Cybersecurity and TravelAdam Smith
The world has slowly returned to some semblance of normalcy after COVID, and with it comes an increasing desire to travel. Technology has made travel significantly easier, but this convenience also brings new risks.
When I began traveling full-time over 10 years ago, travel safety was merely a matter of personal physical safety. Never leave a bag unattended, always pay attention to surroundings, and so forth. However, in the current day and age, digital life presents new and significantly heightened threats. When you travel domestically or internationally, you’re now traveling with personal information that’s far more valuable (and that can be accessed far more readily by predators) than the contents of your bag. This shouldn’t be a deterrent to travel, so long as you prepare with a few simple measures to safeguard yourself and your devices.
In the weeks leading up to your trip, there are a couple things you can do to protect yourself and prevent an incident from turning into a catastrophe.
Always remember: The best way to protect your stuff is to leave it at home.
People have a tendency to overpack. I always say once you’re completely packed up, cut that load in half. The same applies to your electronic devices. People own multiple devices and feel like they need to bring them all “just in case.” Don’t. You exponentially multiply your risk with each device that you bring.
If you do have to bring a laptop, tablet, or other device, make sure you clean all personal information off of it before you leave. This should go without saying, but you should have a lock and password on all of your devices. Avoid face recognition and fingerprint recognition features, since they can be bypassed against your will through physical force. Furthermore, all of your passwords should be changed every three months. Before you leave home, I’d recommend that you update all your devices’ software and operating systems. This will improve their ability to ward off attacks from known vulnerabilities. Also, back up your information — that way, if something does happen to your device, you won’t lose all of its contents.
You never want to connect to unfamiliar networks that have limited connectivity, or worse, that could be hijacked. A general rule of thumb I employ in my travels is that you’re always being watched, physically and digitally.
The most important way to protect your information is to use a quality VPN service with end-to-end encryption. Essentially, what a VPN does is route your traffic through a secured pipeline from your device to the destination server. This will mask your IP address and location, making it much more difficult to track your online activity. Avoid surfing the net with standard browsers — they will all track you to some extent. Instead, use a proxy tool like JX Browser, ZAP, or Burp for anything sensitive so you can see the chain of supply to and from the sites you’re trying to visit.
Chrome and Firefox are rife with third-party plug-ins that can get you hacked, so if you must use mainstream browsers, make sure you keep them updated and avoid add-ons. Turn on the built-in security features such as pop-up blockers and cookie blockers, but be extremely careful about using third-party ad blockers. They are, in fact, malware in many cases.
Another great buffer is to set up a “travel” or burner email that you can use for any reservations or activities that require email. In addition to using disposable emails, pay attention to the security of smaller sites when you’re booking local excursions or tour trips. These sites aren’t going to be as secure, and you’re therefore more prone to attack when completing an online booking. At the very least, look for the padlock icon in your browser’s URL bar, which indicates that the site is using up-to-date SSL encryption. Best practice is to just call them and make arrangements over the phone; in the rare case that they won’t book over the phone, find a different company that’ll respect your privacy.
While there are virtual safeguards that can prevent you from becoming a victim of an attack, there are also some physical measures you should be taking as well. Never let your device out of your sight. It sounds like a very basic, common-sense thing, but you’d be shocked at how many occasions I’ve seen people leave unattended devices in hotels, restaurants, coffee shops, or other public places. Don’t leave your phone on the table when you aren’t using it; keep it in your pocket.
When I was living in Vietnam, on several occasions I saw someone walk by a cafe and grab a phone that had been left unattended on a table. In addition, when you leave your hotel room, make sure you don’t leave valuable or sensitive material exposed. If you do have to leave devices behind in the room, always make sure they’re turned off, password-protected, and placed out of sight.
USB Condoms to Prevent “Juice Jacking”
One of the most common mistakes I see being made while traveling is something most people have never heard of — not using a USB condom. A what??? Yep. A digital condom. Every time you plug in devices such as smartphones that use the same port for data and charging, there is an exchange of information. Airports, public spaces, and even cafes are prime spots for this kind of attack — basically, everywhere you go while traveling. An attacker can subtly modify any port to house malware that’ll penetrate your device once you connect it with a USB cable. The malware will affect your device’s performance, but more crucially, it can steal your texts, emails, photos, and other data you probably don’t want to give out to strangers.
So how does the USB condom work? It doesn’t have data pins, thus automatically blocking data transfer should you use an unsecured public USB socket. They aren’t expensive and can be easily incorporated into your cyber protection regimen. Just leave one connected to the end of your USB charging cable, so it’ll already be in place when you need it.
Your smartphone is probably as essential to your travels as your passport. And that’s no exaggeration. Think about it: It’s your currency converter, personal translator, camera, and navigator. It’s how you stay in touch with friends, and probably the first thing you reach for if you get into trouble. I usually have at least two backup “burner” phones with me at all times, just in case. I really like to pick up older unlocked Apple phones, so I can simply plug in local prepaid SIM cards instead of using a stateside plan. It’s cheaper, especially when you’re not relying on free Wi-Fi. You should always sterilize your phone from any personal information, like financial info.
A cheap travel hack I implement is an aluminum-foil-lined Pelican case, just large enough to fit a few phones inside. Foil is easily sourced wherever you’re traveling. Tear out two layers of run-of-the-mill oven aluminum foil and wrap the inside. This should work as an improvised Faraday cage, blocking signal ingress and egress to the devices. I also put my bank and credit cards in here to protect from skimming.
The smartphone is an amazing multi-tool, and there are established apps that can help you navigate danger. I put together a quick list of six essential apps that I recommend you download before you start your adventures.
1. Google Translate: I can’t stress this enough to aid in communication during your travels. It has text and audio translation functions, and it can be used with your camera to instantly scan and interpret signs, menus, and more.
2. Google Maps: I download an offline map for any large city I plan to visit, and also the smaller neighborhoods. I then study streets and landmarks, so I have an understanding of the area, with routes to hospitals, public transportation, police stations, and embassies.
3. Grab or Uber: These apps will save you literally hundreds of dollars and negate the hassle of dealing with shady cab drivers. Bonus tip: Attach your credit card and pay through the app to avoid direct cash exchange with strangers.
4. Agoda or another hotel location app: This is a great money and timesaver. However, once I get a quote, I will call the hotel and see if they can do better. A lot of times they can.
5. Facebook: I hate Facebook. Nevertheless, it’s not just for getting harassed by exes and people you used to go to high school with who are trying to sell you weight-loss tea. It’s a fantastic tool for networking in a new city. Look up traveler and expat groups ahead of time wherever you’re planning to visit. They’ll help you discover local hangouts, events, live music, and places to eat and drink. They can also help you become aware of dangerous areas and common scams.
6. WhatsApp: You can use this to talk and text on a data plan all over the world.
It’s important to not be dependent on technology and to discover things on your own. However, at the same time, you should be using technology to maximize your time and experience. These apps will do just that.
The majority of phones are set to automatically connect to Wi-Fi and Bluetooth. This setting is huge risk. Your phone will automatically connect to any nearby open Wi-Fi network, leaving it vulnerable to attack. The same applies for Bluetooth connectivity. Anyone can automatically connect to your phone without your knowledge and hack it, just by being in your relative proximity. This isn’t a difficult issue to address, just change the settings on your phone until you need to use these features.
The allure of public Wi-Fi is undeniable, be it an airport or coffee shop. However, the harsh reality is that people intending to steal personal information and identities create free access points that resemble trustworthy networks. They can name this network anything, making small changes to a letter or number so it still resembles the real network. As a general rule of thumb, I never connect to Wi-Fi when traveling. I just use the phone’s data connection instead.
When traveling internationally, internet cafes are ubiquitous. Always be skeptical of security measures at any unfamiliar or public place. Never log in to personal or financial accounts at these public access points. They can have keystroke logging software and general malware as well. When using these computers, you always want to operate under the assumption that the information you’re accessing can be seen by someone else.
In this age of social media, if you don’t share a picture, it didn’t happen. However, “sharing” a picture could put you at risk of unwanted attention from strangers or social media followers, and even put your home or valuables in jeopardy. If you’re posting that you’re in some exotic location, you’re advertising to predators where you are and where you’re not. I advise waiting at least an hour or two after you’ve left a location, or better yet, a day or two. You can still stay in touch and connected without letting people know your exact location in real time.
Skimming is a very popular form of digital theft whereby credit cards can be read and duplicated at the point of sale, just by inserting, swiping, or waving over a contactless reader for a routine purchase. Make sure you have RFID sleeves on all your credit and bank cards any time you’re not using them. This simple and inexpensive tip will help to keep your cards from being compromised by criminals in public.
This was a tough one I had problems with until I had my identity stolen. Now, I’m extremely vigilant in using different, complex passwords on all my devices. Remember that longer and random is better. Swapping a letter with a number — for example Gr33nland — is not any more secure than the original, because a modern password cracker can check the different permutations in seconds. However, gibberish passwords are tough to remember, so I use a long passphrase with a lot of words put together — for example, heyyoustoptryingtotakemybeer. Avoid common quotes and catchphrases like showmethemoney or youcanthandlethetruth. Always use different passwords for different devices. A password manager can help you to keep track.
Electronic pitfalls are everywhere, but they’re especially common when you’re traveling and preoccupied with other tasks. It’s better to take these small measures to protect yourself rather than fall victim. The consequences can reverberate for weeks and even years if identity theft or bank fraud is involved. By following these steps and staying vigilant, you’ll significantly reduce your chances of being a soft target.
About the Author
Micah Dalton is a global adventurer, photographer, and travel writer. Told at a very young age by his grandmother that he had “gypsy blood,” he hasn’t stayed in one spot since. A bona fide travel addict, his adventures have taken him to over 35 countries and all seven continents. He’s studied Buddhism in Thailand, knife fighting with a South African master, motorbiked the jungles of Vietnam, and hitchhiked all across America. After over a decade of dangerous adventure travel and specialized training with Ed Calderon and other high-level instructors, Dalton has now distilled his experiences into a series of travel and safety compositions for major publications. Come join the adventure on Instagram at @classic_mcqueen.
More on Security in the Digital World
- What if you are the victim of Doxing? Security in the Digital Age.
- Intro into SDR: Software Defined Radio.
- 5 Ways to Protect Your Wifi Network.
- Steganography: Hiding Messages Inside Boring Images