Skim any travel website this holiday season and you’re bound to find an article or two about online security and traveling. The articles certainly raise awareness of the precarious security situation while in airports and hotels, but they also generally fall short in a few ways.
Here are the three riskiest online mistakes travelers make every holiday season:
- Flying naked. What is it about being tucked into our seats in 11B at 30,000 feet that makes us feel invulnerable to hackers? The reality is, wireless signals on an airplane are no different than wireless signals bouncing around Starbucks. Typically the in-flight WiFi authentication system used to charge passengers for Internet access is not fully secure. This means that anyone who knows how to spoof a MAC address can use the purchaser’s MAC address to piggyback on the service for free. Further, your device will continue searching for in-flight networks even after you leave the plane. This means you could inadvertently connect to an “Evil Twin” belonging to a hacker in the airport lounge. Think of free public WiFi as “bait” by an Evil Twin thief.
- Using the hotel room’s wireless network. Let’s face it: we’re all somewhat aware of security holes when using wireless in hotels. Take what happened at a Marriott Hotel earlier this year. A hotel guest allegedly noticed that code was being injected into websites visited via the hotel WiFi in order to push third-party advertisement to users. According to an official statement from Marriott International, this was done “unbeknownst to the hotel” — or put another way, the mega hotel chain allegedly had no idea what was going on with its own network. If it can’t keep out malware and fake advertisers, how can it keep out hackers? Scarier still, there are even risks while using cable Internet connections, since there are several ways to hack hotel local area networks, but two of the main ones carry the colorful names of “promiscuous monitoring” and “ARP spoofing.”
- Listening to the myth that HTTPs is safe. Here’s the deal: looking for the extra “s” and the padlock symbol is a good way to be safer online, especially when scoring good deals on your favorite online retailer. But even the HTTPs is not a foolproof method of security. SSL Pulse, a website that monitors the effectiveness of the 200,000 most popular websites that use the “s” for secure browsing, found that more than 90% of these websites are vulnerable to a hack attack. Also, SSL Pulse found that only 25% of those websites are secure against encrypted data that websites use to grant access to restricted user accounts, such as PayPal login information. So if you thought you were completely safe when using online banking or social media websites while traveling just because you saw the HTTPs padlock, think again. Earlier this year The Washington Post highlighted security issues involved with using smartphones when traveling abroad. The article got it half right, advocating for a VPN or “at least ensuring that Web services you access have a URL starting with https rather than http.” Of course, we know that even HTTPs websites can be fraught with security errors, so opt for a personal VPN (for example, Private WiFi) whenever you travel or use any unencrypted wireless network.
Knowing all that, should you buy when you’re on WiFi? Should you log onto your laptop during your flight to Denver? Should you even update your Facebook status from your smartphone?
The answer is yes, you can do all of those things, just do them wisely by using a VPN. It really is the only way to protect yourself from a privacy invasion or hack attack in a WiFi hotspot no matter where your travels (and credit cards) take you this holiday season.