Need a reason not to use free hotel wi-fi without a VPN? How about spear-phishing and targeted attacks against you by people who your real name, your room number, and expected arrival and departure times? According to the article, some of the tactics used include Adobe Flash zero-day exploits, fake software updates containing malware, and embedded iFrames redirecting to phony installers.
When you connect to any wi-fi network, you must assume it is hostile and act accordingly. Even if you’re not a senior company executive, here’s an example of the types of attacks that could be used by a rogue Wi-Fi network against various password managers; if you use one, yours could be among them. It’s interesting to note that iFrames are also involved in one of the “sweep attacks” described by the paper.
Comcast has begun injecting ads into webpages accessed by users using one of its 3.5 million public Wi-Fi hotspots. With this action, Comcast joins the list of businesses (e.g. airports) that provide Wi-Fi service with ads.
Another potential solution is to use a VPN, which encrypts all the traffic between you and the VPN provider instead of between you and the website.