Indigestion and unfavorable exchange rates aren't the only dangers that travelers face. In this modern age, your personal information and digital security are at risk when you're on the road. So whether you're dodging enemy agents in any given panopticon nation-state, or just attending the Black Hat hacker conference, here's some tips on how to make sure you stay secure on the road.
What to Pack:
When heading into dangerous territory, it's more important to consider whatnot to bring than what to bring. Leave the Wi-Fi-enabled camera and ebook reader at home, unless you can disable network features. If you're taking a laptop for instance, don't bring one that's running Windows XP. In fact, if you do have a Windows XP laptop, please take it to a recycling center immediately or, barring that, gently run it over with a car.
The ideal laptop will be something lightweight, secure, and semi-disposable since you'll want to completely wipe it at the end of your trip. Chromebookshave the advantage of operating primarily in the cloud and being immune to (most) forms of malware. We recommend the CTL Chromebook J2 (right), which is sturdy enough for work on the go and has excellent battery life.
If you chose to take a Mac, remember that you're not immune to malware. Load up some Mac antivirus and be prepared to wipe it, or restore from a Time Machine backup.
A Virtual Private Network (VPN) is essential for securing your network communications on a laptop or desktop, but it can be handy for mobile use as well. There are several free options available, but these usually have limits on how much data you can move through the service. TunnelBear, for example, has a free offering but limits you to 500MB per month. VyprVPNfrom Golden Frog, on the other hand, has a monthly fee and can be installed on as many devices as you like (including phones and tablets). Only three of those devices can be connected to the VPN at a time, however.
Note that not all devices will work with your VPN of choice. Chromebooks, for example, are well suited for traveling through dangerous environments but they won't work with Cisco VPNs. This is why it's so important to thoroughly test your hardware and software before you start your trip.
Disposable feature phones, or burners, are a good choice for traveling in dangerous areas. These are less desirable in the eyes of thieves, and can be easily replaced. Alternatively, you can also use a prepaid SIM card in your smartphone to change its number. Whatever you decide to do, be sure you completely wipe your phone upon returning home.
Though iPhones are locked down by Apple, they offer fewer user-accessible security options, are generally more expensive to buy unlocked, and are a tempting target for thieves. If you take an iPhone, be sure to keep an eye on it. BlackBerry phones have a reputation for security, but don't offer as robust app options (more on this later). If you need a smartphone, we recommend the Nexus 5 or Nexus 6phones. These receive all the latest security updates from Google by virtue of running stock Android.
In addition to hardware, plan ahead about the software you'll be using while traveling, too. Install a full scale security suiteand make sure it's up to date. Select the services you'll absolutely need and disable everything else. Perform all your updates before traveling and then disable updates until after you return. If you're using a Windows laptop, be sure Remote Access is switched off. And, of course, set passwords on all your laptops and mobile devices. It's also a good idea to change your passwords once you return, too. Use a password manager to generate complex, unique passwords, and use a trusted computer that didn't travel with you if possible.
In addition to computers and mobile devices, invest in a pre-paid debit card. Stealing credit card information is a trivial matter, so it pays to get a prepaid card. This can help you stick to your travel budget, avoid messy (and easily stolen) cash, and keeps your credit and personal debit card information safely in your pocket. Try to avoid making online purchases, but use Abine Blur to create a virtual credit card if you absolutely must buy something.
Staying safe doesn't stop once you're on the road. Carry as many of your digital devices you packed on your person as you can. Leaving an unsecured computer in a hotel room is just inviting someone else to mess with it. Interrogate every single link you receive. If your aunt sends you something unusual, consider that it might not really be coming from her. And no matter what device you chose to take with you: never, ever plug in a strange USB drive to your computer.
Lastly, take some electric tape or non-adhesive vinyl stickers and cover your laptop and phone cameras. Taking selfies will be a bit trickier, but at least you'll know you're the only one shooting pictures from these devices.
Staying Connected While Staying Safe
When you can, connect to the wired Ethernet from the hotel room, and then power up the VPN right away. This is going to be harder and harder as more and more devices stop shipping with Ethernet ports. But until then, carry a spare Ethernet cable and a USB to Ethernet dongle so that you can always plug in.
You shouldn't trust Wi-Fi networks you don't manage. If wired connections aren't avaiable, use mobile hotspots instead. We recommend Virgin Mobile's Broadband2Go, which uses the Netgear Mingle Mobile Hotspot.
Most cellular carriers nowadays offer some kind of a hotspot as part of a prepaid plan. Boost Mobile has plans offering 1.5GB of data for $25 a month and 10GB of data for $50 a month. If you're not looking to put multiple devices on the network, then consider a USB-based 3G or 4G card. Verizon Wireless offers the MiFi 4G LTE Global USB Modem (U620L) for free for customers with a two-year plan. If you are on the road enough, this really is the better way to go than piggybacking on airport Wi-Fi. Oh, and don't shop for these at the airport. Take the time a day or two in advance to actually go to a store—Cricket, Boost, Verizon Wireless, Sprint, etc.—and try it out. Find out how data is metered and how you make sure you don't run out of your plan.
Cellular networks are (generally) more secure from snooping, though local law enforcement and the NSA have their own tools to get your cellular data. At Black Hat, hackers have shown how to use portable cellular towers called Femtocells to intercept data from cellphones. That's why you should think carefully about what information you transmit via cellular data plans. Using a different phone number (with a burner or pre-paid SIM) while in a dangerous area can ensure that anyone monitoring communications will have to go through the extra step of correlating your new phone number with your identity.
If things are really down to the wire, just use your phone for tethering. However, we don't recommend this as a regular practice, especially if you do a lot of bandwidth-intensive tasks. But if your Internet usage is light enough that you're certain you won't exceed your monthly plan then it's a good option. But never, ever, join Wi-Fi networks. In fact, it's a good idea to keep Wi-Fi and Bluetooth turned off as much as possible.
What's the matter with Wi-Fi? Well, have you ever heard of a Pineapple? And we don't mean the popular tropical fruit. In simplest terms, a Pineappleis a device that mimics other networks. Typically, your laptop and your mobile device remember the names of previously connected Wi-Fi networks and are running through the list of known networks to find out if that network is in range. Pineapple listens for that, and takes on the name of the requested Wi-Fi network, thus tricking devices into connecting. Before you hit the road, remove all remembered networks on your laptops and mobile devices. It's going to be a pain re-connecting after you get home, but connecting to a rogue access point or Pineapple is the last thing you want to have happen.
Secure Phone, Secure Apps
Once you've got your phone secure, you're going to need to batten down the hatches on the app side of things as well. If you're using an Android device, install an antivirus app to make sure that everything is above board. Some security apps will even apply fixes for known vulnerabilities that haven't been fixed on your phone yet, due to Android's famed fragmentation issues. It's much harder to install malicious software on a stock iPhone, so if you're using an Apple device we recommend not jailbreaking it.
But just as important as defending against malware is ensuring the physical security of your phone. If your phone is lost or stolen, it's safe to assume that its secrets will soon be in the hands of someone else. First things first: be sure to encrypt and lock your phone. We also recommend activating and familiarizing yourself with the Android Device Manager and Apple's Find My iPhone. Both will let you remotely wipe and lock lost or stolen devices, keeping you in control even when your phone is far away.
To stay in touch with your friends (or co-conspirators), you'll want to avoid the stock voice and texting apps on your phone. On Android, TextSecure and RedPhone are excellent free, open-source apps that will encrypt your voice and text messages in transit and at rest. There's even an iPhone version called Signal, which rolls voice and texting together. These services require no accounts and are easy to use, but you may experience a little latency with voice calls. Such is the price of security.
Note that these apps can function as full replacements for your voice and messaging apps on Android. If you go that route, it can be easy to forget that if the recipient of your call or message isn't a TextSecure or RedPhoneuser, your message won't be encrypted. Look for the padlock before you send a text or make a call.
Sometimes, the best way to ensure that a message isn't seen is destroying it once it's read. For that, we recommend Wickr for Android and iOS. This app lets you send encrypted messages to other users, and lets you set how long those messages last. It's free, easy to use, and has robust attachment support for sending all those secret plans you're storing.
Free Wi-Fi can be tempting, but (as stated above) it's often an easy target for attackers. The Skycure app quietly probes the wireless networks you're connected to, and lets you know if there's anything untoward. This app is available for Android and iOS which is great because its developers have uncovered some remarkable iOS networking attacks.
As important as it is to have a solid software arsenal on your mobile device, it's important to think about what not to install on the phone you'll be using in dangerous territory. Your favorite game on Google Play or the App Store may not be malicious, but it might be transmitting your personal information in an insecure fashion. Or it might have an ad framework that's susceptible to attack. You simply don't know what's going on inside apps, so choose carefully about which to load onto your phone. You can live without Netflix for a few days, honest.
We recommend taking just the essentials and installing NowSecure (formally ViaProtect) to keep an eye on everything else. This app breaks down how much of your information is being broadcast over insecure channels, helping you keep a tight ship.
For the most part, common sense will serve the careful traveler best when abroad. But our digital lives open new targets for the determined thief (or local dictator) to exploit. Make sure you at least think through the possibilities, have backup plans, and do what you can to keep yourself secure while traveling.
Source: PCMAG