Corporate Traveler Risk

Hotel WiFi Reality

Hotel WiFi networks are among the most dangerous public networks because:

• Guests connect repeatedly to the same hotel networks, making them high-value targets
• Many hotels have deeply inadequate network security
• Hotel networks are often shared between guests, conference attendees, and corporate tenants
• Attackers can book a room, get legitimate network access, and use it as a base for lateral movement
• The same credentials used for hotel WiFi may be reused for corporate VPN access

Airport WiFi Reality

Airport WiFi networks (especially free, unauthenticated ones) are prime hunting grounds for WiFi attackers. The density of high-value targets (executives, traders, diplomats), the time pressure travelers face, and the frequency of repeat connections to the same networks make airports ideal attack locations.

• Major hub airports (Dubai, London Heathrow, JFK, Singapore Changi) are routinely monitored by both security researchers and attackers
• Airport WiFi networks are often shared with airport lounges, ground transportation, and duty-free areas — multiple SSIDs, multiple opportunities
• Travelers often access these networks urgently — checking gate changes, boarding passes, last-minute work — lowering their guard

VPN Requirements for Travelers

Any corporate traveler who accesses company email, Slack, Salesforce, or any cloud application from public WiFi should be required to use the corporate VPN. This is non-negotiable.

• The VPN must be configured to full tunnel mode — not split tunnel — so all traffic, including web browsing, goes through the VPN
• The VPN should have a kill switch enabled, so that if the VPN connection drops, all internet access is blocked rather than falling back to the dangerous public network
• Travelers should test their VPN configuration before traveling, not at the airport when they need it
• IT should provide clear written guidance on VPN requirements and acceptable use policies before travel

BYOD Concerns

Personal devices (BYOD) used for corporate work create compounded risk:

• Personal devices may not have the same endpoint protection as corporate-managed devices
• Personal devices may have corporate credentials saved in browsers or apps without MDM oversight
• If the personal device is compromised on public WiFi, corporate credentials stored on it are at risk
• Corporate MDM solutions may not cover personal devices (or may be prohibited by local privacy laws in some countries)

Real Scenario: John the CFO (Dubai)

John Mercer, CFO of Acme Corp, was compromised at a Costa Coffee in Dubai's DIFC financial district while working remotely from his company's London office. See the full story on the Evil Twin attack page.

Key takeaways from that scenario:

• John was on corporate WiFi remotely — using what he believed was the coffee shop's legitimate network
• His device had previously connected to "ECGFloor_WiFi" — Acme Corp's Dubai office network
• An attacker used KARMA/Runkarma to identify this saved network
• The Evil Twin connected John's device automatically — no credentials required from John
• John accessed a vendor portal over HTTP — credentials were captured
• $187,000 was fraudulently redirected before the fraud was detected 21 days later