in Nashville). My suggestion is to treat all hotel/public WiFi as potentially compromised. To that end, I really only check the weather, news, hobby websites, etc. when using public WiFi. I don’t even log into my hotel or airline loyalty programs using public WiFi anymore!
Dec 25, 2017, 9:04 pm
#5
FlyerTalk Evangelist
Join Date: Sep 2002
Location: IND
Programs: DL PM & 2MM™, Lifetime HHonors Diamond
Posts: 20,889
In today’s day and age, why on Earth would anyone use WiFi at a hotel or any public venue (coffee shops, etc.) to access bank accounts, credit card accounts, or any other sensitive information. I’m not excusing poor WiFi security, but at the same time, an ounce of prevention is worth a pound of cure. I personally NEVER access these accounts with public WiFi. I’ve known colleagues who have experienced banking and email hacking issues after using hotel WiFi (particularly at one non Hilton, independent hotel in Nashville). My suggestion is to treat all hotel/public WiFi as potentially compromised. To that end, I really only check the weather, news, hobby websites, etc. when using public WiFi. I don’t even log into my hotel or airline loyalty programs using public WiFi anymore!
Dec 25, 2017, 10:21 pm
#7
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, Hilton Diamond, Marriott Something, IHG Gold, Hertz PC, Avis PC
Posts: 8,147
Note the last part of the message where it says :
This certificate is only valid for nmd.hil-lrnbghx.atl.wayport.net
wayport.net is the correct domain for the AT&T wifi portal system, so this is most likely just a case of the wifi portal being broken/confused and attempting to intercept your connections when it shouldn't be.
Other than trying to trigger send you to the login page so that you can login again there's probably not a lot you can do about it. You could try going to the address above but I'm not sure if that would trigger the login page or not...
This certificate is only valid for nmd.hil-lrnbghx.atl.wayport.net
wayport.net is the correct domain for the AT&T wifi portal system, so this is most likely just a case of the wifi portal being broken/confused and attempting to intercept your connections when it shouldn't be.
Other than trying to trigger send you to the login page so that you can login again there's probably not a lot you can do about it. You could try going to the address above but I'm not sure if that would trigger the login page or not...
Dec 26, 2017, 9:12 am
#9
Join Date: Feb 2013
Location: Beantown! (BOS)
Programs: AA PtPro (2 MM); Hilton Diamond; Hertz President Cr; DL SkyMiles; UA MileagePlus
Posts: 3,435
Looks like your device was disconnected from Wi-Fi connection and whatever reason Wi-Fi did not recognize your device. It is not common but it happens (nothing unique to Hilton Wi-Fi), do not think it was a security issue.
These days hackers are more sophisticated and scale is a lot larger than used to be. When tapping into somebody’s Wi-Fi connection a hacker can only get an information of only one user. Today many hackers try to break into main frame database of large corporations, such as what happened to Yahoo! and Equifax, and get information of million users at once. If you have a credit card, mortgage, work for a company, etc. then most likely your sensitive information is already out there in some large corporation’s database. Trying to not use public Wi-Fi may not have any added advantage as long as your personal data security is concerned.
These days hackers are more sophisticated and scale is a lot larger than used to be. When tapping into somebody’s Wi-Fi connection a hacker can only get an information of only one user. Today many hackers try to break into main frame database of large corporations, such as what happened to Yahoo! and Equifax, and get information of million users at once. If you have a credit card, mortgage, work for a company, etc. then most likely your sensitive information is already out there in some large corporation’s database. Trying to not use public Wi-Fi may not have any added advantage as long as your personal data security is concerned.
Dec 26, 2017, 10:19 am
#10
Join Date: Dec 2010
Location: DEN
Programs: AA EXP, AA Million Miles, Hilton Diamond
Posts: 2,581
Do: Diligently monitor your accounts and credit. Don't: be overly paranoid.
Back on topic: Agree with those posters saying this is likely an issue with the communication to the AT&T gateway. I've had plenty of Hampton and HGI stays where it regularly kicks me off irrespective of the 24 hour cycle.
Dec 26, 2017, 11:48 am
#11
Original Poster
Join Date: Jun 2012
Programs: HHonors:Gold,Marriot:Silver,United:Gold, Delta:Gold
Posts: 94
Because your mobile data service is completely secure and free from spoofing...
Do: Diligently monitor your accounts and credit. Don't: be overly paranoid.
Back on topic: Agree with those posters saying this is likely an issue with the communication to the AT&T gateway. I've had plenty of Hampton and HGI stays where it regularly kicks me off irrespective of the 24 hour cycle.
Do: Diligently monitor your accounts and credit. Don't: be overly paranoid.
Back on topic: Agree with those posters saying this is likely an issue with the communication to the AT&T gateway. I've had plenty of Hampton and HGI stays where it regularly kicks me off irrespective of the 24 hour cycle.
Dec 26, 2017, 12:31 pm
#12
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, Hilton Diamond, Marriott Something, IHG Gold, Hertz PC, Avis PC
Posts: 8,147
You still had to login thought, right? Did you use your Honors credentials to do that? Are you sure that was legit?
https://blog.docbert.org/spoofing-public-wifi-networks/ is worth a read... (In this case it was only done when there was no wifi, but it's equally easy to do when there is real wifi)
https://blog.docbert.org/spoofing-public-wifi-networks/ is worth a read... (In this case it was only done when there was no wifi, but it's equally easy to do when there is real wifi)
Dec 26, 2017, 2:44 pm
#13
Original Poster
Join Date: Jun 2012
Programs: HHonors:Gold,Marriot:Silver,United:Gold, Delta:Gold
Posts: 94
You still had to login thought, right? Did you use your Honors credentials to do that? Are you sure that was legit?
https://blog.docbert.org/spoofing-public-wifi-networks/ is worth a read... (In this case it was only done when there was no wifi, but it's equally easy to do when there is real wifi)
https://blog.docbert.org/spoofing-public-wifi-networks/ is worth a read... (In this case it was only done when there was no wifi, but it's equally easy to do when there is real wifi)
Dec 26, 2017, 5:04 pm
#14
Join Date: Aug 2002
Location: YYZ/MGA
Programs: AA 1MM Lifetime Gold, AA Platinum, WS Gold, Marriott Bonvoy Gold
Posts: 7,607
In today’s day and age, why on Earth would anyone use WiFi at a hotel or any public venue (coffee shops, etc.) to access bank accounts, credit card accounts, or any other sensitive information. I’m not excusing poor WiFi security, but at the same time, an ounce of prevention is worth a pound of cure. I personally NEVER access these accounts with public WiFi. I’ve known colleagues who have experienced banking and email hacking issues after using hotel WiFi (particularly at one non Hilton, independent hotel in Nashville). My suggestion is to treat all hotel/public WiFi as potentially compromised. To that end, I really only check the weather, news, hobby websites, etc. when using public WiFi. I don’t even log into my hotel or airline loyalty programs using public WiFi anymore!
Dec 26, 2017, 6:31 pm
#15
Join Date: Aug 2007
Location: Truth or Consequences, NM
Programs: HH Diamond, Marriott Titanium, Hertz President's Circle, UA Silver, Mobile Passport Unobtanium
Posts: 6,192