Flying to the Bahamas? How To Not Get "Hacked" Mid-Air

Friday, 26 February 2016



With moving to any island flying is going to be a part of your life. Here are some tips on how to protect your data mid air.

Step 1: Get a privacy screen.

The easiest way for someone to figure out what you’re working on is to look over your shoulder, and that’s true whether you’re online at all or are just typing away in Microsoft Word. You can buy a privacy filter for your specific laptop or tablet for as little as $10 (or as much as $80) to keep your information safe from prying eyes on the plane, or at a hotel lobby or crowded cafĂ©. The screens will let you (or anyone right in front of the monitor) see what’s on your box while those next to you will only see a dark screen. The only down side is that it can cause glare or decrease clarity, so you may want to just slip it on manually rather than attaching it permanently.

Step 2: Be aware that there are other people on the network.

If you ever forget that you’re not the only person on the plane using the Wi-Fi, F-Secure security advisor Sean Sullivan has an easy way of quantifying this. “There’s a simple app called Fing. It’s free, and what it does is shows you all the other devices that are on the network with you,” he said. You can get Fing for iOS or Android.

Step 3: Switch to a secure email account.

Petrow, unfortunately, was using an EarthLink account. AsRob Graham at Errata Security wrote, “Such early providers haven’t kept up with the times. If that’s still your email, there’s pretty much no way to secure it.” And it gets worse. “With these old email protocols not only do we get emails sent in the clear, in plain text, they also transmit passwords to accounts in the clear,” says Sullivan. So if you are still using EarthLink or something like it, consider switching to Gmail. Sullivan further points out that email from providers like EarthLink can be funneled through another vendor’s app. “If you have other accounts you’d like to maintain, you can go to one of these other services and put in the POP credentials there and they can fetch the mail and surface it since it aggregates everything,” he explained. If that’s too much of a hassle, just use Gmail or an equally secure equivalent.

Step 4: Use a VPN, Tor, and/or HTTPS Everywhere.

If you want to make it harder for strangers to sniff your traffic, a VPN, or virtual private network will encrypt your HTTP traffic, which is otherwise easily sniffed by tools like WireShark. Just make sure to use a real VPN and not just a proxy service.
You can use Tor instead of a VPN if you want to encrypt web traffic and bounces it cross a series of relays to help you maintain anonymity as you browse the web. Download theTor browser on your laptop or desktop computer for Windows, Mac, or Linux, or use Orfox on your Android device. Just be aware that many sites have restrictions on Tor, so you may need to reset your identity or fill out annoying captchas to keep using it.
Finally, the HTTPS Everywhere extension for Firefox and Chrome makes browsing many major websites more secure by encrypting your communications, provided that the sites themselves have these capabilities. If you’re on a site that offers some support for HTTPS, it’ll rewrite your requests to default to HTTPS rather than the unencrypted HTTP, so it’ll provide you some protection on encrypted portions of supported sites. The ultra-paranoid can block HTTP requests altogether.

Step 5: Be aware.

“I really think mindfulness is the most important thing,” said Sullivan. So say your VPN isn’t working (or you never got one), and Tor is too slow (or you get tired of filling out the captchas that some site require Tor users to fill in), or you are still in the process of transitioning from EarthLink to Gmail. If you’re really doing something critical, maybe wait until you’re hooked up to your own password-protected home Wi-Fi… Otherwise, “generally for the average individual, the fact that you’re connecting to Gmail.com is not an operational security issue and you can be confident that those apps and/or web interfaces are connecting securely,” Sullivan said, though there may be some visibility as to which sites you’re visiting if someone is sniffing that data on the plane.

Or, if you’re going to log into your EarthLink account, maybe don’t spill secrets while doing it.

No comments:

Post a Comment

 

Translate

Most Popular