Taking a trip with always-on digital devices can be like traveling with your safe — and forgetting to lock it.
Connecting to the Internet over Wi-Fi hot spots in airports, hotels and cafes is an irresistible activity for business and casual travelers. But sending sensitive information over the air on an unsecured network is risky computing behavior, said Kelly Davis-Felner, marketing director for the Wi-Fi Alliance, a global nonprofit industry association.
“Your average road warrior probably thinks about it occasionally, but now your average family is traveling with two iPads, two iPhones and a laptop and doesn’t think about it much,” she said. “The number of connectable devices is growing by leaps and bounds.”
The problem is that modern travelers reflectively go online any chance they can.
“I have my iPhone set for ‘search for networks.’ If I find a network that’s available and is not locked down, I join it,” said Kevin Gavin, chief marketing officer at ShoreTel, a Sunnyvale, Calif.-based maker of a Voice over Internet Protocol phone system. The tech executive admits he drops his guard now and then. “The truth is, I ought to be more concerned. But I’ve never had a problem.”
However, he uses a virtual private network (VPN), software that protects data transmissions, when accessing work data, and he also travels with an AT&T MiFi, which provides a secure mobile Wi-Fi hot spot over a cellular network.
Many travelers, though, aren’t as securely equipped as Gavin. And they forget that logging in online in an overseas cafe or domestic airport could expose bank account information and other vulnerable digital data to tech-savvy thieves using software that scans the airwaves for unprotected transmissions. While Davis-Felner calls the threat “moderate,” exposing sensitive data to the wrong eyes could ruin a vacation or business trip.
“We’ve become so used to being connected wherever we go that we are almost unwilling to do without it,” she said.
Often, public hot spots do not have security protections against such electronic eavesdropping, also known as “sniffing.” While banking and other websites are encrypted, the information transmitted from, say, a laptop on a hotel Wi-Fi network to the access point may not be, Davis-Felner said. Sniffers essentially grab the data en route to the access point, download and store it and then review the electronic material later.
“Anybody who tells me they do their online banking in a cafe needs to rethink what they can live with” in terms of risk, she said. “It’s like writing (personal information) on a postcard because it hasn’t been scrambled.”
Another danger is logging into what appears to be a public hot spot home page that is, in fact, a phishing scam designed to trick people into revealing credit card numbers, birth dates and other information that puts them at risk of identity theft.
Davis-Felner suggests travelers access sites only such as social networks or personal email when not at home or in their office. “You should always assume the worst and that you don’t have security protection and conduct yourself accordingly,” she said.
In less developed countries, she added, visitors are more apt to have their wallets stolen than experience an electronic pickpocket. But there are other data theft concerns that have nothing to do with laptops or smartphones.
In 2006, the State Department began embedding radio-frequency identification, or RFID, chips in new U.S. passports, which triggered concerns among some travelers who feared information embedded on the tags could be vulnerable to electronic eavesdropping.
“We get asked a lot, ‘Can I just hit it with a hammer?’ ” to disable it, said Michael Aiello, founder of DIFRwear, maker of wallets and passport cases lined with an aluminum mesh that protects RFID enabled credit cards and passports from data snooping. But, he said, “It’s federal property.”
Some security experts worried that terrorists could create improvised explosive devices designed to explode when they detect the RFID chips of American travelers. Others were concerned about identity theft. Aiello’s card and passport holders ensure travelers can avoid electronic traps.
Rob Enderle, principal analyst at Enderle Group, a San Jose-based technology consultancy, said nontech solutions are as effective as special cases or VPN.
“Don’t dress like an American” in dangerous regions, he said. That means ditching the shorts and Hawaiian shirts, Enderle said.
His precautions also include not posting travel photos on Facebook while away from home, which could be an invitation to be burglarized.
“The old ways (of being safe) work best,” Enderle said. “It doesn’t require a lot of technology.”
—Don’t do online banking or other financial transactions while away from home.
—Do not set your smartphone to automatically join any unlocked Wi-Fi hot spot.
—Avoid using public computers in hotels and elsewhere — they could be infected with data-mining software.
—If you leave a laptop or other device in your hotel room, lock them up.
—Don’t post travel photos and writings on social network sites until you get home.
Source: McClatchy-Tribune Information Services.