The holiday season is a time for relaxation and global travel, but for high-net-worth individuals (HNWIs) and executives, international journeys can come with heightened risks of data theft. USB skimming and RFID skimming are increasingly sophisticated tactics used by cybercriminals to exploit vulnerabilities in portable devices and digital payment systems. As technology evolves, so do the methods employed by threat actors, making it essential for travelers to stay vigilant.

At Vanguard, we’ve taken the time to compile a list of some helpful information that travelers can use to help avoid common pitfalls and stay safe:

UNDERSTANDING THE THREATS

1. USB Skimming:
USB skimming involves maliciously modifying USB charging ports or cables to extract data or install malware on connected devices. High-traffic locations like airports, hotels, and conference centers are prime targets for these attacks. Once infected, devices can unknowingly transmit sensitive information, including personal or corporate data. International travelers should also look out for voltage adapters in addition to USB dongles and cables.

2. RFID Skimming:
RFID (Radio Frequency Identification) technology is widely used in credit cards, passports, and access cards. Cybercriminals use RFID readers to intercept the unencrypted signals transmitted by these devices, allowing them to clone cards or access sensitive information without physical contact.

3. Portable Device Exploits:

According to a Department of Homeland Security analysis in The Risks of Using Portable Devices (Penny Walters), portable media devices like USB drives and smart gadgets are particularly vulnerable due to their portability and connectivity features. These devices are commonly used to store sensitive data, making them attractive targets for theft or malware.

4. Unauthorized Recording:

The rate of unauthorized recordings (both audio and video) has nearly tripled in the past 5 years according to the Department of Justice. Criminals often gain access to guest information and plant a microphone or camera in advance of a trip. Upon checking in, everything in the hotel room or AirBnB is recorded. Not only is your privacy violated, but any sensitive discussions are captured along with a video record of you and any of your guests.

KEY RISKS FOR HIGH-PROFILE TRAVLERS

1. Loss of Physical Control:
   Portable devices are easy to misplace or steal. Losing a device containing unencrypted sensitive data can lead to severe personal, financial, or reputational damage.
2. Public Wi-Fi Exploitation:
   HNWIs often use public Wi-Fi in transit hubs or hotels, which attackers exploit to intercept data using tools like Wireshark or Kismet.
3. Bluetooth and Wi-Fi Vulnerabilities:
   Devices with Bluetooth or Wi-Fi capabilities can become “discoverable” to attackers, enabling unauthorized access or data breaches.
4. Malware Propagation:
   Malware hidden in portable devices can bypass firewalls and infect networks, jeopardizing both personal and organizational data security.
5. Misuse or Ransom of Confidential Information

Video of a celebrity or high-profile can be ‘leaked’ or ransomed, and confidential business or personal matters can be exploited.

BEST PRACTICES FOR PROTECTING YOUR DATA AND PRIVACY

Portable Storage Media

• Scan and Protect: Install antivirus software to scan all connected devices for malware. Use encrypted USB drives to store sensitive information securely.
• Disable Autorun: Prevent automatic execution of potentially malicious files by disabling Autorun and Autoplay features.
• Separate Personal and Business Use: Keep personal and corporate data on separate devices to minimize cross-contamination risks.
• Use Secure Deletion Tools: Erase sensitive data from USB drives after use to prevent unauthorized recovery.

Portable Smart Devices

• Encrypt Data: Enable AES 128/256-bit encryption on devices to secure stored data.
• Restrict Connections: Disable Bluetooth, Wi-Fi, and other network features when not in use.
• Always use a USB data blocker when connecting to an unknown device, computer, or charging port in areas such as vehicles, airports, hotels, or offices. 
• Install Anti-Malware Software: Periodically scan devices for threats and avoid downloading apps from untrusted sources.
• Enable Remote Wiping: Activate remote wipe functionality to erase data from lost or stolen devices.
• Use VPNs: Connect to the internet via a trusted virtual private network (VPN) to encrypt data transmissions.

RFID Protection

• Shield Devices: Use RFID-blocking wallets or sleeves to prevent unauthorized scanning of RFID-enabled cards and passports.
• Limit Exposure: Carry only the essential RFID-enabled items during travel to reduce risk.

Organizational Safeguards

• Create Usage Policies: Establish and enforce policies regarding the use of portable devices in business environments.
• Invest in Secure Equipment: Provide employees with pre-approved, secured devices for business travel. Conference rooms, hotel rooms, and corporate used vehicles should all be scanned.
• Conduct Regular Audits: Maintain an inventory of mobile devices with access to sensitive information and audit usage regularly.

Personal Safeguards

• Assemble a counter-surveillance detection kit, ensuring you buy quality, easy-to-use hardware. Scan your hotel room, AirBnB, and rental vehicle you may use while on your stay.

BOTTOM LINE

As the holiday season approaches, high-net-worth individuals and executives should remain proactive in safeguarding their digital assets during international travel. The risks of USB skimming, RFID skimming, and portable device exploitation are significant but manageable with the right precautions. The Golden Rule is “If it’s not yours…don’t trust it.”

For more helpful information and beneficial security tips, follow us on our social media. We aim to inform others, keep you up-to-date on important criminal trends, and offer expert consultation to ensure your safety and security.