Cybersecurity and Travel
Photo: © SARAYUT THANEERAT - DREAMSTIME.COM
AFTER ARRIVING AT THE AIRPORT and making it through security, a quick check of the time reveals boarding for the flight doesn’t begin for another hour. The airport has a free WiFi network, presenting an ideal opportunity to snap a selfie and post an update to Facebook.
Not so fast. Without ensuring the network connection is legitimate, travelers may set themselves up for identity theft or malware. Identity thieves and other bad actors frequently set up phony hotspots throughout airports with legitimatesounding names, warns Daniel Plante, Ph.D., a professor of computer science at Stetson University in DeLand, Florida, and a cybersecurity expert.
“The airport may have put a lot of money into making sure the public WiFi is free, but you don’t know which one is real,” Plante says. “The safest thing to do in an airport is to go to the information booth and [ask] ‘What is the name of your WiFi network?’ There may be other ones [networks] but they’re not the official sites. You can try the other ones, but it’s at your own risk.”
Bluetooth devices represent another risk travelers may not be aware of and should be avoided whenever possible, especially in airports, according to Plante.
“When you’re traveling, if you don’t need it, turn off Bluetooth on your phone; turn off Bluetooth on your computer. [Using] a Bluetooth keyboard in a public area, it’s the most trivial thing just to intercept the Bluetooth traffic. It’s not encrypted, and [it’s possible to] just collect everything that the person is typing on their computer,” Plante says. “If you are doing that in a public airport or in any sort of a public space, then at least make sure that you’re not doing anything that would be really sensitive. You know, don’t log into accounts, don’t log into your bank.”
Personal mobile data plans represent a safer albeit more costly alternative to public airport WiFi surfing for both laptops and mobile devices. Many mobile plans allow devices to serve as personal hotspots, with computers tethered to the mobile device via a USB cable. It’s also possible to connect laptops to personal mobile hotspots via password-protected WiFi connections, but that’s less secure than a hardwired connection.
A dongle — a small USB device that plugs directly into a computer — represents another option for high-speed internet connections while traveling that is safer than airport WiFi networks. Dongles are available via pay-asyou- go plans or for specified contract periods.
If travelers must connect to a public WiFi network in an airport or in any public place, such connections should be made through a virtual private network. A VPN funnels internet traffic through an encrypted channel, allowing users to surf anonymously.
Ensure website URLs begin with “https” rather than “http”; this ensures web traffic is conducted through encrypted connections. Ad blockers and other browser extensions also enhance cybersecurity while traveling. The Electronic Frontier Foundation offers two browser extensions specifically devoted to enhancing cybersecurity on both personal computers and mobile devices: HTTPS Everywhere and Privacy Badger. HTTPS Everywhere rewrites http:// URLs to redirect to https:// URLs, while Privacy Badger blocks invisible trackers. Both browser extensions are free and work with Chrome, Firefox and Opera browsers, as well as with Firefox for Android mobile browsers.
Even with cybersecurity safeguards in place, it’s wise to avoid accessing personal email or financial accounts over an airport WiFi network. General surfing on news or entertainment sites is usually all right, although clicking on banner ads is not advisable. Even if the ads are not malware, they often deposit tracking cookies and other undesirables on unsuspecting users’ computers.
Safest of all: Avoid internet connections in airports altogether, according to Plante. “When I’m in airports I try not to go to sensitive sites. Most of the time I work offline. Unless I need something desperately on the internet, I just keep my WiFi off.”
Especially during extended trips, travelers must access their email, banking and other personal accounts. Fortunately, such transactions can usually be conducted relatively safely over a hotel WiFi connection. Such networks are often password-protected, with less access to the public than an airport WiFi network, according to Plante.
“I feel like I can do financial transactions and things like that in my room. You can’t just say I’m not going to do anything for a month. I’m willing to take that risk. We do have to do things; you have to use email,” Plante says. “Especially when you’re traveling for extended periods, you can’t just stay off of everything, not do anything. So I calculate the risk and I only do things when I have [access to] networks that are safer.”
Even so, travelers should employ cybersecurity measures such as VPN, browser extensions and avoiding Bluetooth connections when using hotel WiFi networks. When using mobile devices, dedicated apps, including apps for social media platforms, are often a safer choice than mobile optimized websites.
Plante believes mobile websites “are going to be less secure in general than the apps. That’s like a rich area for people to find very subtle flaws in the way that communications are taking place. You know, there are headers, there are cookies — sometimes people can find ways around it. I feel pretty confident with most of the apps that I get with the iPhone. Apple Store really vets things carefully. My feeling is that you’re probably safer with a dedicated app from a respected supplier. If it’s an app from Google, if it’s an app from somebody respected, I would feel pretty safe about that.”
In actuality, taking measures to ensure cybersecurity while traveling should begin well before travel begins. Travelers should determine whether they really want to bring computers, tablets, gaming devices or other pieces of tech hardware along.
If so, ensure the devices are password-protected, with an option for remote wiping in case of loss or theft. Operating systems for all devices should be updated, including critical or important security patches. File sharing options and auto connect and location sharing functions should also be disabled if they are not already.
Travelers should alert banks and credit card companies about their travel plans to avoid potential fraud restrictions from being placed on their accounts. Spending should be limited to one or two cards if possible. This makes it easier to check spending after returning from a trip and to detect suspicious purchases or transactions.
Especially cautious travelers often substitute so-called “dumb” devices for their regular laptops and smartphones. They set up devices with clean operating systems and a minimum of programs and apps and no personal information. Accessing personal files and information through such devices can be accomplished through remote desktop programs or remote access of individual files through a VPN or a cloud-based backup system.
In extreme cases, so-called “burner” devices are discarded at the end of a trip. However, unless a traveler’s plans involve espionage or similar covert activities, actually discarding substitute devices is not necessary.
“I won’t bring my latest version iPhone when I travel,” Plante says. “[I’ll substitute] a little flip phone or something, get a local SIM card and just make calls when I need to and not take the chance of hurting my phone. So that’s kind of the same role as a burner phone. But I don’t throw that out. I just take out the SIM card. It’s not really as smart of a phone but it’s a lot safer than taking your own phone.”