That Airport Charging Station Could Be Hacking You. Here’s How to Stay Safe
Ignorance is bliss until it bites you in the ass.
EXPERT OPINION BY HOWARD TULLMAN, GENERAL MANAGING PARTNER, G2T3V AND CHICAGO HIGH TECH INVESTORS @HOWARDTULLMAN1
Photo: Getty Images
It’s hard to know these days whether the greatest risk to our personal and financial security is laziness or ignorance. I’d say it’s a tossup but, while ignorance is theoretically curable (perhaps not for team MAGA), laziness is a lifelong curse. Worse yet, if you’re too lazy to learn, you’ll never be free of your own ignorance. So many of us, even apart from politics, choose the blissful comfort of ignorance over the inconvenience of painful truths. We go through life with our fingers crossed just hoping and praying that bad things won’t happen to us. But hope is not a strategy, and we have to stop kidding ourselves and admit that knowledge, for better or worse, makes life messier.
One of the problems we’re facing with the rampant spread of all kinds of new technologies is that—in far too many cases—we don’t even understand that our mundane, habitual behaviors now represent dangers that we could have hardly imagined a few years ago. Real knowledge gives us the ability—if not necessarily the will or desire—to recognize and acknowledge the extent of our ignorance. The recent announcement by Anthropic that its latest AI model is too powerful to trust to mere mortals is just the latest warning that the world is likely to shrug off as more tech hysteria. The time has come to overcome our studious obliviousness and at least listen to the folks who know better.
We decided long ago that we were willing to sacrifice a great deal of our privacy for immediate access and convenience in virtually every aspect of our social and shopping activities. Virtually everyone suffers from the stupidity of employing the same simplistic password or phrase multiple times for access in various applications and accounts that we use regularly. And today we hear jokes all the time about people using the word “password” for their passwords. On average, each household has about 100 critical passwords for their many accounts and services and experts estimate that more than half of those are the same word or phrase. Google and Microsoft systems regularly alert users to the fact that they have multiple identical and common passwords or that their codes have been included in data breaches or other dark web listings. But, because we’re all too busy or too lazy, we almost never take the time to update and change them.
Now we’re seeing several new threats which don’t rely so much on new or exotic technologies as they do on our habits, typical actions and behaviors, and the fact that we have reached the point where we take far too many conveniences for granted and never even consider that they might pose security risks. We’ve seen this problem for years now with crooks inserting skimming devices in ATMs and other card readers in order to steal credit card numbers. But now our increasing reliance on ubiquitous connectivity and shared infrastructure is presenting a whole new level of exposure and risk.
We don’t give one second’s worth of thought to plugging in any of our devices to any available power outlet. We’re just grateful they’re there. But when public USB ports and power stations began to be deployed in airports and elsewhere, the focus was 100 percent on location, access and convenience and not a bit on security. As a result, a new threat—juice jacking—which is based on our incautious use of public USB ports to charge our devices can lead to compromised equipment, data theft, and the insertion of malware in moments. When we’re in a hurry, distracted, and grateful to find a source before we hop on a plane, no one’s thinking about data loss, identity theft, or worse. But in doing so we’re all sharing a common port and an anonymous connection.
As Eric Plam, the CRO of SIMO says: “The safest move today is simple—don’t share infrastructure with strangers.” SIMO makes portable and powerful devices which supply both power and secure dedicated Wi-Fi connectivity for mobile workers and especially for travelers. And to be clear, these kinds of risks aren’t limited to power concerns. SIMO’s devices also address another new connectivity problem which is the growing development and deployment in public spaces of imposter Wi-Fi networks.
Plam calls these “evil twins.” They look very much like a legitimate network that we’re all familiar with and to which we readily connect without taking a moment to verify anything. In fact, we’re pleased that we see a rapid connection and, where necessary, that our password is accepted (along with anyone else’s). Once the connection is made, your messaging, transmissions and other traffic can be intercepted, your credentials captured, and you can even be sent to other fake or spoofed sites. There’s no magic here or complex technology, it’s just a case of crooks riding on our typical conduct and routine actions.
Avoiding these threats isn’t hard once you’re aware of them, but habits are ridiculously difficult to break or change. Moving from using public facilities and infrastructure to reliance and use of a secured and trusted private connection is clearly the way to go and, frankly, cheap compared to the likely costs of losing your data or your identity. SIMO suggests a few other basic steps for travelers to take:
(1) Avoid public Wi-Fi for sensitive activity
(2) Verify network names before connecting
(3) Disable auto-connect on the road
(4) Use wall outlets rather than USB ports
(5) Carry a power pack whenever you’re away from home or office
(6) Use a Solis Go secure Wi-Fi + Power Bank
(7) Always enable two factor authentication for all sites, services and apps
(8) Use a security key such as a Yubikey especially for work-related computing
Ignorance is the absence of knowledge. Stupidity is the rejection of knowledge. Now you know. Forearmed is forewarned.
