Advertisement

Computer, Mobile, & Internet Security Basics for Travelers

by on August 18, 2014 · 11 comments

in TPG Contributors, Travel Apps, Travel Industry, Travel Technology

This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. For an explanation of our Advertising Policy, visit this page.

Today TPG Contributor Jason Steele explains why computer and mobile security are important considerations for all travelers, and how you can help prevent yourself from getting hacked.

Before I became a writer, I spent many years working as a computer systems administrator and technical support analyst at Boeing, IBM, and at state and federal government offices. Although I know quite a bit more about computer security than the average traveler, I recently had an interesting conversation with Imanuel Babadostov, who is a senior security consultant for OneWorld Labs, a computer security consulting firm in Denver. (He also happens to be my brother in law.)

Imanuel holds a masters degree in computer security as well as several certifications in the field. He also just returned from the Def Con Hacking Conference in Las Vegas, where all the leading “white hat” hackers share their secrets with each other. These are the computer security hobbyists and professionals who try to use their skills while staying within the law (although sometimes just barely).

Imanuel and I put our heads together in order to come up with the following advice on computer security for the traveling public.

Computer security

Taking precautions now will save you headaches later. (Image courtesy of Shutterstock)

Basic computer security for travelers

Business travelers need to work on the road, and vacationers now expect to be connected when they travel. Unfortunately, traveling leaves computer users far more vulnerable to security risks than when they’re at home.

Here are some of the primary risks that travelers face, and some basic ways to counter these threats:

Keyloggers
Since most web sites that you log into will encrypt data sent between your computer and the company’s server, the easiest way for hackers to obtain your user name and passwords is to simply record your keystrokes. A keylogger is often a small program installed on a computer that records all of your keystrokes, and is almost impossible to find. Keyloggers could also be hardware based and embedded in the keyboard itself. Finally, someone could simply train a camera on the keyboard of a computer in a public place.

The goal of most hackers is to obtain your credit card information. Image courtesy of Shutterstock.

The goal of most hackers is to obtain your credit card information…and to dress like a ringwraith. (Image courtesy of Shutterstock)

To defend yourself from keyloggers, you must be extremely cautious when using someone else’s computer, such as one in an Internet cafe or hotel. It’s astonishingly simple for someone to install a program or device and harvest the login information of hundreds of travelers. Once I understood how keyloggers worked, I never used a public computer for anything more than basic web surfing or printing a boarding pass (using only my name and reservation number). Now, anytime I have to log into anything, I always use my own personal laptop, tablet, or mobile phone.

Another important step towards defeating the threat of keyloggers is called two-factor authentication. This means that instead of supplying just a password (one factor), users need to supply a second authentication code. For example, Gmail offers users the option to enable two factor authentication, and the authorization codes can be retrieved via a text message, an authentication app, or simply by printing out a list of codes for one-time use.

Since all of these authentication codes expire when used, they are useless if intercepted by a keylogger. If your online email account or bank account offers the option of two factor authentication, enabling it may be the single most important step you can take to avoid being hacked. If your email system doesn’t support two factor authentication, you can temporarily forward your mail to one that does when you travel.

WiFi security
When you use your hotel’s WiFi, how do you know it’s really from the hotel? Part of the fun of the hacker’s conference was observing how all of the participants attempted to hack each other’s devices (as well as the hotel elevators and other systems). When he browsed the hotel’s WiFi, he noticed dozens of access points that had similar names designed to sound like the hotel’s own service. So when you check into a hotel, it’s a good idea to ask for the exact name of the WiFi service, not just its password, as it’s pretty easy for a guest to set up their own bogus WiFi service with a similar name.

Never provide your credit card information to an unencrypted web site. Image courtesy of Shutterstock.

Never give credit card info to an unencrypted website. (Image courtesy of Shutterstock)

Yet even when using the correct WiFi router, travelers should be aware that when visiting any site that’s not encrypted, anyone else in WiFi range could intercept their information. To ensure a site is encrypted, its address should begin with HTTPS rather than just HTTP. For more about using your browser to verify a web site is encrypted, see these explanations from Microsoft, Mozilla (FireFox), and Google (Chrome).

To remove any doubt about the security of your connection, you could use a Virtual Private Network (VPN), which simply encrypts all traffic. VPNs are provided to employees by many corporations, and individuals can subscribe to these services. For example, TOR is a free, private, and anonymous VPN service.

Another safe option is to just “tether” your WiFi to your laptop or tablet directly from your mobile phone, preferably with a USB cable rather than with a WiFi or Bluetooth signal.

Securing your mobile devices
Hopefully you already know that you should password protect your mobile phone and other devices. Beyond that, it’s pretty easy to disable your WiFi and Bluetooth when you don’t need it. In fact, you can do so simply by putting your device in airplane mode when you’re not using it. As an added benefit, your battery will last far longer when you do. Anther good idea is to use apps (like Android Lost and others) that can remotely track and disable your devices if they’re lost or stolen.

Encrypting the contents of your laptop means that thieves can't steal your data. Image courtesy of Shutterstock.

Encrypting the contents of your laptop means that thieves can’t steal your data. (Image courtesy of Shutterstock)

When it comes to your laptop, you can encrypt the entire device using a program such as Microsoft BitLocker Drive Encryption. Just be sure to turn your laptop off when not in use, rather than leave it in hibernation or sleep modes.

For the hackers convention, Imanuel left his laptop and mobile phone at home, and used an inexpensive “burner phone” purchased from Wal-Mart. These phones are pay-as-you-go, have a temporary number, and seem to be used by every criminal on television. These are extreme countermeasures, but they may be worth considering if you’re headed somewhere that’s a high-threat environment or if you have extremely sensitive information on your devices.

Turning off WiFi and Bluetooth enhances mobile security while extending your battery life as well. Image courtesy of Shutterstock.

Turning off WiFi and Bluetooth enhances mobile security while extending your battery life as well. (Image courtesy of Shutterstock)

Securing your credit cards, bank account, and passport
Before I leave the country, I always notify my bank and credit card companies which countries I’m scheduled to visit, even if I’m just changing planes. This way, they won’t place any false security holds on my account. I only need to do this for the credit cards that I take with me, which are always the ones with no foreign transactions fees and an EMV smart chip. Furthermore, American Express and some Chase cards no longer need to be notified of foreign travel.

Credit cards equipped with an EMV smart chip are more secure than those with just a magnetic chip. Image courtesy of Shutterstock.

Credit cards equipped with an EMV smart chip are more secure than those with just a magnetic chip. (Image courtesy of Shutterstock)

ATMs are a great way to access cash when traveling, but you have to be careful when using them. One threat is called a skimmer, which is a fraudulent card reading device placed on the machine and camouflaged to look legitimate. Another method of attack is to observe the PIN number by looking over your shoulder or even by using binoculars. To avoid this threat, be discrete, and try to use the ATM machines inside a bank branch. This way you have the benefit of added security, and I find that many banks even have a small secure booth for ATM use after hours.

Another thing to consider is RFID, which is a wireless signal that can be emitted from your credit cards and passport. Basically, someone close to you in a line or an elevator can carry a device that can scan and read these documents. Granted, they can’t get enough information to clone your credit card or your passport, but many travelers might still find this information to be sensitive. To counter this threat, look for a wallet or sleeve that has a built-in RFID shield.

Social engineering
Finally, no discussion of basic computer security would be complete without mentioning social engineering. This is the idea that hackers can gain access to your information by directly interacting with you, rather than though your machines.

For example, you could receive a call in your hotel room from the front desk, indicating that there was a problem running your credit card. Of course, the call is not really from the front desk, and the person you read the number to will quickly use it to make a fraudulent transaction. So anytime you receive a call purporting to be from your bank, ask for a name and extension, hang up, and then call back using the phone number from the back of your card. The same principle applies anytime you’re contacted by text or email, or if a person claims to be from “technical support.”

Conclusions

You face numerous threats to your data when you travel, but you don’t have to be a computer security expert to counter most of them. By taking a few simple steps to enhance the security of your devices, you can give hackers every incentive to target someone else instead.

Disclaimer: The responses below are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.

Previous post:

Next post:

  • Harry

    What about 4G cellular data connections. Is using your cell phone/tablet’s data package any safer than using regular wifi?

  • http://www.jasonsteele.com/ Jason Steele

    Yes, absolutely. Especially if you tether it with a cord, rather than your phone’ s wifi.

  • http://www.2beerqueers.com infomofo

    These are great security tips in general. One somewhat frustrating issue I have is that when I travel to foreign countries I frequently purchase temporary sim cards to use in my phone for cheaper data plans. Now that many of my accounts are tied to my phone’s SMS messages for 2 Factor Authentication I am thinking that will be a bit of a hassle. Any tips on dealing with that?

  • Jonathan

    Who is your cellular provider? T-Mobile and AT&T do not charge to receive text messages internationally. You could just keep your SIM card with you to receive the 2-factor authentication message.

  • http://www.2beerqueers.com infomofo

    that will work when i’m on a computer, but some apps on my phone will need the 2 factor response as well. if i wanted to use the other sim card for data, i’d have to swap it out quickly which would probably be difficult.

  • Mark R.

    If I read my mail (Outlook/Hotmail) on my iphone, by just pressing the “mail” icon, what happens if I sign up for two factor authentication (I understand how it works if I’m on my computer)?

  • http://www.jasonsteele.com/ Jason Steele

    Google’s two factor authentication allows you to print one-time use codes, which work great when you have no mobile phone service.

  • http://www.jasonsteele.com/ Jason Steele

    With 2 factor authentication, you can set it to recognize your personal devices with just a password. The 2d factor is just so you can log into unknown devices, and so others can’t with just your password.

  • http://www.2beerqueers.com infomofo

    yeah google i’m not so worried about- i’m using the authenticator app which should work regardless of which sim card i’m on. i’m using sms for my facebook, twitter, and paypal 2FA though which I don’t think have the printable code options but i’ll check. thanks!

  • Jonathan

    I’m sorry, I misunderstood what you were attempting to accomplish.

    One other solution would be to grab a cheap $10 phone that you could insert your home SIM card into, and that would allow you to receive your 2-step SMS messages. You can get cheap phones for T-Mobile and AT&T on Craigslist.

  • Savvy traveler

    When using an ATM I always shield the keypad–and since some hackers now use a tiny camera hidden just above the keypad–I touch extra keys.

Print This Page