This blog was written by Bruce Snell.
You probably know by now that I love technology. I have either my phone or my tablet nearby at all times. I’ve had a FaceTime conversation with my kids from the top of Mt Fuji, on the side of a canal in Amsterdam and from countless hotel rooms. I love being connected to friends and family at all times. However, just like we take breaks from work on the weekend and on vacation, shouldn’t we also look at occasionally unplugging from our phones? It’s a lot harder than it sounds. We recently asked around 14,000 people from all over the globe about how they go about unplugging from their devices. The positive news? 65% of the people who unplugged said it helped them enjoy their vacation more.
In Gary’s blog, he talks about some of the mental health benefits of “unplugging” while on vacation. I’d like to take a little bit of time to focus on the cybersecurity benefits of unplugging while traveling. When travelling out of the country, people are always on the lookout for free Wi-Fi to check email, social media, verify reservations, etc. This can also be a great opportunity for cybercriminals to attempt to infect your device with malware.
How can connecting to a Wi-Fi network infect me?
There are many ways connecting to an unknown network can be dangerous, but let’s focus on two of the methods you’re most likely to encounter.
The first is the “man-in-the-middle” attack (MITM). To set up a MITM, the cybercriminals sets up a Wi-Fi network using their laptop. They take the laptop and place it in a populated area, like a coffee shop or café and wait for people to connect. An unsuspecting user then sees an open Wi-Fi connection (often with a name like “FREE WIFI”) and connects. However, instead of connecting directly to the internet, all of the victim’s traffic is first going through the cybercriminal’s laptop where they can capture all the traffic in real time. This gives the attacker access to logins and passwords and they could even inject malware into otherwise safe web traffic as it makes its way from the web to the victim’s system.
A less sophisticated method used to attack people connecting to a free network is to require the user register with the Wi-Fi network before gaining access to the internet. This uses a standard method called a “captive portal” like you see on hotel networks or some coffee shop networks. This redirects you to a sign up page before connecting to the internet. This page could contain malware that downloads in the background. The owner of the network could also simply resell your email address and whatever other contact information they gained for use in spam and/or phishing campaigns.
So how does your vacation destination stack up?
Looking through the data collected by our McAfee Labs team in the first three months of this year, we can see that some travel destinations have a higher count of mobile malware. Thinking of heading to the Olympics in Rio this summer? We saw around 60,000 pieces of mobile malware in Brazil over a three month time span! This number will only increase with an influx of tourists looking to connect to any Wi-Fi network they can to post photos and videos to their loved ones back home.
Brazil’s not the only popular vacation spot where we see a lot of malware. In fact, we see large amounts of mobile malware in India and the United States as well as many other popular vacation destinations.
But what if I don’t want to unplug?
Unplugging can be difficult, especially if you’re having a great time that you want to share with your friends and family back home. So if you can’t completely unplug, how do you remain safe on your vacation?
- Use offline mode for maps. Trying to navigate a foreign country can be extremely nerve-wracking and we’re so used to having a great navigation tool in our pocket. Most popular map applications allow you to download maps for use without an internet connection. A search for “offline maps” will return a lot of great results with tutorials on enabling maps for use without an internet connection.
- Connect to known good Wi-Fi networks. To avoid man-in-the-middle attacks or related scams, try to only connect to hotspots you know, like your hotel or an established coffee shop chain. There’s no way to guarantee 100% safety on even known networks, but it will definitely reduce your risk.
- Install security software on your devices. The number of threats continues to grow across PC, Mac OS and Android. Having anti-malware and security software on your devices will help keep your systems safe as you travel and visit new and strange networks.
Vacation can be a great time to have new experiences, see new things, try new food and enjoy life. It shouldn’t be a time for you to worry about your devices being hacked.
About the Author
Categories: Mobile and IoT Security