How To Stay Cyber Safe While Traveling, According To Tech Expert Sarthak Munshi

Sarthak MunshiPhoto bySarthak Munshi

By Davis Smith

Traveling is never easy. Your first priority is to arrive safely at a destination, and arrive home again, safely. But that’s not your only concern–staying “cyber safe” while traveling, which  means protecting your data and identity. Cybersecurity, after all, is not just for companies, it’s for individuals, and individuals who travel, and some of the biggest threats that travelers face include using unfamiliar networks and being unaware of virtual scammers in foreign countries.

One tech expert pipes in on how to stay safe when you travel. Sarthak Munshi is a Product Security Engineer at Amazon Web Services, leading the engineering efforts to secure AI products such as AWS SageMaker. He has worked on research at NASA and Carnegie Mellon University from where he also holds a Master's degree in Information Security. He also knows a thing or two about staying digitally safe while traveling, and has a wealth of knowledge of tools that travelers can use to digitally protect themselves while abroad.

As Munshi notes: “ It’s a wild wild west of easily available hacking devices out there.” And it’s getting more sophisticated–meaning its becoming easier to be tricked. He speaks to us about using a VPN while traveling, staying hacker safe, and the biggest problem with airport wifi.

A traveler in Times SquarePhoto byJakob OwensonUnsplash

Sarthak, you’re a tech expert. Let's talk about why travelers can be at risk, from a cybersecurity standpoint, when they travel. What are some of the biggest threats and dangers?

Sarthak Munshi: Travelers face heightened cybersecurity risks, due to their reliance on unfamiliar networks and increased device usage in public spaces. Hackers often target tourists, exploiting their lowered digital defenses and need for connectivity. To stay safe, travelers should use robust VPNs, enable data encryption on their devices, avoid public Wi-Fi, and be wary of public charging stations. Tools commonly available in the market such as the Flipper Zero, allow any bad actor to observe and collect your data while you browse your favorite websites or connect to a physical wire or network. Whereas other tools like HackRF operate at the radio frequency level, enabling malicious actors to intercept and gather data that bypasses internet protocols. It’s a wild, wild west of easily available hacking devices out there. Maintaining strong security habits is crucial, as a moment of carelessness can lead to data breaches or financial loss in unfamiliar environments.

How can people protect themselves, their phones and laptops, from cybercrime while traveling?

To protect against cybercrime while traveling, focus on securing your devices and data. Use a VPN to encrypt your internet traffic, especially on public Wi-Fi. Keep your devices physically secure and use strong, unique passwords or biometric locks. Avoid using public USB charging ports; instead, bring your own charger and battery pack. Disable Bluetooth and Wi-Fi when not in use. Be cautious about the information you access on public networks - avoid online banking or entering sensitive data. Regularly update your devices and apps, and consider using travel-specific email accounts. Backup your data before leaving and enable remote wipe features in case of theft. Set up 2-factor authentication on all your smart devices and use a good password manager. Gone are the times of easy to remember passwords. While all of these techniques are effective, one must also be aware of the right tools to use. For example, most VPNs available in the market are backdoored with malicious intent. Check out this FBI advisory about multiple VPNs like MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. These VPNs provided bad actors access to compromised IP addresses and associated devices owned by individuals and businesses by distributing malicious backdoors that were built into it. Stay vigilant, trust your instincts if something seems suspicious, and most importantly, do your own research before downloading and using a tool that you think protects you.

A traveler at an airportPhoto byyousef alfuhigionUnsplash

How serious is this? And are there certain regions in the world where it's more serious than others?While one might examine lists of countries with the highest levels of censorship, internet user tracking, or cybercrime rates, three realities persist: The first is abstaining from internet use or smart devices is impractical. The second is that avoiding travel to these countries solely due to cybersecurity concerns is unrealistic. And the third is that cybercrime and malicious actors operate beyond these geographic boundaries. Knowing this, the most effective protection lies in developing robust cybersecurity habits and maintaining appropriate privacy measures for your activities and credentials, regardless of your location. Scrutinize the security of every website you visit, Wi-Fi network you join, and tool you employ—be it a VPN, password manager, or other utility. Importantly, remain vigilant of your physical surroundings, an often overlooked aspect of security. The worst scenario is believing you're well-protected while your data is being covertly extracted without your knowledge.

VPNPhoto byPrivecstasyonUnsplash

Can we talk about airport wifi for a second? Can you trust it? 

Airport Wi-Fi networks present numerous cybersecurity risks due to their public nature. Attackers can set up rogue access points - malicious networks mimicking legitimate ones, to intercept user data. Man-in-the-middle attacks allow criminals to position themselves between users and the network, potentially modifying or stealing transmitted information. Packet sniffing involves capturing and analyzing unencrypted data, potentially exposing sensitive details like login credentials or credit card details. Evil twin attacks create exact copies of legitimate networks, tricking users into connecting to the malicious duplicate. Malware distribution can occur through compromised networks, infecting users' devices with harmful software. DNS spoofing redirects users to fake websites. Wi-Fi Pineapple devices automate various attacks, making it easier for hackers to exploit vulnerabilities. This underscores the multitude of potential security breaches that can occur in public spaces and you should definitely not trust it. Implementing cybersecurity measures should be an essential pre-travel ritual, as crucial as packing your luggage. Ensure the protections mentioned earlier are in place before departing for the airport.

"Wi-Fi Pineapple devices automate various attacks, making it easier for hackers to exploit vulnerabilities," said Sarthak Munshi.Photo bySten RitterfeldonUnsplash

What about password managers? Does 2FA really help? Why are software updates so crucial to update asap? What antivirus software can you actually trust?Let me be clear: password managers are invaluable tools, and we must move beyond using simplistic passwords like "abc123" across multiple sites for the sake of memorability. Password managers enable the generation and storage of unique, robust passwords for each website you use. In the event of a security breach, they facilitate swift password changes to maintain your account security Even with encryption, common passwords like "abc123", "test123", or your favorite superhero's name are easily identifiable. In contrast, a strong, randomly generated password provides significantly better protection, being far more difficult to decrypt or guess.

You can verify if any of your passwords have been compromised by using services like "Have I Been Pwned". If a breach is detected, your password manager can promptly generate a new, secure password. Some advanced password managers even proactively alert you when they detect your password has been leaked on the internet or dark web.

Password protectionPhoto byOnur BinayonUnsplash

While reputable password managers like LastPass, 1Password, and Bitwarden are excellent choices, recent security research has revealed an interesting development. The built-in password managers in your phone or desktop browsers (such as Keychain, Firefox, or Chrome) have proven to be even more secure. These native options avoid some minor security vulnerabilities that third-party password managers may face. Ultimately, any reputable password manager is preferable to none at all. To further enhance the security of your login credentials, it's crucial to enable two-factor authentication (2FA) wherever available. In the event of a password breach, 2FA serves as a critical last line of defense against unauthorized access attempts using compromised credentials.

I'll also venture to say that in 2024, standalone antivirus software is largely unnecessary for most users. Windows Defender, which comes pre-installed with the Windows operating system, and the combination of XProtect, Gatekeeper, and MRT (Malware Removal Tool) built into macOS, are highly capable of protecting against most threats. These native solutions eliminate the need for expensive yearly subscriptions to third-party antivirus programs, which often become bloated and resource-intensive over time. Just keep your operating systems updated and you should be good.

True or false: Should you always use a VPN while traveling?

True. While constant VPN use isn't necessary, travelers often forget to activate it in crucial situations. Therefore, maintaining an active VPN connection throughout your journey is a prudent practice. It's essential to conduct thorough research when selecting a VPN service, prioritizing providers that excel in privacy protection and security measures. I personally recommend and use Mullvad.

Q: As an expert, what are some warning signs that travelers should pay attention to?

Some major warning signs include one, being Network-Related Warnings: Be cautious when connecting to Wi-Fi networks while traveling. Watch for suspiciously named networks or those with slight variations (e.g., "AirportWiFi" vs "Airport_WiFi"). If you experience frequent disconnections, unusually slow speeds, or unexpected redirects, your connection may be compromised. Always check for HTTPS when accessing websites, especially for sensitive transactions. Be wary of unexpected Bluetooth connection requests or if your Bluetooth activates on its own.

Always protect your devices while traveling, says Sarthak MunshiPhoto byJakub ŻerdzickionUnsplash

The second is Unexpected Device Behavior: Stay alert to unusual behavior on your devices. Be skeptical of unexpected software update prompts or pop-ups, especially on public Wi-Fi. Monitor your accounts for unauthorized logins or password reset emails you didn't request. Sudden battery drain, overheating, or sluggish performance could indicate malware. Watch for unfamiliar apps or processes running on your device. If you notice your camera or microphone activating unexpectedly, or experience unusual keyboard lag, these could be signs of a compromised device. 

There are also Physical Security Concerns: Be cautious when using public USB charging stations or unfamiliar ATMs and card readers – look for any unusual attachments. Exercise caution with public computers and be aware of your surroundings to prevent shoulder surfing when entering sensitive information. I also recommend travelers to be aware of Digital Communication Cautions: Scrutinize emails or messages asking for personal information, even if they appear related to your travel plans. Always hover over links before clicking to verify the website. If your device shows that you’re in an incorrect location, it could indicate IP spoofing or VPN issues. Be wary of unexpected SMS or push notifications prompting you to click links or provide information – these could be phishing attempts.

Check out Sarthak Munshi at https://smunshi.net/