To help cover the operating cost of this website and provide great content, I use affiliate links in this article. I'm paid a commission if you click on, or make purchases through these links. Please read my Disclosure for more information.
Christopher Elliott, a consumer advocate, and editor for National Geographic Traveler wrote an excellent article in USA Today titled Travelers, beware! Hacking lurks in plugs and ports. In his article, he makes good points the average person doesn’t think about when traveling with their smartphones and computers. I’m not a security expert! But, I ‘m more technical than most in understand how this stuff works. I know how to protect myself against these hacks and want to expand further on Mr. Elliott’s article. So, I’m sharing additional information and tips to help you understand and defend your devices from hacking while traveling.
Rental Car Bluetooth Danger
It’s too easy for us today to jump in a rental car and connect our smartphones to the car’s Bluetooth. The problem is you don’t always pay attention to what you click yes to on your phone. Do want to allow calls over this device? Yes! Do you want to share your contacts with this device? Yes! Wong answer. Some probably don’t realize they said yes to the last question. Others said yes because the feature is convergent allowing hands-free operation of their phone. The issue is we neglect to delete our contact list from the cars computer system when returning it.
The last time I rented a car, the cars computer contained Jane’s contacts list. She had all sorts of stuff copied from her phone into the car’s phone book. It had single name entries which are usually close friends and family. All a hacker needs to do is Google the phone number to get the rest of the information. Even more alarming, it also had Jane’s bank phone and in the notes her bank account number and phone pin, ouch! Raise your hand if you keep this type of information in your phone’s contacts. Of cause, I did the honorable thing and deleted all of Jane’s information, whoever she is. But I make my point. Per Chris’s article, the FTC has just recently raised the alarm about using Bluetooth in Car Rental issue. I’m surprised it’s taken the FTC this long, it’s been going on for years.
How to protect yourself? The obvious answer is not to connect your phone to the rental car’s Bluetooth. But if you must connect your phone, say no to the share contacts question. Before you start your last trip back to the airport, delete the Bluetooth connection and the cars address book. Don’t wait until getting to the airport to do this. Most people are in too much of a hurry when returning cars and will forget. Better yet, invest in a Travel Size Bluetooth Speaker with Built-in Microphone to use in a rental car. They are inexpensive, and there’s lot’s on them on the market.
Christopher Elliott makes good points again in his article about this concern, and I started thinking about it. What came to mind are all the stories I’ve heard about credit card skimming devices on gas pumps. Although I have not heard of any phone data skimming devices installed at USB charging stations, it’s easy to do, and only a matter of time. The components are readily available at Fry’s Electronics for anyone with the right technical knowledge to build such a device.
So, how do you protect yourself besides not using USB charging stations? It’s easy, inexpensive, and I have four protection solutions for you:
- Use your phone charger plugged into an electrical outlet, if you can find one at the airport to use. You can trust this because your phone charger does not transfer data.
- Carry an external battery pack to charge your phone. There is no danger charging these battery packs from free USB charge ports because these devices don’t store data. Once charged, you can charge your Smartphone from it. I like using these because I can top up my phone anywhere I am without looking for a power outlet. But be careful, the TSA limit the size of these to 100-watt hours combined. That’s 20,000mAh at 5 volts. The size limit is the total for all power packs carried by a single passenger. In other words, you can take two 10,000mAh but not three. Or you can take a single 20,000mAh power pack onboard an airplane. 20,000mAh is a lot of energy, my power pack is 7,500mAh, and that’s enough to charge my Samsung S7 twice.
- If you must use the free USB charger ports, consider buying a USB charging only cable. This type of USB cable only has two wire conductors connected, one to the Ground and the other to +5 Volts. The two data transfer wires between the USB plugs are not connected, so there’s no data transfer. Usually, you can identify these cables by red plugs on each end. If your phone has the Quick Charge feature, it will not work with a charging only cable. Quick Charge requires data communication between the phone and charger.
- If you don’t want to carry a special cable, try using a USB Data Block adaptor. Again, these are inexpensive and are usually colored red. These little devices assist phones with Quick Charge too. More importantly, they block USB data transfer preventing hackers from accessing your phone.
Again, there are some good points in Christopher Elliott’s article everyone’s needs to be aware of when connecting to public WiFi. Thanks to new security features implemented over the years in Windows, and new regulations regarding internet security, things are have got a little better. But you still need to protect yourself when connected to any WiFi that’s not in your home or office. Hotels are a big concern because when we lock the room door, we naturally let our guard down. We forget hotel room WiFi is still public.
The two most significant vulnerabilities to be aware off are others seeing your internet traffic including passwords. And the other is a hacker gaining access to your computer’s shared resources and files.
When you connect to any WiFi, Open, or Secured with a password, Windows will recognize it as Public or Private. In Windows 7, each time you make a new network connection it will ask you if the connection is Public, Work or Home. Always select Public when away from home or work. Things aren’t as bad in Windows 8 and 10. Windows 8 and 10 only have two classifications, Public and Private. It will always default to Public for open unsecured connections. For secured connections, Windows 10 will ask you if you want your computer to be discoverable by other computers. When on networks outside your home or office, always select no otherwise your PC is valuable to hackers.
So what is the difference? On Private Networks, the Network Discovery feature is enabled allowing others to see your computer and possibly access your shared files. On Public Networks, this feature is disabled by default. The danger is a lot of small coffee shops, restaurants, and bars, offer free WiFi to their guests. But they went the cheap way using an off the shelf wireless router and securing the connection with a password. Once you enter the password to connect, Windows 10 will ask “Do you want to make your computer discoverable?”. It’s so easy to click yes giving others possible access to your files.
As far as others seeing your internet traffic and information you type into your web browser, things have got a lot better. PCI DSS, Payment Card Industry Data Security Standard, requires online Ecommerce merchants to use SSL security. When SSL is in use, you see a Lock to the left of the address bar in your browser and HTTPS at the beginning of the address. SSL stands for Secure Socket Layer and is the industry standard for encryption communications between websites and users. Banks and other sites that contain personal information, abide by the same criteria. When you see the Green lock, you are usually safe from data eavesdroppers and hackers.
They are different levels of SSL. The Green Lock SSL, which is the most secure, and the standard lock SSL. This site, for example, has just the standard SSL and not the green. Other than an Email address, I don’t collect any personal information from my readers. Bank of America’s website has the green lock. Most sites are moving to SSL as it’s becoming a ranking factor in Google Search. Soon sites that don’t offer SSL, Google will unlist. In the meantime, they are plenty of websites that don’t use SSL communication with the end user.
The best way to protect yourself is to use a Home VPN, or a Paid VPN service each time you connect to public WiFi. If you have a high-end router at home, such as the NETGEAR Nighthawk family, it probably supports VPN. Two advantages to using a home VPN router’s are:
- No monthly fees.
- You are using your home IP address when connecting to banks and PayPal. Banks, PayPal, and other services log your connected IP address. If you connect from a different IP address while away from home, it can trigger a fraud alert on your account.
The disadvantage is a home router VPN is a bit technical to set up. The teenager down the street can probably do it for you should you need help.
The other option is to use a paid VPN services. These are easy to setup and provide you with easy to use software. Two I recommend are ExpressVPN and PureVPN. I’ve used both VPN services, and both are fast and reliable. The disadvantage with paid VPN services is you can still trigger a fraud alert as you are not using your home IP address for the connection. Also, services such as Netflix will block you. But they are the way to go for the non-technical traveler.
You may be tempted to use a free VPN service. Avoid these as they are slow, not very reliable, and their software is full of ad’s, adware and spyware. When it comes to VPN services, you get what you pay for, free is me, is not an option.
If this WiFi stuff is leaving you apprehensive, then the best choice for you is to use your phone’s hotspot or a MyFi device. The downside to using your phone or MyFi device is you need to watch the data usage. Data overages are expensive.
Please take the time to read the article in USA Today titled Travelers, beware! Hacking lurks in plugs and ports by Christopher Elliott. It’s well worth reading. Also, please visit Christopher Elliott’s blog elliott.org, he has some great content for the traveling worker.
If you have any comments, questions or want to continue the conversation, please leave a comment at the bottom of this page. Thank you for reading.