Trusted by Operators · May 2026

Your principal walks into the lobby. Three things just happened.

DarkHotel APT campaigns target C-suite executives at premium hotel chains in 30+ countries. Captive-portal MITM, evil-twin SSIDs, BLE proximity exploits — routine on business-class hotel networks. Your principal's MacBook is the target far more often than the principal themselves. The seven-step protocol corporate-security teams actually use.

Published April 30, 2026 Updated May 2, 2026 Reading time 6 min
REVIS-1 Executive Guard — Faraday-shielded carrier for executive business travel
The Short Answer

Hotel WiFi is structurally hostile by default. DarkHotel APT, evil-twin SSIDs, captive-portal MITM, BLE proximity exploits — routine, not edge cases. The defense is removing devices from the attack surface entirely when not in active use. Faraday-isolation when stowed plus VPN-encrypted traffic when active is the working protocol used by corporate-security teams at finance firms, M&A counsel desks, and journalism organizations. Equipment investment: one Faraday briefcase plus a paid VPN. Total under $200/year.

Operational Details

Numbers from the incident reports.

2014
DarkHotel First Documented
30+
Countries Active
7 Steps
Travel-Hygiene Protocol
76–85 dB
REVIS-1 Attenuation
Trusted by Operators

Finance-firm corporate-security teams. M&A counsel desks. Journalism organizations. EP details with traveling principals.

The same seven-step protocol used by professional corporate-security teams to harden traveling principals against the routine threats on hotel networks. Faraday-stored when stowed, VPN-encrypted when active, devices off (not Sleep) overnight. Made in the United States.

Deployment Scenarios

The seven-step protocol corporate-security teams actually use.

Your principal walks into the Marriott. MacBook in the side pocket of the bag. By the time he reaches the elevator, three things have happened to that laptop he will never see. The captive portal logged the device's MAC address. An evil-twin SSID two floors up registered the auto-connect attempt. A BLE-proximity scanner in the lobby recorded the AirDrop discovery beacon and the partial Apple ID hash. None of it triggered an alert. None of it required the laptop to leave the bag. None of it would have happened if the bag was Faraday.
01

Faraday-store devices when not in active use

The single highest-leverage step. Drop laptop, tablet, phone, and key fob into the Faraday bag before leaving the room or going to sleep. Hotel network cannot reach; AirDrop discovery cannot leak; BLE proximity attacks cannot complete.

02

Always-on VPN with auto-connect on join

Reputable VPN (1.1.1.1, Mullvad, Proton, NordVPN) configured to auto-connect on ANY new WiFi. Defeats local-network MITM. Set kill-switch to block traffic if the VPN drops.

03

Forget previously-joined hotel networks

"Marriott_Guest", "Hilton_Guest", conference WiFi — Forget them all in System Settings → WiFi → Known Networks after each trip. Defeats the evil-twin auto-connect.

04

Disable AirDrop & AirPlay receiver

System Settings → AirDrop → Receiving Off (or Contacts Only). System Settings → AirPlay & Handoff → AirPlay Receiver Off. Both leak Apple ID hash by default. Re-enable only when actively using.

05

Don't trust hotel USB-C ports or wall chargers

Carry your own USB-C cable and wall adapter. The "left behind" implant attack class is more sophisticated and harder to detect than juice-jacking.

06

Powered-off (not Sleep) for overnight storage

Sleep keeps wireless radios partially active for wake-on-LAN. Powered-off disables them. Combined with Faraday storage, the gold standard for overnight on hostile networks.

07

Treat hotel-room conversations as overheard

For sensitive calls, leave the room. Take the call from a quiet corner of the lobby or a meeting room — both are usually less surveilled than guest rooms.

Acquire

Carry quietly. Move freely.

REVIS-1 Executive Guard. Three independent Faraday-shielded chambers — laptop, tablet+phone, wallet+keys+RFID. Handles steps 1, 2, and 3 of the protocol in one bag. 76–85 dB across 30 MHz – 10 GHz. Boardroom-appropriate optics for the conference floor and the lobby. The bag the principal already wishes they were carrying.

🇺🇸 Made in USA Free U.S. Shipping 30-Day Return $129
Acquire — $129
REVIS-1 Executive Guard — premium leather chassis with three independent Faraday chambers
FAQ

Common questions on hotel-WiFi defense.

How dangerous is hotel WiFi for business travelers?
Significantly. The DarkHotel APT campaign documented since 2014 specifically targets C-suite executives at premium hotel chains in 30+ countries via captive-portal MITM and crafted hotel-network exploits. Beyond DarkHotel: routine evil-twin SSIDs in business-conference hotels, BLE proximity exploits against laptops in rooms, and AirDrop discovery leaks at the lobby level. Hotel WiFi is structurally hostile by default — treat every hotel network as adversarial regardless of chain reputation.
Does a VPN protect me on hotel WiFi?
Partially. A reputable always-on VPN encrypts traffic from your device to the VPN server, defeating standard MITM at the local network layer. But VPN does NOT stop captive-portal MITM (intercepts BEFORE the VPN connects), evil-twin SSIDs (tricks the device into the wrong network), or BLE proximity exploits (targets the radio at the device itself). VPN is necessary; it is not sufficient. Faraday-storage when not in active use plus VPN when in active use is the working pattern.
What's the safest way to use my MacBook in a hotel room?
Three rules. (1) When not in active use, store the MacBook in a Faraday bag — the hotel network cannot reach it, AirDrop cannot leak, BLE proximity attacks cannot complete. (2) When in active use, connect through an always-on VPN before doing anything else. (3) Disable AirDrop and AirPlay receiver mode in System Settings — they leak your Apple ID hash by default. The Faraday-when-stowed pattern eliminates the largest attack surface.
What is an evil-twin SSID attack?
A WiFi access point broadcasting the same network name (SSID) as a legitimate network — typically a chain hotel ("Marriott_Guest", "Hilton_Guest"). Your device, having auto-connected to the legitimate version on a previous stay, automatically connects to the evil twin without prompting. All traffic flows through the attacker. Defenses: "Forget" previously-seen networks after each trip, or Faraday-store the device when not in active use so the auto-connect cannot happen.
Are hotel safes secure for storing my laptop?
Hotel safes prevent physical theft adequately. They do not block wireless signals. Your laptop sitting in a hotel safe is fully reachable on WiFi, Bluetooth, and (if cellular-equipped) cellular. AirDrop, AirPlay, and BLE proximity attacks all work as if the laptop were sitting on the desk. For physical-theft protection: hotel safe is fine. For wireless-attack-surface protection: Faraday bag.
Which Faraday product is built for business travel?
For multi-device executive travel, the REVIS-1 Executive Guard. Three independent shielded chambers — laptop, tablet+phone, wallet+keys+RFID — let you isolate every device the moment you step into the hotel room. 76–85 dB across 30 MHz – 10 GHz, structured executive-briefcase form. Made in the United States. $129 with free U.S. shipping.
Block Every Signal

Carry everything.

The bag the principal carries through the lobby. Hand-assembled in the United States. Reaches your door in 3–5 business days.

Acquire — $129
🇺🇸 Made in USA · Free U.S. Shipping · 30-Day Return

General information about hotel-WiFi threat surface as of May 2026. For high-risk operational contexts (state-actor targeting, sensitive M&A travel, journalism on national-security topics), consult dedicated digital-security trainers for full operational planning.