Preparing for a business trip – international or domestic – used to be a fairly routine ritual. Not anymore. Carrying those electronic essentials poses new threats to personal and enterprise security that savvy travelers must be aware of.
Earlier this year, an article first published on Medium and later distributed on Quartz, outlined the startling truths about the U.S. border and your rights when crossing it. The next time you make your way through customs, be aware that the U.S. border is a “legal no-man’s land” as it is technically not “in the U.S.” As such, your 4th amendment rights (unreasonable search and seizure) and 5th amendment rights (self-incrimination) do not apply. U.S. customs agents can ask you to unlock your phone or laptop and hand it over. Even if you’re an American citizen. And, they can detain you if you don’t comply.
You can bet that other countries can do this and more. Depending on where you are travelling your devices may be vulnerable not only to searches but also confiscation and duplication.
There are many “legitimate” companies that create software solely for the purpose of vacuuming up data from phones or laptops in a matter of minutes. One such product is Moscow-based Elcomsoft’s Phone Breaker. According to Quincy Larson at Quartz, “Their customers include police forces of various countries, militaries and private security forces.” So, next time you’re asked to unlock your device and turn it over to authorities, assume this is happening in the back room.
As ominous as this may sound, there are other, more omnipresent traveling dangers that you should be aware of – several that require no direct contact with your devices: free publically accessible WiFi, cell interceptors and public charging stations.
Public WiFi connections are everywhere: high-end hotels, restaurants airports, etc. Even outdoor event venues offer free WiFi. Wireless companies have been actively offloading traffic from their own networks to WiFi in an effort to load balance and optimize data usage. That’s why your smartphone and other electronic devices will automatically connect to WiFi networks when present. Obviously, the good news is, it’s free. The bad news is they can also be completely “fake” yet look remarkably legitimate – not only vacuuming data off your digital device, but also installing the malware required to make that operation possible remotely.
Now, the idea that public WiFi networks are not secure is not exactly news. It is, however, news that can’t be repeated often enough. While the ease of connecting to make quick work of email before jumping on a flight makes it attractive, keep in mind that almost everything and everyone connected to a WiFi network can be hacked. A 2016 study conducted by HighSpeedInternet.com found that fully half of everyone surveyed connects to public WiFi weekly. And almost ¼ connect to public WiFi daily.
Then there are cell interceptors, also known as IMSI-catchers or Stingrays. These, essentially rogue or unregistered cell towers are used to both steal data from your phone and install malware that can be used for a multitude of infractions – including taking over the microphones, cameras and location tracking radio frequency sensors on your smartphone to eavesdrop, spy on and track your every move. These are often placed in high-threat areas, like high-traffic choke points or regions of the world known for cyber activity. This list includes, but is not limited to countries like China and Russia, high-traffic U.S. airports, metropolitan financial districts or places like Times Square. These places are all high-risk areas for breaches via cell interceptors.
And then there are public charging stations. Again, not a new phenomenon. Perhaps Jennifer Schlesinger and Andrea Day’s 2016 report on CNBC, “Travelers beware! That free charging station could hack your phone” provides one of the best explanations of the fundamental problem. Briefly: Charging ports on smartphones serve two purposes, 1) to charge your phone and 2) to transfer data to and from your device. If a free public charging station has been compromised or is “fake” altogether, “plugging in” could mean giving up every kernel of information on and around your device.
The best way to safeguard your devices from these types of exploits: don’t bring them with you on the trip. Get a loaner device from your company or buy a disposable phone prior to travel.
A few safeguards for anyone: To be protected, carry your own mobile hotspot or access the internet through a VPN. Keep firmware and software upgrades up-to-date. Hackers can detect devices with outdated operating systems, giving them a “free pass” in. That same study referenced above shows that only 18% of those surveyed updated their software as soon as it was available.
Many sources offer security tips for international travel. Here is a high-level summary of precautions you should take:
Before you leave
Get loaner or disposable devices.
Even if you don’t take your devices with you (to safeguard your data should someone get into your accounts while you access your stored information from the road):
- Back up your data and your devices before you leave.
- Upgrade firmware and software before you leave.
- Reset your passwords.
On your trip
Do not leave your device unattended. Keep your devices with you at all times.
Do not connect to untrusted accessories.
Do not enter credentials into public computers or workstations.
Be aware of your surroundings when logging in or inputting data into your devices.
Connect only to known WiFi networks (if you are not traveling with your own hotspot).
Upon your return
Reset all credentials used during your trip. Consider them compromised.
For a more comprehensive list of actions, please refer to:
-Tripwire, June 1, 2016
-Computer World, July 25, 2017
The Privoro Privacy Guard offers many features that benefit travelers, including the Faraday cover which provides complete RF protection from cell towers, WiFi, Bluetooth, GPS and other forms of RF communication while eliminating the chance of remote RF hacking. The Privacy Guard also has a patented DC-pass through filter that allows charging of the case and your smartphone together while eliminating any chance of data transmissions. Learn more about our mobile security solutions and our latest platform, SafeCase for iPhone, today.