Spying on the staff
Several months ago, I met Canadian privacy scholar Christopher Parsons at the Privacy Law Scholars Conference in D.C. He does a lot of interesting work in the privacy and surveillance area and also writes a blog on those interests.
I've never been a terribly paranoid person - that is until I met Christopher. I wouldn't define him as being paranoid, either. Rather, he is just smart and inquisitive. He travels a great deal and stays in many hotels. Over time, he has developed a survey of sorts concerning hotel security, testing the housekeeping staff. By carefully placing cell phones, laptops, and other items around the room, he is able to see where the staff checks for such things and what they do with them. One interesting bit of information he has learned is that a do not disturb sign often acts as an invitation to search the room.
"Most hotel staff are, of course, excellent and trustworthy. This said, having heard stories from family members who have worked in hotels - such as how their colleagues would routinely violate room occupants' privacy when rooms were unattended - and others who are well versed in contemporary fraud techniques, I try to take precautions to ensure that my data, and the data of others, is as safe and secure as it can be," said Christopher. "Just one of those precautions involves testing staff in hotels to ascertain - typically with 'dummy' or wiped equipment - whether they are activating devices, trying to log in to them, and so forth."
Since Christopher and I met, I have only stayed in one hotel, but I had no luck with his methods unfortunately. Do not disturb signs were honored, and none of my personal belongings were touched. Do any of you have similar approaches? Have you learned anything interesting? Please share in the comments.
Hotel employees not the only fear
Certainly one fear is that hotel employees will take our items or for some reason attempt to get our data. They can easily get key card access to our rooms. Another concern, as recently demonstrated by a hacker, is the ease in which others can obtain access to your room.
At the recent Black Hat conference, a software developer demonstrated how $50 of materials and a little programming make it possible to obtain access to over four million hotel rooms. He has since released how the hack works.
Unfortunately, the only way to fix the problem is to change each lock, and Onity, the developer, insists that the hotels foot the bill for the replacement.
Creating a workaround
The fact that your home-away-from-home is not quite as secure as you'd like can be terrifying. And certainly there are many issues beyond securing your technology at issue here. However, since this is a technology blog, let's address that issue. What ways do you use to secure your technology when traveling? Share your tips for our other readers.
I use full disk encryption (FileVault2) on my MacBook, which should defend me against realistic attacks by those who have temporary access to my computer.
ReplyDeleteIt is important to remember that "secure wifi" (eg, WPA2) only protects you from other guests. It doesn't protect you from the operators of the wifi network. Some hotels have been known to inject content into web pages (presumably for advertising or selling browsing data). So
I also tunnel my internet activity through a VPN. This is easy to do with a service like Cloak or SurfEasy. (SurfEasy only does this with web browsing, but is a more portable solution.)
The truly paranoid and technically sophisticated will be using TOR or their own VPNs instead of Cloak or SurfEasy. But for everyone else, Cloak and SurfEasy are genuinely easy systems to use.
I work for neither of them, so I hope it is ok if I post links to them
https://www.getcloak.com/
https://www.surfeasy.com/
Cheers,
-j