5 min read · Written by Grant Rayner on 05 Jun 2023
Share by emailOne of the most dangerous periods of time for the security of your information when travelling is when you enter and leave a country. This is when you may be identified as suspicious, and your bags and devices may be inspected by airport officials or personnel from law enforcement or intelligence agencies.
Airports provide an ideal venue for collecting information on individuals entering a country, including biometric information. Moreover, airport authorities and security services have the opportunity to scrutinise people entering the country as they move through inbound customs and immigration procedures.
In some countries, criminals may be able to operate in public areas of airports. This presents a risk of device theft, not to mention scams.
This article breaks down the different risks to your information at airports, and provides practical recommendations to mitigate these risks.
Laptops, smartphones, and other devices that contain sensitive information are at risk of being stolen or misplaced in the hustle and bustle of airports. It’s common for phones to be mistakenly left at store counters and on tables in food outlets. One of the most important actions you can take is to keep your devices with you at all times while in the airport and never leave them unattended.
When travelling with laptops or tablets, use a lockable and inconspicuous bag, and keep it with you in the airport and on the plane. Do not pack any devices in your check-in luggage, as they may be stolen or accessed and compromised. Make sure to encrypt the data stored on your devices using full disk encryption and enable remote wipe capabilities in case they are lost or stolen.
Public Wi-Fi networks at airports can be insecure, potentially exposing your data to interception or manipulation. To protect your data, avoid using public Wi-Fi networks in airports or airport lounges. Instead, use your mobile data through a mobile hotspot or a secure mobile router. If you must use the public Wi-Fi network, use a VPN to encrypt your connection.
Some airport Wi-Fi systems may require registration using personal details, sometimes including your passport number. Before registering, you should consider the privacy implications of providing this information.
Be mindful of the risk of exposing sensitive information to nearby individuals when working on your devices in an airport lounge or café. Position yourself so that it’s difficult for people nearby to view your screen. You might also decide to use privacy screen protectors on laptops and tablets. Be cautious when discussing sensitive information in public areas of the airport and avoid handling sensitive documents in crowded areas.
Avoid using public computers in airports, including those in airline lounges. These computers may be infected with malware or have keyloggers installed and should therefore be considered compromised. In addition, do not use a USB device to transfer files between these computers and your own devices.
Avoid using photocopy or fax machines in airports to process sensitive documents. Many of these devices will retain a copy of your documents in memory. Additionally, these devices can be configured to send electronic copies of any files you copy or fax to an offsite location, where they may be stored and analysed.
Public USB charging stations can be tampered with and could be configured to transfer malware to devices when connected. While the risk of this occurring is low, you can eliminate this risk by using your own charger and power adapter and plugging it into a power socket rather than a USB port. Alternatively, you can charge your device from a portable battery pack.
If you need to use a public USB charging station, it’s recommended that you power down your phone before connecting it to the charging port. Alternatively, you could use a USB data blocker to prevent data transfer while charging. This small device covers the data ports while charging, preventing data transfer while still allowing your device to be charged.
Video surveillance covers all areas of the airport. Cameras in critical locations will be monitored live by airport security staff. The recorded video files will be stored for at least 30 days, if not longer. Some airports may also use video analytics, including facial recognition.
Law enforcement and intelligence agencies will have access to footage from the airport surveillance system. In addition, in countries with poor cybersecurity, the system may be vulnerable to hacking by the intelligence services of other countries.
While there’s no requirement for you to take any actions in response to airport video surveillance, it’s something to be aware of as you enter a country. Assume you are under observation at all times while at the airport and act accordingly.
In certain countries, customs or border control agents may request access to your electronic devices and the data stored on them. Additionally, there may be personnel from various law enforcement or intelligence agencies present at the airport who may want to access your devices.
Before travelling, familiarise yourself with your rights and the local regulations regarding device searches at your destination. However, the reality is that there is very little you can do to prevent searches at airports and border crossings. If you do not allow officials to access your devices when requested, they may refuse you entry to the country.
The only effective way to mitigate device inspections is to not have any sensitive data or applications on your device. Consider using devices specially configured for travel that do not contain any sensitive information. This way, you can comply with requests to unlock and inspect your devices without any concerns. Such devices will not raise suspicion if inspected and will help mitigate the risk of compromising sensitive data.
If an airport official takes your electronic device out of sight, such as into another room, assume that the device has been compromised. Do not use this device to process sensitive information. In fact, continuing to carry the device may put you at risk. Power down the device and consider replacing it at the earliest opportunity.
One option to minimise your attack surface while in airports is to turn off your devices. Consider turning off your devices before leaving the aircraft. You can turn on your phone once you’re past customs and immigration and in the arrivals area.
However, if you power down your phone, be aware that you may miss important incoming calls or messages.
If you decide to turn off your phone, be sure to inform your emergency contact of your current status and when you plan to turn your phone back on. Once you reach the arrivals area and turn on your phone, update your emergency contact. This procedure ensures that if you’re detained and your devices are taken away, your emergency contact will have some idea of what happened and where.
It’s important to note that powering down your devices doesn’t provide complete protection against an inspection by an official. They can still ask you to turn your devices on for inspection.
When at the airport, one of your priorities should be to avoid coming to the attention of airport staff, law enforcement or intelligence personnel. To maintain a low profile, do nothing to attract attention. Specifically, do not carry anything on your person or in your bags that could pique the interest of authorities and result in increased scrutiny.
Many immigration checkpoints at airports and border crossings collect biometric data, including images of your face and fingerprints. Although there is nothing you can do to prevent this data collection, it’s important to be aware of its implications. Specifically, this data may be fed into other surveillance systems, allowing you to be tracked as you move within the country.
Airports can be a hotbed of potential security risks for your personal and device information. Taking proactive steps, from the physical security of your devices to your digital footprint, can go a long way towards ensuring your safety. Maintain awareness of your environment and carefully consider how you handle sensitive information.
Thanks for reading.