We Are All Competing in the Burner Phone Olympics

February 22, 2022 | rjmcgarvey | Consumer affairs, InfoSec, Travel

By Robert McGarvey

A distinction held by this year’s winter Olympics is that it will go down in history as the first where the widely listened to advice was: bring a burner phone and that is because the Chinese government required athletes, Olympic staff, media, probably everybody to download an app named My2022 that was buggy and almost certainly spied on the phone’s contents.

You’d have to have been nuts to bring your own phone. Or just ignorant.

China is a notorious cyber thief. As far back as 2010 I routinely heard from Fortune 50 security consultants: if you are going to China bring a burner phone and a new computer with no content on it. Or bring no technology at all. Whatever tech you bring will be hacked.

Even so, did some bring their own phones to China for this Olympics? No doubt. But before we snigger, ask: am I personally practicing better cyber security on the road today?

Here’s the big point: collectively we have forgotten what we need to do to stay cyber safe on the road.  Understandably, It’s been nearly two years.

But here’s a primer on simple steps we all need to take when traveling.

Burner phones.  There are some countries that just scream: bring a burner. Russia, China, Israel, Iran top most lists.  The more cautious travelers add France and South Korea.  Some whisper that the biggest threat is the U S of A.  

Know also: that many countries have dramatically upped their phone tracking as a step in thwarting the spread of Covid. Location tracking is step one. The next step is data tracking.  

If in doubt bring a burner phone especially when traveling abroad. 

Phone recharging stations.  They are common in airports, often seen in meeting venues, and starting to show up in museums. Never, ever use them. A dead phone is a lot better than a hacked phone and too often criminals have hijacked those charging stations. There’s even a phrase: Juice jacking.   

Public wifi networks.  Never, ever use them, part 2.  Not in airports, not in airline clubs, not in hotel rooms, not at meetings.  Your phone can create a hotspot and in my experience my phone’s hotspot is at least as fast and sturdy as the public networks used by peers. A hotspot is a lot harder to hack into than a public wifi network.  I just don’t understand why everybody doesn’t run on hotspots when traveling.

Bring cheap computer gear. I am going on a business trip imminently and my travel computer will be a Chromebook that is so old I have no memory when I bought it – but it boots, it runs Chrome, it can read an SD Card which I need because I am doing some recording.  If it gets broken or stolen on my trip, who cares? And there is no meaningful data on it.  

Trust VPNs – but Verify.  Not all VPNs are created equal. Some work, others work less well, and a few are downright criminal in intent. Beware of free VPN but don’t believe all VPNs that charge fees are necessarily safe.  VPNs are indeed a useful safeguard for traveling executives but they are not a cure-all. If your employer requires one, use the one they specify.  If you provide your own, carefully research the choices before signing up. And when traveling abroad recognize that VPNs often work better in some countries than  in others.  You may need several on a multi country trip.

Be wary of QR codes. So often now we are confronted with a QR code and instructed to click – to read a restaurant menu, to access information about a painting in a museum, to claim a place in a queue.  I am not saying never do it (although I am tempted to) because sometimes we really want what is on offer (like that restaurant menu).  But be cautious.  QR codes are ridiculously easy to counterfeit and if you click on the wrong one you will find yourself delivered to a cellphone hell.  Think before the click.

Guard your log-ins.  We live in the age of ransomware and a key to criminal success at that is getting a mark’s log in.  I know, I know, on the road we often look at emails and text messages when we are tired, even bleary eyed.  Who hasn’t done that?  But be careful. It is too easy to hand the jewels to a cyber criminal. Better to leave an email unread than to lose your log in.

To quote the eminent philosopher Popeye Doyle, never trust anyone. Definitely not on the road,

Leave a Reply

Your email address will not be published. Required fields are marked *