Simple tips to keep your devices secure when you travel
CSO security reporters Fahmida Rashid and Steve Ragan share some easy ways to keep your data and devices secure while traveling, even at the Black Hat conference, where active scanning is the norm. (And check out the built-in Faraday cage in Fahmida's jacket).
Steve Ragan: Hi, my name's Steve Ragan with CSO Online, and with me is Fahmida Rashid. I can't exactly tell you where we are right now, but I'll give you a hint. It has something to do with this giant sign behind us and the fact that we're in Los Vegas. It's kind of hot outside. We're here at Black Hat. Later this week we're also going to be over at DEF CON. Today, I wanted to talk to you briefly about some basic security precautions you could take while you're coming out to the show this weekend. [background music] Steve: Some people go to extremes when they prepare to travel for business and some people do the basics. I'm a basic type. When it comes to travel, correct me if I'm wrong, the easiest thing to do, at least what I do, is you disable your WiFi, disable your Bluetooth. For the most part you're not going to have to worry about that. I'm very limited when I use my phone. I don't do a lot of text messaging on it. If I absolutely need it, it's to make a phone call. When I'm walking around the floor, and things like that, I have those two services disabled. If I'm in an area where I know they're doing active scanning, and you can tell... Fahmida Rashid: Which is pretty what Black Hat is going to be about. Somebody's always going to be scanning. Steve: I turn it to airplane mode. You will see scanning. It happens. It truly does, but I don't think it's anything that we should panic over. I don't see the "let's run to the hills, the sky is falling" type need to be afraid of the network here. Fahmida: I hear people who are like, "Oh, I'm going to wipe my laptop and come with a brand new machine, or get a phone I've never used so that..." Steve: Why? Fahmida: I'm standing here thinking, "No, actually," like you said, "turn off the network, turn off the Bluetooth. No one can get to your phone now." Steve: Here's the question, I'm going to go out and do all this stuff to prepare for the networks at Black Hat or the network at DEF CON. That's great. What do you do the other 351 days of the year? When you travel to Kansas City for that meeting, are you not worried about the hotel you're going to? Fahmida: Or if you're at Starbucks and you decide that you don't care about what that guy over on that table it doing, it's the same threat model. Steve: You think free AT&T WiFi is normal? You're going to go ahead and connect to that anyway? Turning off the things on your phone are one way. Another way is when I'm using the computer I always use the VPN. Fahmida: I use it on my mobile devices, too, since our corporate VPN is any connect system. It's on my Android phone. It's on my tablet. It's basically another layer. The VPN protecting my connection doesn't have to be just a computer. All my mobile devices get the same treatment. I don't want to get in the habit of saying I'm going to do one thing on one device, one thing on the other. Before I go on a trip, no matter where I am, make sure that's on my device. Steve: Speaking of devices, update them. Most of you coming out to Las Vegas this weekend should already be prepared because Apple's put out a bunch of patches recently. Fahmida: Google did their Android security update, [inaudible 3:04] . Steve: Microsoft has done Patch Tuesday already. Make sure everything's updated. That's going to give you a little leg up on anybody's who's playing around, but for the most part use common sense, use your VPN. If you're worried about communications, interceptions, and things like this, because there are ISMI catchers all around Las Vegas, talk less or use secure comms, signals. Fahmida: I use signal. I know a lot of people here are using WhatsApp. Steve: There's nothing wrong with either one of those. The thing is we have to worry about...I actually saw this discussion on Twitter, nation states. If they're coming after you, they're going to get you. Sorry, it's the way it is. You're not going to do much to stop that. Take some realistic precautions. Limit your access, and if you do have to have access at any given point of the day, do the basics that you know work and protect yourself. VPN, patch updates, and limited attack surface. There's some other neat little things. Let me show you this. What about your credit cards? If you have the Visa wave pay, or whatever, there are little things you can get that you can put your card into. What this does is it prevents RFID reading. If somebody's trying to scan for my card, they're not going to get it off of this. It's a neat little trick. Coincidentally enough, if you're ever at a conference where you have badges, if they like to scan for all that apparent reason, if you put that behind, they can't scan it. That's fun, but you have the best tool of all. Fahmida: Here's the thing, that is great for just your credit card, but there's a ton of other things. What I've got, this nifty coat. It's got a Faraday cage in a pocket. All I have to do is slip my phone right in, no wireless signal goes in, nothing goes out. I miss phone calls. I miss text messages, but it means nobody can get anything in any of these pockets. This is probably the most secure piece of item in my wardrobe, and I love it. [laughs] Steve: I know I said you should do the basics, but, honestly, if you can get a Faraday cage in your pocket, you should totally do that just to say you have a Faraday cage in your pocket. In the meantime, disable WiFi, disable Bluetooth, and use some common sense when you're browsing the Web. Don't sweat the network so much, because you're going to be fine. I'm Steve Ragan with CSO Online. This is Fahmida Rashid. Thanks for hanging out with us, and we'll see you this weekend.