Holiday travel season is right around the corner. While you may be relaxing and enjoying time away from work, hackers, cybercriminals, and other creeps rarely go on vacation. They see the hordes of holiday travelers and shoppers as a distracted and easy target for their malicious plans. So as you’re packing your bags for grandma’s house, arm yourself with these travel security tips for a safer holiday season.
AirDrop
All iOS users should turn off AirDrop or limit the feature to contacts only. Do this for every Apple device you’re taking out of the house, especially the kids’ iPhones and iPads. While AirDrop makes sharing files super easy for school and work collaboration, it is very commonly used for both personal information theft and general harassment. Think of the number of Apple devices crammed together in your typical subway car, airplane, busy truck stop, etc. These are all target-rich environments for hackers looking to exploit AirDrop’s vulnerabilities.
Security researchers have been warning for some time that AirDrop allows hackers to determine users’ phone numbers based on the partial hashes that the feature sends out. The same technique is potentially capable of exposing other personal info.
Creeps can use AirDrop to “cyberflash” anyone with the feature in their general vicinity. If your AirDrop functionality is open to any user, a flasher can send any media they like to your device and you (or your child) will see a preview of the content even before you accept the message. The U.S. and other countries are moving toward making cyberflashing illegal.
Wi-Fi
There’s really no two-ways about it: free Wi-Fi is dangerous. The same features that make free Wi-Fi desirable to you also make it desirable to hackers. Both of you can connect without authentication and gain access to unsecured devices on the same network.
The hacker takes things a step further by positioning himself between your device and the connection point. Instead of talking to the hotspot, your device is talking to the hacker, who gathers up anything interesting he finds before relaying the data on. The hacker has access to every piece of information you’re sending. If you make a purchase, they can intercept your credit card info. If you’re connecting to your employer’s network, they can scoop up your security credentials. Unsecured Wi-Fi is also a great way to distribute malware.
If you really need to use free Wi-Fi, there are ways to make yourself a harder target. The simplest protection is to use a virtual private network (VPN) any time you connect to public Wi-Fi. Hopefully, if you’re on a work device, your employer has already provided this service. Now it’s just on you to remember to turn it on. For personal devices, you’ll need to shop around for the best service for your needs. A VPN won’t prevent a hacker from getting in between you and the Wi-Fi hotspot. But your data will be so well-encrypted that the attacker will likely move on to someone less savvy.
If you’re just using your device to work on local documents, turn the Wi-Fi off. Even when you’re not actively connected to a network, your computer is transmitting data to any network within range. There is a small but non-zero chance that a hacker could leverage this minor communication to gain access.
Bluetooth
Bluetooth allows you to connect your mobile device to headphones, printers, rental cars, and more. The good news is that Bluetooth usually requires “pairing” before connecting to an unknown device–adding a layer of security. Similar to Wi-Fi, a Bluetooth connection can put your personal data at risk, so take some precautions.
Turn off Bluetooth when not in use. If you pair your phone with a rental car, unpair it before returning the car and clear any personal data. Keep your device’s Bluetooth in “hidden” mode rather than discoverable. This prevents unknown devices from finding (and potentially exploiting) your connection. Enabled, discoverable Bluetooth may allow hackers to see devices you’ve connected to in the past and spoof them to gain access.
Charging Stations
Airports are slowly getting better about adding outlets and USB sockets for travelers to charge their devices while waiting for flights. There is some risk involved with public USB sockets, but it is easy to avoid if you understand the problem.
Attackers can modify USB sockets to pass malware onto unsuspecting users’ devices. This threat is commonly known as juice jacking, a hardware-focused Man in the Middle attack. Before you plug in your phone or tablet, connect a USB data blocker or use a power-only USB cable. These inexpensive tools only allow the transfer of power (not data).
Alternatively, you can always bring your own power bank. You’ll enjoy no threat of attack and not being huddled around whatever outlets remain in the crowded terminal.
Payments
Travel requires many “dips” of a credit or debit card. In the course of a trip back home for Thanksgiving, you’ll eat in restaurants, pay luggage fees, grab a soda from a vending machine, pay for airline Wi-Fi, buy subway fare, fill up with gas, and much more. Consider leaving the debit card at home and opt for your preferred credit card.
Every dip of your card represents a small exposure to fraud. If a thief has installed a card skimmer on a vending machine or is running your restaurant tab to the back of the house for an extra long time, the entire balance of your checking account may be at risk. Using a credit card makes it easier to avoid losses from fraud. Networks like Visa and Mastercard provide coverage for unauthorized purchases.
Conclusion
Cybercriminals do not rest during the holidays. For some, travel season is prime time for theft and other hijinks. If you keep your wits about you and take a few basic precautions, you can avoid falling victim to cyber crime.
As you prepare to stay cyber secure while you travel, remind the children and older adults in your life how to do the same. If grandma is coming to you, tell her about the dangers of AirDrop. And remind the kids to charge and carry their own power banks. The more people implementing good travel security practices, the safer we all are!
If you need a security posture assessment or ongoing managed security services in 2023, reach out to Asylas for help at 615-622-4591 or info@asylas.com. Or complete our contact form.
