I audited my Windows laptop on hotel Wi-Fi and was shocked by what it exposed

I audited my Windows laptop on hotel Wi-Fi and was shocked by what it exposed


Recently, I had to take an interstate flight and only had carry-on luggage. This meant I couldn’t take my big, heavy gaming laptop and had to borrow a friend’s Windows laptop to continue working while I was away.

Of course, this meant exposing the laptop to the hotel Wi-Fi, and while my usual laptop is already locked down for open networks, this laptop had clearly spent its life on a trusted private network.

So I checked what it was sharing, what it was listening to, and what was running in the background. What I found made me realize just how exposed a Windows laptop can be on Wi-Fi that almost anyone can access.

I checked five places where Windows might be too trusting

The borrowed laptop was set up for a home network, not public Wi-Fi

I wasn’t worried that the laptop was infected with malware, as I had already checked it before making an account on it. What bothered me was that it was just a normal family laptop that had never traveled beyond the home network.

Open Wi-Fi, such as that found at hotels and airports, isn’t inherently insecure, but certain Windows settings can make it dangerous. So, before treating the laptop as safe to use, I checked five places.

First up, I opened Settings -> Network & internet -> hotel Wi-Fi SSID> and checked out the network profile. That told me whether Windows had to set the network to Public or Private.

Then I went to Settings -> Network & internet -> Advanced network settings -> to check if Network discovery and File and printer sharing were enabled. Turning off that one setting would prevent the laptop’s shared folders and printers from being visible to others connected to the Wi-Fi network.

Next, I opened up File Explorer and typed //localhost into the address bar, which is a fast way of checking if the laptop actually had any folders shared with SMB. Then I used PowerShell to quickly check for any listening connections.

Finally, I installed and opened up the Sysinternals tool TCPView to see what was already trying to make TCP/IP connections in the background.

Checking just these five things greatly improved the laptop’s security, reduced its trust, and prevented it from behaving as if it were still connected to the home network.

The network profile decides how much Windows trusts the Wi-Fi

Private mode made sense for someone else, but not for me on a public network

Windows firewall and network protection settings public network on showing hotel wifi

The first thing that stood out was that the Wi-Fi network was set to private mode on Windows networks. That’s because the laptop has been used on the network before, and unfortunately, my friend decided to trust it with some file sharing.

By default, Windows sets all new wireless networks to Public, even if you have to enter a password or use a captive portal to access them. Setting the network as Private does mean you get access to more features, but that comes at the cost of essentially allowing your laptop to completely trust the network.

Private is for networks you trust, like your home or work network. Public is always the safer option for hotels, cafés, airports, or even Airbnbs that typically have private routers.

Luckily, the fix is simple. I went to Settings -> Network & internet -> Wi-Fi -> Wi-Fi SSID>, found the network profile type, and changed it from Private network to public network. That alone doesn’t make the laptop magically secure, but it does tell Windows not to just automatically trust it.

File sharing was the setting I most wanted off

Exposing your shared folders on a public network is never a good idea

Windows Explorer Properties with Advanced Sharing showing feature turned off

My friend had previously used the laptop to store photos and work files, so I thought it was best to make sure they hadn’t left file and printer sharing turned on. Sure enough, one folder had been shared, and the sharing permissions were set so that “everyone” had full control.

This is a folder outside the user’s directory on Windows, so it absolutely needed to be turned off to prevent people on public Wi-Fi from accessing the file shares.

I opened Settings -> Network & internet -> Advanced network settings -> Advanced sharing settings and turned both Network discovery and File and printer sharing off for Public networks.

After that, I opened File Explorer to check which folders had already been shared by typing into the address bar:

\\localhost

Thankfully, the only folder shared was C:\Shared. So I right-clicked -> Properties -> Sharing -> Advanced Sharing, and unticked Share this folder.

PowerShell showed what the laptop was listening for

Open local services showed me exactly what was listening to the outside world

Windows PowerShell Get-NetTCPConnection listing ports and IP addresses

Since this laptop wasn’t mine, I wanted to know exactly what services were running and what ports they were listening on.

In an elevated PowerShell prompt, I ran this useful network command:

Get-NetTCPConnection -State Listen | Select-Object LocalAddress, LocalPort, OwningProcess, @{Name="ProcessName";Expression={(Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue).ProcessName}} | Sort-Object LocalPort 

The important word here is “Listen.” This command showed me what services are actually waiting for connections. LocalPort shows the port number, and ProcessName helps identify the app or service behind it.

Thankfully, the results were pretty boring, but they were still revealing. I saw Windows system processes listening on ports associated with local networking, including file-sharing ports such as 139 and 445. I also saw the print spooler, Delivery Optimization, VMware services (which I installed), Discord, and Adobe background services, most of which were limited to the local 127.0.0.1/localhost IP.

TCPView showed the laptop was not as idle as it looked

Just because the taskbar is quiet doesn’t mean the network is too

Windows Sysinternals TCPView application showing LocalSend active UDP connections

PowerShell showed what the laptop was listening for, but TCPView from Sysinternals made it easy to see active connections. I opened TCPView, sorted by Process, and let the laptop sit idle for a while. The results weren’t super dramatic, but a few entries still showed up and made the little audit worth the effort:

Immediately, I spotted localsend_app.exe because it was listening on 0.0.0.0. LocalSend is a tiny file transfer app and is harmless when configured correctly. Unfortunately, this one wasn’t. It was set to auto-start after login and was automatically sharing the contents of the C:\Shared drive from earlier with no PIN set, and Quick Save was turned on. Anyone on the public network scanning port 53317 could therefore send files to the laptop.

Another application set to auto-run was AnyDesk, which connected to its public relay over port 443. Remote access tools aren’t something I want running unnoticed on a laptop connected to public Wi-Fi.

The System process was also listening on ports 445 and 139. These belong to the Windows file sharing services and are expected, but it was a good reminder to double-check that all file shares were disabled and network discovery was turned off.

After reviewing these connections, I ultimately decided to disable their auto-start by opening Settings -> Apps -> Startup and toggling them off, so I didn’t need to worry about them or uninstall them when I returned the laptop.

The Wi-Fi was not the only thing I had to distrust

A shared network makes your own settings more important

Hotel captive wifi portal with successful authentication and MUO home page

This quick five-step audit proved that the borrowed laptop was configured to a trust level the hotel Wi-Fi network certainly hadn’t earned. None of the findings constituted anything dramatic, just a private network profile, sharing settings, some chatty background apps, and remote access tools.

By themselves, they’re not indicative of a huge risk, but together they showed how easily a laptop that normally lives at home can become an easy target for common hacker exploits.

The fixes are all basic. Switching the network profile to Public, turning off file sharing, reviewing active and listening services, and then disabling their auto-start functionality. It’s something I definitely recommend anyone do before exposing their laptops to hotel Wi-Fi.

In the end, I borrowed the laptop to travel lighter. I just had to stop it from bringing all its home-network trust with me to the hotel.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *