I spend my life in airports and hotels. Next week I am set to take my 42nd flight of the year, this time another long-haul. I often appreciate that being in these locations makes me more vulnerable statistically, so I wanted to share with you the understanding of those risks so that you can be aware, particularly if you travel as much as me!
At theosintgroup.com we provide Travel Risk Management Services, and we are seeing a huge rise in the following kind of activity across the globe. This will only be a 4-minute read, but will be well worth it.
In our highly connected world, airports and hotels have become integral stops in our travels, equipped with conveniences like free Wi-Fi, charging stations, and even shared workspaces. However, these conveniences come with significant cyber risks, making airports and hotels prime targets for cybercriminals. Whether you're travelling for business or pleasure, understanding these threats and knowing how to protect yourself is essential to keeping your digital life secure.
In this blog I will delve into the unique cyber security threats found in airports and hotels and provide actionable steps to protect your data, devices, and personal information.
Why Are Airports and Hotels Targeted?
Airports and hotels are frequented by millions of people from various backgrounds and often contain sensitive personal and corporate data, making them attractive targets for cybercriminals. Some of the reasons these locations are commonly targeted include:
High Traffic: Airports and hotels see a constant flow of travellers, many of whom connect to public Wi-Fi and use charging stations, creating opportunities for cybercriminals to intercept data.
Public Networks: Public Wi-Fi networks, often unsecured or weakly secured, are common in these locations. Cybercriminals can use them as entry points to access devices and intercept sensitive information.
High-Value Targets: Many travellers are business professionals carrying valuable information on their devices. The data they hold, such as intellectual property, financial information, and personal contacts, can be a goldmine for attackers.
Lax Security Measures: In some cases, hotels and airports prioritise customer convenience over stringent cyber security, which can result in weaker security measures.
Common Cyber Threats in Airports and Hotels
1. Unsecured Wi-Fi Networks
Public Wi-Fi networks in airports and hotels often lack proper encryption, meaning that any data sent or received over the network can be intercepted by third parties. Cybercriminals can set up fake Wi-Fi networks (known as “evil twin” networks) with names similar to the legitimate networks to trick users into connecting to them, giving hackers access to all their internet traffic. I had a play around with this technique during lockdown a few years ago, and it surprisingly easy to do, and I’m really not technical at all.
2. Man-in-the-Middle Attacks
In a man-in-the-middle (MITM) attack, cybercriminals position themselves between you and the internet connection, intercepting data as it travels between your device and the destination server. This allows attackers to view, steal, or manipulate your data, which can include login credentials, banking information, and personal details.
3. Malware from Charging Stations (Juice Jacking)
Airports and hotels frequently offer USB charging stations. However, these stations can be tampered with to inject malware into any device that connects to them. This type of attack, known as “juice jacking,” can compromise the security of your device, allowing attackers to access your data or install malicious software that tracks your activities. The cyber Team on Hunted Australia when we filmed this for a few years actually used these on the ground to great affect!
4. Phishing Attacks and Rogue Hotspots
Cybercriminals can target travellers with phishing messages, especially via fake hotel or airport Wi-Fi pages or pop-ups that prompt users to enter personal information, often under the guise of improving security or connectivity. These rogue hotspots appear legitimate, but connecting to them can lead to the theft of personal information or exposure to malware. I have actually had this a few times this year, so be super vigilant on this one.
5. Keyloggers and Malware in Public Computers
Public computers in airports and hotels are convenient but often compromised. Cybercriminals can install keyloggers on these devices, recording every keystroke and capturing sensitive information such as passwords, usernames, and credit card details.
6. Physical Theft and Unauthorised Access
While digital threats are significant, physical security is also a concern. Devices left unattended in airport lounges, cafes, or hotel rooms are easy targets for thieves. Additionally, if sensitive information is not encrypted or properly secured, anyone with physical access to your device can easily extract data.
Cyber Security Precautions for Travellers
Awareness of these threats is essential, but knowing how to protect yourself is even more important. Here are practical measures you can take to stay secure when travelling through airports and staying at hotels.
1. Avoid Using Public Wi-Fi Networks
One of the most effective ways to protect yourself is to avoid connecting to public Wi-Fi networks, especially for activities that involve sensitive data like banking or accessing personal accounts. Instead, consider the following alternatives:
● Use a Personal Hotspot: If possible, use your smartphone's mobile data or a personal hotspot, which is generally more secure than public Wi-Fi.
● Invest in a Portable Router: A portable router can allow you to create a private, secure network using mobile data.
2. Use a Virtual Private Network (VPN)
If you must use public Wi-Fi, a Virtual Private Network (VPN) is essential. VPNs encrypt your internet traffic, making it difficult for cybercriminals to intercept and access your data.
● Select a Reputable VPN Service: Not all VPNs are created equal. Choose a well-established VPN provider that does not log your data.
● Use VPN Continuously: Once activated, leave the VPN running until you disconnect from the public network.
3. Disable Auto-Connect and File Sharing Features
To avoid accidentally connecting to rogue networks or exposing files to unauthorised access, disable features that may automatically connect your device to Wi-Fi networks or allow file sharing.
● Turn Off Auto-Connect: Most smartphones and laptops have an auto-connect feature for Wi-Fi. Turn this off to avoid automatically joining unknown networks.
● Disable File Sharing and AirDrop: On devices like laptops and iPhones, turn off file-sharing services such as AirDrop and ensure that Bluetooth is only enabled when needed.
4. Charge Safely: Avoid USB Charging Stations
USB charging stations can be a conduit for malware, so avoid plugging your device directly into them. Instead, consider these alternatives:
● Use Your Own Charger: Plug your device directly into a wall outlet using your own adapter and charging cable.
● Carry a Portable Power Bank: A power bank allows you to charge your devices without relying on public charging stations.
● Use a Data Blocker: USB data blockers are small adapters that block data transfer through the USB cable, allowing only power to flow to your device.
5. Keep Software and Security Features Updated
Updating your device's operating system and software is crucial as these updates often contain security patches to protect against new threats.
● Enable Automatic Updates: Ensure your device is set to receive updates automatically, especially for your operating system and security software.
● Use Reliable Security Software: Equip your devices with reputable antivirus and anti-malware software to add an extra layer of protection.
6. Practice Caution with Email and Pop-Ups
Be wary of any email, text message, or pop-up window that asks you to enter personal information or login credentials.
● Avoid Clicking on Unknown Links: Only click on links from trusted sources, and avoid logging into accounts through links provided in unsolicited emails or texts.
● Inspect Pop-Ups Carefully: Cybercriminals often use pop-up windows on fake Wi-Fi login pages. Verify the authenticity of any Wi-Fi portal by asking airport or hotel staff if unsure.
7. Avoid Using Public Computers for Sensitive Activities
Public computers in hotels and airports are generally not secure. Avoid using them for anything that involves sensitive information, such as online banking or logging into accounts.
● Use a Secure Device: If possible, use your own device for internet access. If you must use a public computer, avoid entering sensitive information.
● Clear Browsing Data: Before leaving a public computer, ensure you have logged out of all accounts and cleared the browser’s history and cookies.
8. Encrypt Sensitive Information
Encryption is a powerful tool for keeping your data secure, especially if your device is lost or stolen. Many devices have built-in encryption options, so make use of them:
● Enable Device Encryption: Most smartphones, tablets, and laptops have settings to enable encryption, ensuring that only authorised users can access data on the device.
● Encrypt Sensitive Files: If carrying particularly sensitive files, encrypt them individually for added security.
9. Enable Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) adds a second layer of security to your accounts, making it more challenging for attackers to gain access even if they have your password.
● Use an Authentication App: Many services offer authentication apps that generate temporary codes for logging in.
● Prioritise MFA for Important Accounts: Enable MFA on all accounts, but especially on those containing sensitive or financial information.
10. Stay Aware of Physical Security
Cyber security doesn’t stop at digital threats; physical security is equally important. Ensure that your devices are secured at all times, especially in public spaces.
● Keep Devices With You: Avoid leaving devices unattended in lounges or cafes. Always carry them with you or store them securely.
● Use a Lock-Screen Password: A lock-screen password, PIN, or biometric security feature prevents unauthorised users from easily accessing your device if it's lost or stolen.
Comments