These days, information is money, and it’s often worth more than the devices used to access it. A thief who pickpockets your phone can turn a few hundred bucks selling it, but the true cost is the loss of your data — photos, work — and the headache of dealing with identity fraud if your passwords and personal details are uncovered and sold online. The value of data means that cybercriminals are constantly developing malware to scrape and copy information from the gadgets that hold our most personal details. Travelers who rely on public Wi-Fi networks or charging points are especially at risk.
“When you’re traveling, you want to be more aware than normal about the usual cybersecurity advice,” says Chester Wisniewski, principal research scientist at Sophos. Good cybersecurity hygiene includes using unique passwords for every account, ensuring device software and programs are updated (especially browsers and Flash player, Wisniewski says), and installing an antivirus program. Once you've taken care of those basics, it's time to deal with these seven tech dangers facing travelers.
1. Stolen devices that aren’t password-protected
Losing a smartphone or laptop is never great, but it can be even more problematic when your phone is your only means of navigating the back streets of New Orleans or your laptop contains tomorrow’s conference presentations. Multiply the hassle if your device wasn’t PIN-protected, which makes it all too easy for gadget-swipers to swipe your sensitive data and use it for identity fraud, accessing your email and social network accounts with nary a password to crack.
And if you’re traveling with your work laptop, the consequences of having someone steal a non-password-protected device can put your company’s network at risk for a data breach.
Use a strong password to withhold entry from would-be thieves. Enable device tracking on your Android, iOS or Mac, which allows you to see the location of your lost devices — maybe you just left it in that charming piazza café — and lets you lock or remotely wipe the device in case it's gone forever. Marking a locked iPhone, iPad or Mac as lost prevents it from being unlocked even after a factory reset. You'll still be able to track it, and it’ll be of no use to a thief. Android users whose phones came with Android 5.0 or newer get a similar feature that won’t reactivate a factory-reset phone unless the original (that is, your) Google login details are entered.
Android Settings / Android Device Manager
iOS Settings / iCloud / Find My Phone
Mac System Preferences / iCloud / Find My Mac
Windows Phone Settings > Updates & security > Find my phone
Windows 10 users can head to Update & security > Find My Device to track the device, but there’s currently no feature to wipe or lock it. If you didn’t upgrade to Windows 10, you’ll have to download a third-party service.
Absolute Lojack ($39.99 for two years, free 30-day trial) can locate, lock and wipe devices from afar. The service includes access to an investigations team the company says has recovered many a stolen device.
Prey offers a free version that remotely locks your laptop and tracks it if it’s online. A remote wipe feature comes with the $5-per-month plan.
2. Public Wi-Fi networks
If you’re anything like us, getting your laptop onto the nearest Wi-Fi network is your personal welcome-to-the-hotel ritual. Those Netflix series aren’t going to watch themselves.
If you’re traveling internationally, the cheapest (and sometimes only) means of googling where you’ll eat tonight is often any free Wi-Fi network you can find. But using a public Wi-Fi network puts your web traffic on display to the unscrupulous owners of password-protected hotel or café networks or opportunistic hackers after the low-hanging fruit of an unsecured public network.
If you’re only looking up the local Timeout, that’s not a problem. But if you’re typing in sensitive data like financial information or passwords, especially if you’re guilty of reusing passwords, your information could end up being stolen and used in identity fraud.
Don’t conduct sensitive business such as financial transactions or access corporate servers over a public network, advises Wisniewski. Many big sites like Facebook and Gmail now use the encrypted https connection, so the bulk of our daily web activity (including email, social networking and checking the news) doesn’t pose a huge risk.
However, it’s prudent to use a virtual private network (VPN), downloadable software that masks your computer’s IP address and reroutes traffic via a secured server. A VPN makes it harder for snoops to hijack or spy on your traffic. This is especially important if you’re accessing a company server; many companies provide VPN access to their networks.
We like ########## (free; from $5.83 if you want a faster connection) and TotalVPN (free; $4.99/month for faster connection and more data). If you’re traveling internationally, you could purchase a local internet USB stick that converts the local 3G signal to Wi-Fi you can connect a few devices to.
3. Cybertheft via USB
If you’re on the road, chances are you can’t charge your phone as often as you do at home or at the office. That makes any USB slot on the nearest laptop or charging station an attractive port of call.
Unfortunately, because the USB cables that come with your phone can transfer data as well as charge the battery, using that cable can allow cybercrooks to steal your data or load your device with malware if you plug your device into a maliciously modified charging station or malware-ridden computer. The risk is largely to Android phones that may automatically mount the hard drive upon USB connection to a computer; newer Androids ask if they should function as a hard drive, and iPhones request PIN entry for the computer to access the phone.
Security researchers have demonstrated it’s possible to harness the video-out feature on many phones to monitor every keystroke made on a phone, including passwords and sensitive data, by recording the characters that display briefly when keys are pressed. If your phone supports HDMI display (which includes almost any recent phone, including the iPhone 6), it’s potentially at risk. Wisniewski notes that although there isn’t any such epidemic, it is a possible route hackers could take.
“You shouldn’t plug into unknown devices," Wisniewski says. "Bring a wall charger.” If you must use unknown charging stations, consider purchasing a charge-only USB cable such as the PortaPow 20AWG ($7.49 on Amazon).
And if you can do neither of the above, select the “Charge only” option (Android phones) if you get a pop-up when you plug in, or deny access from the other computer (iPhone). Forget about syncing iTunes or viewing phone photos at that nice big computer in the internet café.
4. An encrypted laptop or phone in countries with anti-privacy laws
While encrypting your smartphone, tablet or laptop is a good idea for protecting your data from sticky-fingered snoops, you’re subject to a different set of rules when you travel to countries where encryption is illegal, such as China and Russia. Should a border official request to see your device in these countries, you could be asked to enter your password, which automatically decrypts data. If you refuse, you could be arrested.
Check U.S. Department of State travel alerts and warnings for current events you should be aware of. Some countries may allow border officials to seize devices and copy their entire systems.
If you believe you’re someone that foreign governments — or indeed, our own — would want to spy on (such as a journalist, dissident or other perceived political troublemaker), you might want to travel as information-light as possible. “Take an empty computer, or use a Chromebook where all programs are accessed from the cloud,” Wisniewski says.
That said, it’s often a case of weighing up risks. Encryption protects your data in case of loss or theft, so if you do have to travel with sensitive files, it’s probably best to travel encrypted. But be prepared to provide access on the off chance that a border official requests it.
5. Internet access in countries prone to malware
Over half the computers in China are infected with malware; Turkey clocks in with nearly the same proportion. Does that mean using the web in such countries is more dangerous? Yes and no.
“The risk is more related to sites you surf to, rather than the location you’re physically sitting,” Wisniewski says. So while sitting in a Chinese internet café doesn’t put you at greater risk for contracting spyware while you're checking out hometown sports scores, it might if you’re surfing local sites at higher risk for malware, thanks to targeting by local hackers like the two major Chinese ISPs that were revealed to be injecting malware and advertising into user traffic.
“Make sure your computer is protected by downloading the latest updates to all programs, including your OS, and running an up-to-date antivirus program,” Wisniewski says.
Be vigilant about what links you click. A pop-up message with seven flashing dollar signs is as suspect abroad as it is back home.
6. Public computers or in-room iPads
Hotel computers are often not difficult to load with malware; after all, the whole point is that anyone can use them, including hackers with keylogger programs on their USB sticks. Keyloggers can monitor your keystrokes and reveal your personal and financial information. You data can then be used in identity fraud or to wipe your bank account clean.
“Don’t do anything particularly sensitive from untrusted devices like computers in hotel lobbies,” Wisniewski said. Unsafe activities includes email, accessing company files and banking.
Using a VPN is a good way to protect your traffic from prying eyes and prevent the domino-effect devastation of login and identity theft. “Your traffic is now bypassing any ability to be tampered with until it gets to wherever its VPN is tethered to,” Wisniewski says.
In general, enable two-factor authentication on all your accounts.
7. Inability to contact loved ones in an emergency
Though we privileged net users can kick up a fuss when we can't get Wi-Fi service, situations can turn sobering when cell phone coverage is unavailable as well — no phone calls, no texts, but you’ve just injured yourself or lost something of great value. In a year that’s seen the worst natural disaster in the United States since Hurricane Sandy, emergency communications in case of natural disasters can’t be ignored either, whether you’re at home or abroad and incommunicado without roaming service.
Download the offline messaging app Jott, which harnesses the Bluetooth connectivity of nearby devices to work without Wi-Fi or data. You’ll be able to contact friends and family without cellular coverage, which also comes in handy in areas of poor reception (assuming you’re not all alone on a mountaintop). It’s free for iOS and Android devices.
If you’re traveling within the United States (or have roaming service), check out a personal security app like React, which can store emergency contacts, track trips over GPS and send an "I’m safe” message with a simple tap (or, less happily, alerts directly to the police). It’s free for iOS and Android devices.
[Image credits: tech in suitcase via Bigstock, PortaPow]