Getting Hacked on Vacation is Easy as 123456
Summer travel relaxation doesn’t mean taking it easy about maintaining security and privacy, according to researchers at Independent Security Evaluators, a security consulting and research firm.
“Consumers should always be aware of security threats, especially while traveling,” says Ted Harrington, executive partner at Independent Security Evaluators. “This applies whether travel takes you across the United States or abroad. Always take precautions when using pubic WiFi even at hotels or vacation rental properties.”
Harrington, whose firm has conducted countless security assessments on software as well as a wide range of internet routers, servers, and many IoT devices, cites examples of cyber risks while traveling.
A simple hotel WIFI password like “123456,” is a red flag and simple for hackers to crack, so don’t logon. Also, not all hotel WiFi routers are updated, leaving them vulnerable and possibly compromised by someone seeking to steal your data or identity.
In rental properties and Airbnb’s, owners often install low-cost security cameras. These have many exploitable security flaws and give attackers a way to violate privacy and safety. Hundreds of exploits in more than 50 types of IoT devices have been found by participants during the IoT Village cyberthreat competitions that ISE organizes at top security conferences.
Among the recommendations for safer, more secure connectivity while traveling, Independent Security Evaluators offers these cyber travel guidelines:
1. Plan Ahead Based on Your Destination
Making Connections - Check internet and telephony connectivity options and purchase a Data/Phone Plan for International Travel. Consider purchasing your own access to WIFI, so you don’t rely on public networks
Assess Risk - Look up travel risk and advisory for your destination and layovers and be extra cautious traveling in destinations that are known to be hotspots for malicious digital activity
Pack Light - Don’t bring unnecessary devices for business or personal travel and only bring data you want to be responsible for handling
Backup - Backup devices prior to travel, and store it in a safe place
Encrypt - Encrypt storage on device that you will be bringing with you on the trip
Two-factor Authentication - Some site you use may have multi-factor enabled which may not work as well in certain areas. Determine beforehand how to access communication for devices.
Password Security - Change and strengthen passwords or use password manager. This adds another level of protection against passwords and data being stolen if a phone or device is hacked. Earlier this year, ISE issued a significant report on the most popular password managers which can be read here.
3. Once You’re There
Avoid Public Wireless Networks - Avoid using public wireless networks, especially open networks without any authentication. They may be monitored by malicious attackers, especially in airports or hotels.
USBeware - Don’t plug any external printers, USB devices, or cameras into to your device. Also avoid charging a device on a public USB connection. Electric sockets are okay to use.
Secure Connection - Use a Virtual Private Network (VPN) when traveling to access sensitive data. A VPN allows you to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public WiFi, and more.
Be Sensitive – Don’t visit websites or services which require sensitive personal (e.g., birthday, Social Security) or financial information (e.g., banking, trading) since that’s the info that hackers most want to steal.
Avoid Using Unknown Electronic Devices - It is possible that those machines have
malicious software or malware to capture, track, and exploit your personal or business information such as passwords and credit card numbers.
4. Home Sweet Home
Home Run - Run a general check on your device to thwart any attackers that might gained access to a phone or computer
Scan for Malware - Update anti-malware solution and run manual scans on devices to detect and eliminate any unwanted software downloaded while traveling.
Update passwords - Change passwords once you return home to sites with personal data including financial, social media, work, emails, communication platforms, and collaboration platforms
In addition to these tips to avoid malicious intrusion, travelers also need to be aware of the ability of customs and border patrol personnel in many countries to intrude on data privacy, if they deem necessary. In the U.S., even if you are a citizen, it is legal for an officer to ask you to unlock your phone, hand it over and request passwords. They can detain you indefinitely if you don’t. So, in advance of travel, delete any questionable posts on social media and limit the data you bring if you have a sensitive job. Moreover, if there is compromising information, data, pictures, or something you might not want to become known, either rent a 2nd phone and computer or erase the phone to factory settings and install only select apps.
“An extra measure of caution, while traveling, will keep you, your family and your data safer and more secure and private,” Harrington says.