Clients often ask us how to advise their employees about cyber security on the road. We have a list of things to avoid, to which we are now adding unfamiliar USB charging cables and public USB ports.
This month, the Los Angeles County District Attorney’s Office issued a warning to travelers to avoid using public USB power charging stations in airports, hotels and other locations because they may contain malware. If a USB port is unwatched, hackers can install a replacement port with hardware that can download malware over the port’s data pin.
The problem exists because the USB connector is not only for charging, but also for data communications, as anyone who has connected their smartphone to their PC knows. Others have pointed out risks from using what appears to be a discarded USB cable or adapter, or even one apparently given away as a promotion. The hardware approach is like that for the port.
So far, there are not reports of widespread hacking using these devices, so the risk is still low. On the other hand, the fix is cheap. Travelers can simply carry their own USB/AC adapters and cables. Hackers don’t seem to have figured out how to pollute AC plugs yet. There is also a device called a USB data blocker that fits over the USB connector and disables the data pin . This way, you can safely use the public USB ports for charging.
More Travel Advice
Here are some other things we recommend to travelers:
1. Avoid using Wi-Fi in all but the most trusted locations. Mobile phone data security is better. This means not only avoiding Internet cafes and restaurants, but also hotels, airports and convention centers. If possible, don’t use Wi-Fi on the road at all.
2. Don’t pick up and use USB drives.
3. Don’t stay connected to the Internet unless you’re actively doing something.
4. If your device has a firewall application, turn it on.
5. Shut down your device at night before you go to bed.
6. Be sure your smartphone is password protected, and, if possible, encrypted.
7. Have your computer’s drive encrypted.
8. Download an app for your smartphone or tablet that will help you find it if it’s lost and wipe out the data if it’s stolen.