You’ve probably heard some of the commonly circulated advisories for athletes traveling to the 2022 Winter Olympics in Beijing this year: Bring a burner phone and don’t log into any personal accounts. That’s good advice for athletes and non athletes alike, no matter where they’re traveling.
Knowing how to protect yourself properly requires knowing a bit about the threats you’re likely to face, so what should olympians, and the rest of us, plan to be wary of in China and other international destinations?
Aubrey Turner, executive advisor at Ping Identity, said spying and spyware in China are definitely a concern, but there’s more to that “bring a burner” line than just concerns over Chinese government spying. “Who knows you better than your smartphone? Think of all the sensitive data, sensitive memories, the secrets, passwords, all that stuff,” Turner warned.
“[Your device is] a living history of you. Do you want to risk that potentially being compromised?”
Cyberthreats to Olympic travelers in China
Due to COVID-19, the Olympic games in Beijing are going to be relatively spectator-free. There aren’t any generally available tickets, and only Chinese citizens will be allowed to procure the few that are selectively available. With that in mind, if you’re traveling to Beijing later this week you probably have a professional reason to be there, so it is important to be aware of threats you might encounter while visiting.
Aside from concerns about Chinese spying, Turner said that the very nature of a big event creates a target-rich environment for criminals to take advantage of. “With the Olympics you’ve got a lot of people congregating in one place for one event. So certainly, it’ll be a target-rich environment for cyber crime, people will be distracted by the games, and the like,” Turner said.
SEE: BYOD Approval Form (TechRepublic Premium)
The possibility of theft means that anyone traveling to the games should be acutely aware of physical security to prevent a device, memory card or other sensitive piece of data storage hardware vanishing from a pocket.
In addition to pickpockets and government spying, there’s China’s Great Firewall that filters out any internet traffic the Chinese government decides shouldn’t be allowed in. In order to access many of the sites American visitors use on a regular basis, a VPN is required to circumvent it. Don’t rush to install one on your burner, though: That, too, could make you a target. “The Chinese government may look the other way relative to your use of a VPN, or they could elect to stop you,” Turner warns. The likelihood of being caught may be slim, but it’s yet another thing to consider when planning the tech for your Olympic trip.
Protecting yourself regardless of your destination
Some of the recommendations people have been making about traveling to China for the Winter Olympics apply equally to other countries as well, but each place has particular concerns you should be aware of. In order to know what’s awaiting you in regards to privacy laws, Turner recommends checking the U.S. State Department Travel Advisory website for a quick rundown of any legal differences you may run into while abroad.
As for universally applicable safety tips for protecting your mobile devices and data, Turner and Forrester security and risk analyst Allie Mellen both have tips.
“When traveling anywhere, individuals should be concerned about insecure or malicious Wi-Fi networks being used to collect data or connect to their devices, Bluetooth connections from unknown devices, AirDrop from unknown devices, or having their devices physically stolen or altered,” Mellen said.
Mellen’s alteration warning is particularly applicable to two nations: The U.S., where she said that border enforcement can legally seize and search devices, and China, where the government has the authority to install applications that collect personal data.
SEE: The iPhone, iPad and Mac users guide to Microsoft 365 (free PDF) (TechRepublic)
When traveling to any country, Mellen said it’s all about identifying your personal risk tolerance. “For those who are very privacy-oriented, it can make sense to get a burner phone or laptop and leave personal devices at home. Others may be more comfortable taking their personal device, but following precautions like not connecting to their personal accounts,” She said.
Turner describes personal security while abroad in terms of thinking like an enterprise organization: Minimize your attack surface. “They’re going to be looking for people who are maybe careless or negligent, or maybe just weren’t aware. And they’re easier targets,” Turner said. Just like businesses that choose not to invest time and money in proactive security.
Burner phone best practices
You’ve decided to invest in a burner for travel to Beijing, or somewhere else. You could still go about getting a burner in the wrong way, which is why Turner and Mellen make the following recommendations:
- Get your burner phone in your country of origin. Trying to get the right device overseas can be tricky and invites additional risk.
- Order a SIM card for your destination in your country of origin, too.
- Use a temporary email address to set up an account for your burner.
- Don’t log in to any personal accounts on your burner device.
- Use a strong password and MFA on your burner, even though it’s a temporary device.
- Turn off Bluetooth, AirDrop, Wi-Fi, the camera, the microphone and other data ingress/egress points.
- Don’t use any unknown or untrusted cables, like those found in charging booths.
As for getting home and ridding yourself of your burner device, Turner recommends a total wipe and handing the device in for recycling. “Be environmentally aware and maybe try to find someplace where you can recycle,” Turner said. Heck, you could even get cash for your device if you do it right.
It’s also worth noting that Turner said there’s no reason to buy a new burner if you have an old device sitting around that supports international cellular bands. Wipe the device clean, get a temporary SIM card, wipe it again when you get home and stick it in your desk drawer until you get to travel again.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays