According to FireEye, the EternalBlue exploit could let hackers access anyone’s computer connected to the hotel WiFi and silently gather usernames and passwords without victims even having to type them in. “It’s definitely a new technique” for this Russion hacker group, FireEye‘s Ben Read told Wired. “It’s a much more passive way to collect on people. You can just sit there and intercept stuff from the WiFi traffic.”
The security group warns travelers to be aware of the threat when visiting hotels in other countries (though unsecured WiFi isn’t restricted to foreign hotels), and to take steps to secure their systems. “Publicly accessible WiFi networks present a significant threat and should be avoided whenever possible,” wrote Ben Read and Lindsay Smith in a blog post.