International Travel Security?

[Scarpozzi]

A friend of mine is heading to Croatia, Russia, Czech Republic, etc...

Are there any best practices to avoid getting a cellphone or laptop hacked over there? I've heard that there are a lot of phony wifi hotspots that target American tourists and plant spyware/malware on every corner. Is there a good resource for someone hitting that part of the world on dos and don'ts?

Thanks.

 

[lxskllr]

I'd use a vpn, and if possible, remove any hard drives, and use a live boot system without personal data on it.

 

[Scarpozzi]

I'd use a vpn, and if possible, remove any hard drives, and use a live boot system without personal data on it.

Any advice on cellphones abroad (iphone mainly?) That's really the main question. I read a few things back when the Olympics were in Sochi about risks involved with travelling to the main tourism sites there. That's what prompted this question.

 

[Elixer]

Also note that most all android phones that don't get updated for security are easy pickings. Same goes for tablets.
I wouldn't have anything of value on devices, not only are you prone to digital attacks, you are also prone to pick pockets and the like.

For a laptop, I would dual boot, and only have 1 of those for "surfing", and don't allow the other OS to have ANY outside contact. You can also use a pen drive for this if you want, and boot into a linux distro to surf.

 

[Scarpozzi]

I'll probably suggest to my friend to avoid most wifi networks unless they have to use them... I think that's the biggest security risk from what I've read with mobile devices...free unencrypted networks and spoofed networks appear to be the biggest risks in the American tourist destinations. I've already stated it's best not to login to anything important like online banking or other financial sites when on foreign networks (in the US or otherwise)

 

[Elixer]

It isn't just the networks, it is the payload they carry.
If they don't use a ad blocker, that is the #1 way to infect the machine.
They should also use something like noscript as well.

 

[lxskllr]

A vpn will still apply to a phone, and would be a good idea. I'd also be concerned about Stingray devices on the cell network. I have a program on my phone that's supposed to detect them, but so far I haven't run across a fake cell tower(that I know of).

 

[fleshconsumed]

1. Encrypt everything your own, i.e. phone, tablet, and laptop. Phones and tablets are easy since both android and apple support encryption in the newest OSes. Windows needs to be Pro to use bitlocker.
2. Use VPN whenever you're connected to WiFi.

That's about as much as you can do.

 

[TheRyuu]

Well the best method would probably be to just buy a throwaway phone and laptop, something cheap, and then also follow the recommendations in this thread.

The idea being you throw them away once you're done with your trip. It should go without saying you should never connect these devices to your home network once you get back.

 

[fleshconsumed]

Well the best method would probably be to just buy a throwaway phone and laptop, something cheap, and then also follow the recommendations in this thread.

The idea being you throw them away once you're done with your trip. It should go without saying you should never connect these devices to your home network once you get back.

This seems a bit excessive. If you're that paranoid about security and if you're not afraid of your stuff getting stolen, just make a backup of your PC/laptop/phone before you leave, and restore it after you come back.

 

[KMFJD]

at work you get a brand new laptop, new os install with basic apps and vpn , your account gets all access removed except for limited webmail/internet

 

[shimpster]

tell them not to werry about it.
once the elite hackerz access their device and discover their info is pretty much useless, they lose interset.
most foreign governmentz, and the US, specifically target individualz with political/military/intelligence contacts, and the governmentz have these folx in their database so when they arrive, they can immediately gather info.
the governmentz already know their travel itinerary and scope of business ahead of time.

 

[John Connor]

A vpn will still apply to a phone, and would be a good idea. I'd also be concerned about Stingray devices on the cell network. I have a program on my phone that's supposed to detect them, but so far I haven't run across a fake cell tower(that I know of).

What is the name of this App and do I need root? That I don't want to do.


Is this it? https://play.google.com/store/apps/details?id=com.skibapps.cellspycatcher

It uses the Opencellid database and I have to wonder if this database captured a Stingray and thinks its a legit cell tower?

 

[John Connor]

You want to use a VPN as mentioned. Many offer an App. I use VPN.AC.

Computer wise, a live disk would be best. Next to that encrypt with Truecrypt. Also use a VPN. Yes, TC is still secure in the off state as what its intention is.

DNS or ARP poisoning could be an issue too. So Comodo firewall may help. Just the firewall. You should also enter in manually DNS servers for your WIFI adapter. Either Google DNS of 8.8.8.8 or OpenDNS of 208.67.222.222 and 208.67.220.220

These rules apply even if you travel in the U.S. Especially if you go to DEFCON. LOL!