How You Can Travel Like an Ethical Hacker
The holiday season is upon us and everyone is looking forward to trading the office for a new adventure, their favorite family resort, or some other kind of holiday. And many people now pack their favorite tablets or phones to take holiday photos, stay in touch with family or friends, or enjoy movies or video games while on the road.
Going anywhere new always involves a degree of excitement, but also anxiety. It’s normal to feel a bit of concern about losing control of your credit card numbers or having devices with valuable information stolen. You have these same risks at home. But it’s baggage many of us would rather leave behind when taking a vacation.
Luckily, you don’t have to bring your paranoia with you when traveling. You can check out our recent podcast for advice on how to stay safe while traveling. And here’s some additional do’s and don’ts to help you have a secure, relaxing vacation.
Prepare and secure your mobile devices in advance
Take the time to prepare all your devices and peripherals for the trip. When it comes to mobile phones or tablets make sure you have an idea about how long your travel time will be versus how much battery power you need. It may seem small. But having enough juice to power games and movies can make a huge difference when travelling – especially with kids.
When it comes to securing your mobile devices, consider the following:
- Set device unlock PINs you and the kids can remember, but not something a stranger can guess
- Turn off Bluetooth, filesharing, Apple Airdrop, and other functions you won’t need
- Set restrictions on the devices you bring so that you can’t make changes to the device or use certain applications (e.g. Appstore, Play store) without entering the password or PIN
- Be careful when using biometric authentication (such as fingerprints or your face) to unlock devices. It’s convenient, but it can actually make it easier for criminals to unlock your devices. It’s surprisingly easy to use someone’s hand to unlock a device while they’re asleep/passed out by a pool. And using your face isn’t as secure as you might think. Criminals run scams like using your phone to buy an expensive app that they own via Google Play or the Appstore. Or they can just unlock your device so that it becomes more valuable when stolen. A PIN is always better than a fingerprint or face.
- Don’t forget the PIN and PUK code for your SIM card. Dropping that mobile phone and not remembering your PIN/PUK when asked can be a lot of hassle when trying to stay in touch. Make sure your friends or family have a copy together with your SIM card number in case they have to contact the police. And this way, you don’t have to keep it in your wallet (which is also a bad idea).
- Set two-factor authentication on your Apple/Google/Spotify accounts to make sure that anyone getting ahold of your password can’t abuse your accounts. And remember, you don’t have to worry about remembering passwords/passphrases if you use a password manager. BTW, some password managers are free.
- When using any kind of hotel, airport or other public Wi-Fi, use a trusted VPN client to ensure that no one on the same network can see or manipulate your traffic. And many VPNs will let you set your virtual location so that you can stream content from your home country. If you don’t need content from your country or origin, pick a VPN exit node as close to you as possible for increased speed.
- Do you have kids? Stop reading now and buy a travel Wi-Fi access point for the hotel or where ever you go. Set your mobile devices to use it before you leave. Kids and adults love to play multiplayer games and love collaborating. Think Minecraft and other multiplayer games. Hotel and airport Wi-Fi are not the place for these kinds of games and interactions. But travel Wi-Fi access points are cheap, come with a small battery and are about the size of a credit card. Some come with an option to put in a SIM card, but you can buy one without using that functionality. Even when all your devices are using VPN to get to the internet, device-to-device communication will still be allowed and might result in unexpected situations, such as unwanted interactions or strangers blowing up your Minecraft creations. Spare yourself the hassle of verifying and hardening every setting in every game to limit interaction and just use a travel Wi-Fi adapter with a power bank. It gives you a sandbox for safe interactions and saves you the trouble of worrying about strangers trying to phish you or manipulating your kids.
- Bring an HDMI converter cable for your mobile phone or tablet. Many hotels allow you to display your own content on the TV in the room (if the TV has an HDMI port). Preload a bunch of movies or series so that the spotty hotel Wi-Fi and laggy streaming services don’t become a source of before-bedtime drama. Downloadable content expires, so make sure you don’t preload the content too soon.
Using a rental car
When renting a more modern car, van or other vehicle, it might support Bluetooth. You might feel the urge to sync up your mobile device with the car for playing music, calling or other tasks. Try to resist the temptation and bring that older mobile phone from last year with your music stored on it. Phones can sync your entire address book, past locations, and other content with the car. And getting it wiped from the car’s computer might be impossible, making sharing your personal information with it a bad idea. And remember – you don’t need to take calls in the car when you’re on vacation
Your hotel room
- Always bring your passport, money and devices with you in way that is easy to carry (such as a small backpack or shoulder bag with a zipper on the inside). You might trust (or not) the hotel staff, but when they are cleaning your room the door is open and the cleaning staff cannot know for sure if someone that walks in and says “forgot the tablet” is actually staying there.
- Your access card or key might not be unique. And the hotel might not have made the latest updates to their electronic locks. If you do not trust the hotel room door, put a towel behind the door handle to prevent anyone from trying to manipulate the door from the outside. Set the deadbolt on the hotel door if you’re in the room.
- If the hotel offers an in-room tablet, turn if off. It has a microphone and who knows what software is running on it. Same thing for electronic hotel phones. The lobby has your mobile phone number if they need it.
- Does your hotel room have a smart TV? Put something in front of the camera and don’t connect to it using your phone’s Bluetooth or other options. Do not put your Spotify, Netflix or other subscription service credentials into the hotel’s TV because you can’t know if someone is ready to copy it.
Around the hotel
- Lobby PCs and terminals: these computers or terminals are potentially backdoored and are not to be trusted. Use your own devices for looking up that flight itinerary or phone number. Don’t enter credit card numbers, personal information or passwords into them.
- Don’t put your credit card in arcade machines, untrusted computers, or use it to buy tickets when there are a lot of people around. Your card or PIN might get stolen and reporting stolen goods on a vacation is no way to spend your holidays
- Don’t mention your credit card details over the hotel phone. The hotel lobby already has your card number and doesn’t need it confirmed over the phone. When ordering takeaway food or services, use a VPN program over the hotel Wi-Fi or use your 3G/4G connection to enter that credit card number. Or even better – use cash.
- Keep a post-it with a fake PIN next to your credit cards. Anyone that steals your wallet will try to use the PIN from the post-it note to try and get into your accounts. This gives you a better chance of getting the cards blocked, or allowing the bank to spot abuse.
- Be mindful of where you use ATMs to withdraw cash. Jiggle the card reader to ensure no devices are glued on, and be sure to cover your hand when typing in your PIN
Charging
Everything has a USB port nowadays. And it’s tempting to charge your devices in any USB port you can find. But even though power hungry devices need to be charged constantly, you should avoid taking advantage of every port you see. Avoid using the hotel’s smart TV, hotel phone, or someone else’s powerbank or computer. You simply don’t know if these devices are configured (intentionally or unintentionally) to manipulate your devices in unintended ways. Bring a powerbank for long distances, and one for short top-ups. If you are really paranoid, bring a power-only USB charger cable.
Categories