Mobile security for the road warrior

Employees who use their smartphones and other mobile devices while traveling face greater risk that their devices will be compromised, posing a threat to corporate systems. Travelers can minimize the risk by taking a few simple and inexpensive precautions.

CSO Senior Writers Steve Ragan and Fahmida Rashid outline how they prepared for their recent trip to the Black Hat event in Las Vegas. Black Hat is one of the biggest hacker conventions and notorious for having attendees’ phones breached. If you can survive Black Hat without your mobile device compromised, you can trust it to be reasonably secure anywhere. Here’s how Ragan and Rashid stayed safe at Black Hat.

Turn off services until you need them

Disable your WiFi and Bluetooth. “Some people go to extremes when they prepare to travel for business and some people do the basics. I’m a basic type,” says Ragan. “The easiest thing to do, is you disable your WiFi, disable your Bluetooth. I’m very limited when I use my phone. When I’m walking around the floor, I have those two services disabled.”

Turn on airplane mode when you believe there could be active scanning of your phone. “[Scanning] is what Black Hat is going to be about. Somebody’s always going to be scanning,” says Rashid. “I hear people say, ‘Oh, I’m going to wipe my laptop and come with a brand new machine, or get a phone I’ve never used.’ Turn off the network, turn off the Bluetooth. No one can get to your phone now.”

Granted, Black Hat presents an extreme risk, but travelers are often using their devices while on the road with a false sense of security. “When you travel to Kansas City for that meeting, are you not worried about the hotel you’re going to?” says Ragan. “You think free AT&T WiFi is normal? You’re going to go ahead and connect to that anyway?”

“Or if you’re at Starbucks and you decide that you don’t care about what that guy over on that table is doing, it’s the same threat model,” says Rashid. If in doubt, turn off what you’re not using.

Use VPN

When you must use your computer or phone, do so over a VPN. “I use VPN on my mobile devices, since our corporate VPN is an any connect system. It’s on my Android phone. It’s on my tablet. It’s basically another layer. The VPN protecting my connection doesn’t have to be just a computer. All my mobile devices get the same treatment,” says Rashid. “Before I go on a trip, I make sure VPN is on my device.”

Make sure you have the most recent security updates

It takes only a few minutes to check to make sure your tablet, notebook PC, or smartphone has the most recent system update. “Make sure everything’s updated. That’s going to give you a little leg up on anybody’s who’s playing around,” says Ragan.

Use an encrypted messaging app

Don’t have access to a VPN? Several apps such as Signal Private Messenger and WhatsApp will allow you to send and receive messages in encrypted form. Then, even if your communications are being scanned and monitored, they will be unreadable.

Your credit card is also a mobile device

Some credit cards contain RFID chips that enable payment by waving the card near a scanner. It’s possible for credit card thieves to scan these cards. They need to be in close proximity to the card, but that’s easier to do at a large, crowded event like Black Hat. If you want your card to be absolutely secure, you can buy credit card blocker sleeves or wallets.

For the business traveler who has everything

There is one way to secure all your mobile devices and make a fashion statement while you’re doing it. “I’ve got this nifty coat. It’s got a Faraday cage in a pocket. All I have to do is slip my phone right in, no wireless signal goes in, nothing goes out,” says Rashid. “I miss phone calls. I miss text messages, but it means nobody can get anything in any of these pockets. This is probably the most secure item in my wardrobe, and I love it.”