5 min read · Written by Grant Rayner on 05 Jun 2023Share by email
One of the most dangerous periods of time for the security of your information when traveling is when you enter and leave a country. This is when you may be identified as suspicious, and your bags and devices may be inspected by airport officials or personnel from law enforcement or intelligence agencies.
Airports provide an ideal venue for collecting information on individuals entering a country, including biometric information. Moreover, airport authorities have the opportunity to scrutinise people entering the country as they move through inbound customs and immigration procedures.
In some countries, criminals may be prevalent in public areas of airports. This presents a risk of device theft, not to mention scams.
This article breaks down these risks and provides practical recommendations to mitigate them.
This is an excerpt from the draft of a book I am working on that focuses on information security for travellers.
Laptops, smartphones, and other devices that contain sensitive information are at risk of being stolen or misplaced in the hustle and bustle of airports. It’s common for phones to be left at store counters and on tables in food outlets. One of the most important actions you can take is to keep your devices with you at all times while in the airport and never leave them unattended.
When traveling with laptops or tablets, use a lockable and inconspicuous bag, and keep it with you in the airport and on the plane. Do not pack any devices in your check-in luggage, as they may be stolen or accessed and compromised. Make sure to encrypt the data stored on your devices and enable remote wipe capabilities in case they are lost or stolen.
Public Wi-Fi networks at airports can be insecure, potentially exposing your data to interception or manipulation. To protect your data, it is recommended to avoid using public Wi-Fi networks in airports or airport lounges. Instead, use your mobile data through a mobile hotspot or a secure mobile router. If you must use the public Wi-Fi network, use a VPN to encrypt your connection.
Some airport Wi-Fi systems may require registration using personal details. Before registering, you should consider the privacy implications of providing this information.
Be mindful of the risk of exposing sensitive information to nearby individuals when working on your device in an airport lounge or café. Be cautious when discussing sensitive information in public areas of the airport, and avoid handling sensitive documents in crowded areas. Position yourself to prevent others from viewing your screen, and use privacy screen protectors on laptops and smartphones.
Avoid using public computers in airports, including those in airline lounges. These computers may be infected with malware or have keyloggers installed, and should therefore be considered compromised. In addition, do not use a USB device to transfer files to or from these computers.
Avoid using photocopy or fax machines in airports to process sensitive documents. Many of these devices will retain a copy of your documents in memory. Additionally, these devices can be configured to send electronic copies of any files you copy or fax to an offsite location, where they may be stored and analysed.
Public USB charging stations can be tampered with or contain malware that can infect devices when connected. While the risk of this occurring is low, you can eliminate this risk by using your own charger and power adapter and plugging it into a power socket rather than a USB port. Alternatively, you can charge your device from a portable battery pack.
If you need to use a public USB charging station, it’s recommended that you power down your phone before connecting it to the charging port. Alternatively, you could use a USB data blocker to prevent data transfer while charging. This small device covers the data ports while charging, thus preventing data transfer.
Video surveillance covers all areas of the airport. Cameras in critical locations will be monitored live by airport security staff. The recorded video files will be stored for at least 30 days, if not longer. Some airports may also use video analytics, including facial recognition.
Law enforcement and intelligence agencies have access to footage from the airport surveillance system. In addition, in countries with poor cybersecurity, the system may be vulnerable to hacking by the intelligence services of other countries.
While there’s no requirement for you to take any actions in response to airport video surveillance, it’s something to be aware of as you enter a country.
In certain countries, customs or border control agents may request access to your electronic devices and the data stored on them. Additionally, there may be personnel from various law enforcement or intelligence agencies present at the airport who may want to access your devices.
Before traveling, familiarise yourself with your rights and the local regulations regarding device searches at your destination. However, the reality is that there is very little you can do to prevent searches at airports and border crossings. If you do not allow officials to access your devices when requested, they may refuse you entry to the country.
The only effective way to mitigate device inspections is to not have any sensitive data or applications on your device. Consider using a specially configured travel device that does not contain any sensitive information. This way, you can comply with requests to unlock and inspect your device without any worry. Such a device will not raise suspicion if inspected and will help mitigate the risk of compromising sensitive data.
If an airport official takes your electronic device out of sight, such as into another room, assume that the device has been compromised. Do not use the device to process sensitive information. Continuing to carry the device may put you at risk.
One option to minimise your attack surface while in airports is to power down your devices. You may decide to turn off your device before leaving the aircraft and turn it back on once you’re past customs and immigration and in the arrivals area.
However, if you power down your devices, be aware that you may miss important incoming calls or messages.
If you decide to power down your phone, be sure to inform your emergency contact of your current status and when you plan to turn your phone back on. Once you reach the arrivals area and power up your phone, update your emergency contact. This procedure ensures that if you’re detained and your devices are taken away, your emergency contact will have some idea of what happened and where.
It’s important to note that powering down your devices doesn’t provide complete protection against an inspection by an official. They can still ask you to turn your devices on for inspection.
When at the airport, one of your priorities should be to avoid coming to the attention of airport staff, law enforcement, or intelligence personnel. To maintain a low profile, do nothing to attract attention. Specifically, do not carry anything on your person or in your bags that could pique the interest of authorities and result in increased scrutiny.
Many immigration checkpoints at airports and border crossings collect biometric data, including images of your face and fingerprints. Although there is nothing you can do to prevent this data collection, it’s important to be aware of its implications. Specifically, this data may be fed into other surveillance systems, allowing you to be tracked as you move within the country.
Airports can be a hotbed of potential security risks for your personal and device information. Taking proactive steps, from the physical security of your devices to your digital footprint, can go a long way towards ensuring your safety. Maintain awareness of your environment and carefully consider how you handle sensitive information.
Next week, I’ll continue on the theme of securing your information while travelling. Again, these articles are excerpts from a book I’m working on focused on information security for travellers. If you find any errors or have anything to add, please get in touch.
Thanks for reading.