Insights For Success

Strategy, Innovation, Leadership and Security

Airlines

Operational security tips to safeguard your privacy when crossing a border

GeneralEdward Kiledjian1 Comment
barbed-wire-1899854.jpg

Every week I read about another traveller that is hassled at the border to turn over his laptop, tablet or smartphone and their associated passwords. Knowing that a stranger has gone through your personal “stuff” feels dirty (similar to being robbed).

A question I get asked often by readers, friends and colleagues is “How do I travel through international borders without worrying that my life will be put on show for some stranger with a badge?”. You don’t believe that this can happen; here are some interesting articles:

Operational Security 101

The work of physical security and digital (cyber) security are merging fast and you cannot have one without the other. So what is a traveler to do?

  1. Identify your sensitive data. Before travelling, conduct an extensive analysis of the data you will be crossing the border with. This doesn’t just include intellectual property or employee information but remember that once authorities have access to your email, without you present, they can figure out what social media accounts you have, they can reset your password for any site, they can build a social graph of all your contacts (using your email, instant messages and contacts), etc.

  2. Prepare a lists of vulnerabilities you are subject to? You should consider everything from device theft to authorities riffling through your personal data with no regard for privacy.

  3. Determine your risk level for each vulnerability. As long as you back up your data and your device is encrypted, then your risk after a theft is limited to the cost of replacing your device or scrambling to buy a new one while in transit. You will realize your risk level quickly rises when you consider the exponentially increasing risk of having your device analyzed at the border.

  4. Design your countermeasure plan. For each vulnerability, design a mitigation or risk minimization plan. This is what the rest of the article will talk about.

Countermeasures

Like a broken record, I will now extol the virtues of the Chromebooks and why many security professionals rely solely on these devices when security is essential. I know many of you will email me to explain why Google is evil and shouldn’t be trusted. I respect everyone’s opinion, and if you believe using Google products and services doesn’t meet your security requirements, then, by all means, choose something else.

A Chromebook is designed to be reinitialized anytime and to restore its state very quickly. Log into a device connected to a respectable network, and within minutes, you are back up and running with your apps, extensions, bookmarks and settings. Your data is stored in the cloud, and local device storage is encrypted.

Theft

If some numskull steals your device, you will have to buy a new one but at least your data is safely stored in the cloud, and there is no unencrypted data locally to expose you. I have had my device stolen on a train in Europe (on my way to speak at a conference). At my destination, I bought a Chromebook, used the store's WIFI to restore my device, and I was up and running within 30 minutes.

Border inspection

Border inspection is a different beast because they have the authority to force you to turn over your passwords. In this case, the only protection strategy is trickery.

For people crossing the border with sensitive information, I recommend that you use a Chromebook and sync everything to the cloud. Before travelling, you Powerwash the Chromebook (aka set it back to factory default) and then log into it with a dummy Google account.

This Google account should have some emails, contacts, favourites, files stored on your Google drive, etc. It should look like it is an authentic and genuine account. When your device is inspected, it will have nothing of interest, and you will not endanger your “real” data.

Once you cross the border, find a WIFI network, Powerwash your device and log in with your “real” account.

What about your smartphone

I trust the Chromebook Powerwash process enough to reuse a Chromebook that was inspected by border security but not a smartphone. Smartphones (iPhone or Android) do not have the excellent backup and recovery properties of the Chromebook. In most cases, I travel with a real fully loaded smartphone and will destroy it if it is ever taken from me. I will immediately change all my passwords and implement honeypot style detection tools to see if they attempt to exploit me.

What are these detection techniques I am talking about? Well one example is to use the Free Canary Tokens to generate different honeypots in your work environment.

Screenshot 2019-05-25 at 9.32.34 PM.png

As an example, you create an easy to find (weaponized) Word or PDF file (stored in your Google drive) and phone that sends out a beacon when it is opened. Think of these tools as motion sensors warning you that your digital being is at risk and that you need to take extraordinary measures to protect yourself.

Conclusion

An article about traveller airport border crossing security (OPSEC) can be very long, but I wanted to give you a gentle introduction. If you are a journalist, politician or senior executive at risk, hire a good security consultant to guide you. The most expensive advice is free advice.

If you are a journalist with a reputable organization working on high-risk reporting and need security advice, I am always available to provide free guidance. I believe free and open journalism is a pillar of our modern democracy.


Skyroam Solis Review: a traveller's best friend?

GeneralEdward Kiledjian1 Comment
20171201_154043.jpg

I've been using a Skyroam hotspot for many years now and my 2 most popular blog posts (for the old device and service) are here: 

They recently upgraded their back-end service and global WIFI hotspot, and I wanted to test and review it for you. 

Solis is the latest version of the Global WIFI hotspot sold by Skyroam. For those new to this company, they offer a small portable global WIFI hotspot that works in 100+ countries, costs $10US a day for unlimited data and is activated on demand.
 
Although I had many complaints about the pass purchase process with the original product, their hotspot has been part of my every day (EDC) carry kit for three years now.

The Solis improves on its older brother in 2 days:

  • it now supports LTE speeds on countries were it is available (otherwise it drops down to 3G) 
  • it can now operate as a backup battery (in a pinch) to charge your mobile phone

Nice little intro video

I have had the Solis for several months and have already taken it on a US road trip. It is a well-built successor to the original Skyroad hotspot, but the world has changed.

When I started using the original Skyroam in 2014, my carrier didn't offer a global travel package, and it was a pay per megabyte type affair. It got very expensive very fast. Today my carrier offers a US travel package for $7 a day or a global package (in 80+ countries for $10 a day).

If all you need is access on one device, then your carrier package may be more advantageous since it is immediate and does not require any changes. But.... The Skyroam Solis offers coverage in more countries and can provide wonderful internet goodness to up to 5 devices simultaneously. 

In my case, I still rely on Solis or KnowRoaming when I travel since I know that they will offer service everyone for one set price and it is one less worry when I travel. 

The device

If you look at the above picture, the Solis is a beautifully visible shade of orange. It is made of plastic that should withstand the rigours of travel very well. If the battery does weaken, you can order a replacement from Skyroam.

20171201_155849.jpg

I find the Skyroam Solis much easier to carry than its competitors (including the Geefi).

20171201_160508.jpg

Using the device

You probably noticed that the device (unlike its older brother) doesn't have a screen. To manage the device, you turn it on and connect to it from your smartphone. You will then be presented with an information page showing signal, passes left, battery level, etc. To use the device "in the field", you turn it on then press the WIFI button on the top. This automatically applies one of your day passes and you get 24 hours of internet. It knows where you are and downloads a virtual SIM for the Skyroam partner in that country. 

You can travel to as many countries as you want during that 24-hour window. All you have to do when you switch countries is turn the unit off and back on. When it starts up, it will identify the local country and download the appropriate country SIM.

You could open the a.skyroam.com captive portal from any device with a browser but it is formatted for smartphones (will look odd on a laptop). Why isn't it responsive?

The Solis is charged with any USBC adaptor which is fantastic if you have a USB C smartphone and laptop. You can charge everything with one adapter.  They provide a mini USB-C to USB-A adapter so you can charge other devices from the Solis but I wouldn't recommend it. WIFI needs every little bit of juice in that battery. 

In my testing (in zones with good LTE coverage and with 1 device connected), I was able to eek out 10-14 hours of usage on a single charge. This number will drop if the wireless signal is weak and/or if you connect multiple WIFI devices to the hotspot. When I tested it with a Chromebook and a Note 8 smartphone, I still got 10 hours of solid use (usage was primarily web pages without heavy streaming).

The software is periodically updated which is a nice touch. I recommend you start the device and let it connect to your local home network (without using a pass) before travelling. If the device needs an update, better to do it now then at a foreign airport waiting for the 15 minute upgrade process to complete. 

How fast is the connection?

I will not post speed test results because that depends on the local carrier, congestion, etc. I will say that in my testing, the Solis achieved LTE speeds comparable to an iPhone 6s Plus. The Note 8 outperformed it with is carrier aggregation technology. 

There is an LTE cap of around 500MB in a 24 hour period. After this, they throttle the connection down to 2G. They claim that this isn't automatic and done to protect the experience for all customers, but I hit this limit consistently (for testing) and saw my speed drop to dial-up performance. At the lower throttled speed, even simple apps like Google Maps took forever to load, and GPS navigation became impossible. 

I understand the need to control their costs but wish there were a way to buy more LTE access if I needed it. 

What about security?

September 2016, I reached out to Skyroam and complained about major security gaps on their online pass purchasing website. After multiple attempts to responsibly disclose the issues (with no follow-up from Skyroam), I wrote an article about it. I am happy to report that the new version of their online portal has fixes all of the issues I previously reported.

What about the general security? It is as secure as your home internet connection. My standing recommendation is to use a VPN where/when possible. You can get a VPNUnlimited lifetime VPN subscription for 5-devices for $18 (promo link), so you have no excuses.

So should I buy a Skyroam Solis?

So the question you are asking yourself is "Should I buy the Solis?". There is no simple answer. If you used the old version, then the Solis is a wonderful upgrade. Every time I tried it, it worked flawlessly without a hitch. The cost is predictable, and I have a bunch of passes purchased ready to use when needed. 

If you are a European with an EU SIM travelling within the EU, you get free roaming anyway. If you are an American with one of those great TMobile plans with free global roaming, you probably don't need this device either. 

A Skyroam PR rep had said months ago that additional functionality would be unlocked on the device (like Bluetooth and GPS), but since they are not available today, I can't factor them in as a benefit. 

For everyone that travels more than twice a year (and doesn't have free roaming), you really should consider it. The best recommendation I can make is that I own one and carry it with me every day (even when in my home country). I will be travelling considerably over the next four months (within the USA and globally) and will be using this thing a lot. 

If you travel once a year and don't want to buy a Skyroam Solis, you can rent one directly from the company. They will mail it to you or you can pick it up (US pickup is available in San Francisco, Atlanta and Austin.)

Free WIFI next time you're in an Airport

GeneralEdward KiledjianComment

If you are lucky enough to travel business class then you know how how wonderful free airport WIFI is. It is a chance to download content and update social media before your flight. What if you are not travelling business? You can spend between $9.99 - $59.99 for a daypass.

Anil Polat, traveller and Computer engineer, created a simple website and smartphone app that shows an interactive map with passwords for hundreds of different airport lounges around the world.

You click on an airport and are presented with the important information (WIFI password, location to use it, etc)

This is crowdsourced so feel free to send him any passwords you come by.

You can also download the mobile phone versions:

How to sleep on a plane

GeneralEdward KiledjianComment
Image by  bnilsen  used under creative commons license

Image by bnilsen used under creative commons license

 

Having traveled over 700,000 miles in the last 20 years, I realize the importance of sleeping on a plane. Over the years, I developed tips and tricks on how to sleep better when flying.

1 - Wear an Eye Mask

Proper sleep requires a nice dark environment but your 200 close friends may not agree. Bring your own Eye Mask and bring something soft, plush and comfortable. If your airline does provide one, it will be cheap and extremely uncomfortable.

2- Earplugs 

Most of us need a quiet and peaceful environment to sleep and you know know that talkative couple will be right behind your seat. 

3 - Noise Cancellation headphones

Sometimes earplugs just aren't enough (think crying baby). Noise cancellation headphones are a great way to drown out noise earplugs can't remove. When trying to sleep, play some soft soothing music or some guided meditation tracks.

4 - Wear Comfortable Clothes

This may seem obvious but many people forget this basic rule. Planes have temperature swings and you have to be ready to go from cold to hot and back. Dress in layers. Make sure your clothes are comfortable.

Many executives I have traveled with go on board with a suit but change into sweatpants or pajamas for those long transatlantic/transpacific flights.  

5 - Wear your seat-belt

If you don't want to be woken up or bothered, always wear your seat-belt and make sure it is visible. Remember that flight attendants have a duty to perform safety checks and they will wake you if they cannot easily determine if your belt is attached. 

6 - Bring your own food and drink

Sure airlines provide crappy food (unless you are flying business or first class). My recommendation is to bring your own food (which would likely be healthier and better tasting). In addition to the health benefits, this frees you from the flight attendance service schedule.

You notify the crew that you do not want to be woken up and then doze off. When you wake up, you have your own meal waiting for you.

7 - Get a window seat

For short flights, I want an aisle seat (in case I want something from the overhead compartment).For longer flights, I want a window seat. This gives you something to lean on when trying to sleep and makes sure you won't be woken up by a seat mate with a peeing problem. 

Travel Tip : Use a reliable VPN when connecting to WIFI

GeneralEdward KiledjianComment
Image by  EFF Photos  used under Creative Commons License

Image by EFF Photos used under Creative Commons License

As a security professional, I know the risks of using WIFI, particularly when using WIFI outside of work or home. It can open you up to an entire world of hurt from hackers and bad actors. They can steal information and trick you into visiting questionable websites.

But WIFI is how most hotels offer internet connectivity these days. WIFI allows you to connect to the wonderful world wide web when flying 30000 feet in the air using services like Gogo.

Instead of telling you *not to use wifi*, I’m here to tell you to protect yourself by using a VPN service (from a laptop, tablet or smartphone).

A good VPN service means your communication (between you and the VPN service provider) is encrypted which means bad guys snooping on WIFI won’t be able to steal your information. 

Using a VPN when connecting to WIFI means you are protecting your identify, you are protecting your sensitive information, you are ensuring bad people aren’t tracking you and you can visit geo-locked websites when abroad (HULU, Pandora, etc). I used a VPN when travelling in China to visit sites that would have otherwise been blocked and to conduct more sensitive tasks like banking.

There are a lot of VPN services out there and you have to remember that the VPN service you use *will see all of your outbound traffic* as they send it of to the public internet. You should pick a reputable company that ideally has a very minimum level of loging. 

My personal VPN service of choice is ProXPN. ProXPN has outbound locations around the world which is useful for accessing geo-locked content. ProXPN uses OpenVPN technology and works on all platforms (Windows, Mac, Android, iPhone, iPad, Windows Phones, etc).

ProXPN has a no loging policy, which I like. They have a VPNGuard feature for PCs and Macs that allows you to shut down any running app on the desktop if the VPN connection were to drop (this is useful for apps that must absotely be protected).

I am not paid by ProXPN and do not receive any compesation for recommending them. I am simply sharing my personal tool to help you guys/girls.