Safety is always a big priority when traveling to another country; it’s good practice to be vigilant and aware of your surroundings, and people do everything they can to protect themselves from becoming the target of tourist threats.
After-all, no-one wants their vacation ruined by thieves, tourist scams, or hospital visits.
But what about online threats?
While many travelers prioritize their physical safety, we often don’t think about our cyber-safety when traveling. When we connect to the Internet, we don’t think at all about how we’re connecting. We just do. And we expect that nothing will come of this.
But, connecting to an unsecured network overseas is incredibly risky, and allows anyone using the same network to access your information; they can see data like your usernames, passwords, and credit card numbers.
Let’s be real; abstinence has never been a practical solution, so telling travelers to stop connecting in airports, coffee shops and streets is never going to happen. BUT you can protect your data and still connect by traveling with a VPN such as Encrypt.me.
It’s pretty important actually!
Cyber-Safety: The Dangers of Using Public Wi-Fi When You Travel
What Can Happen Without VPN on Public Wi-Fi?
It’s become a recent trend that cyber attackers specifically target public Wi-Fi because of the numerous targets (you and the general public) available, and many travelers are unaware of the dangers.
You might do everything right for protecting your local devices, like having strong passwords, and activating biometric logins (fingerprints), but attackers focus on the data transmitted from the device to a remote server.
Normally, when you connect to the internet you first connect to your Internet Service Provider (ISP) which then connects you to your websites. All of your internet activity passes through your ISP servers and anyone using the same network (which could be thousands of people if you’re connected at a hotel, café, or airport) can easily see your data.
But the problem is that you might not even realize that you’re still transmitting data.
Most mobile apps utilize a remote API to transfer and pull data for a user account, so travelers will unknowingly transmit data from mobile apps that run in the background. Any time you connect to the Internet and transfer data on public Wi-Fi, you introduce a level of risk to your privacy.
Common Cyber Attacks Against Travelers
When we’re traveling we’re more likely to install apps we haven’t had on our phone before; local apps that operate in the country we’re visiting, perhaps apps that allow us to track our flight times, restaurant bookings, ride share apps etc.
There are even times where you get a notification that you have to download an app before you can get access to the internet – you may have experienced this in international airports or franchise hotels / restaurants.
Installing apps from an unknown host should never happen, but a common trick is using man-in-the-middle (MitM) attacks that display an interstitial page promising an Internet connection should an app be installed first.
Using a combination of ARP poisoning and eavesdropping, an attacker can display an interstitial page that tells users the device cannot be connected to the Internet until an app is downloaded. This tricks us into installing malicious software on our devices where an attacker can read our data.
Malicious hotspots are another threat. Attackers set up a Wi-Fi hotspot with the name of what looks like the official corporate public network. Travelers see this and connect to it unknowingly connecting to an attacker’s network.
Any data transferred between the traveler’s local device and the remote server is subject to eavesdropping. Although secure connections stop some eavesdropping, the connection is still subject to downgrade attacks where it can be changed to a cryptographically insecure encryption algorithm.
So What? Why Should You Care?
If, at this stage, you’re thinking so what? I don’t have anything to hide, so I don’t really mind if they spy on my internet usage. It’s actually about much more than that, and there’s a lot more at risk than just your browsing history.
Using MitM attacks, hackers can steal sessions and browser cookie data allowing them to impersonate you and log into your web accounts; this includes accessing your social media, getting into your bank accounts, having the ability to mess with your flights etc.
And to top it off, all of this would be invisible and without any warning – you would have no idea that your data had been stolen until something weird started happening. Until they started actually using it.
Other threats are also present with public Wi-Fi. Directory sharing leaves a vulnerable device open to not only data theft, but also malicious software such as ransomware uploaded to the traveler’s device. Antivirus and blocking software is a protection for these type of threats.
Many tools and anti-malware apps can be used for data protection, but a VPN protects from MitM attacks and eavesdropping traveler data could be subject to.
How a VPN Protects Your Data
Without VPN, travelers risk cybersecurity threats that give no warning signs data or login credentials have been stolen. A traveler’s nightmare would be finding out a credit card number was stolen, or their bank account has been wiped of all funds.
A VPN protects from this nightmare and even adds protection from remote servers with poor encryption standards. It also has other benefits like being able to get around censorship of the internet, which does exist in many countries.
When you use a VPN, it encrypts your traffic before it reaches your ISP, which means that only you and your VPN server can “see” it. It’s basically a middle man between you and the internet: you’re able to browse the internet anonymously by connecting through a secure network.
Dave Dean describes how they work fabulously: “think of the Internet as a river. Drop a load of dye into the river — that’s your (unencrypted) data. Anyone standing along the riverbank can see that dye: what color and consistency it is, and where it ends up.
Now, put a small pipe in the river, running from wherever you are to somewhere along its length, and tip your dye into that instead. Until it emerges from the end of the pipe, nobody on the bank can see the dye or knows anything about it. Your VPN is that pipe.”
Some Final Tips for Using a VPN
Using a VPN should be a part of every travel plan. You should download one for every device you have, from your laptop to your iPad, and your phone. Here are some additional tips for VPN use and general data protection:
- Sign up and connect to your VPN provider prior to traveling. You want to make sure that you’re protected from the minute you rock up at your local airport before you depart.
- Use your VPN all the time, regardless of whether you’re connecting to a secure Wi-Fi network from a trusted connection. You never know, and it’s never worth the risk.
- Turn off automatic Wi-Fi connections. This setting will stop your device from automatically connecting to open Wi-Fi.
- Never download any application from an untrusted source even if it promises to give you access to a network.
- Install anti-malware on your devices including mobile smartphones.
- Avoid logging into critical accounts like your banking when connected to public Wi-Fi.
- Turn off directory sharing and discovery on Windows and Mac devices.
- Use a password locker to store passwords including two-factor codes that you might need but forgot while traveling.