New Security Risks Await Post-Pandemic Travelers

The COVID-19 pandemic has had a huge impact on travel, canceling business trips and vacations alike for almost a year. When it’s all over, we’ll return to physical meetings and finally book the trips we’ve been dying to take. Our pent-up need to get out and live again will likely drive a major recovery for the travel industry. That industry, however, has taken on a slightly different shape. COVID-19 has not only affected the physical aspects of travel but the digital, as well, introducing several new potential privacy risks to be aware of.

Contact Tracing

With the need to follow the spread of infection and monitor the pandemic, different methods of tracking people were introduced. Whether you have to register online to eat at a restaurant or write your name and address details on paper on entering a bar, you’re handing your personal data to unknown people. Even though the intended purpose is for medical professionals to have access to this data to fight the further spread of infection, we’ve seen unauthorized access to such data by venue staff as well as police. Unavoidable tracking of physical location poses a huge threat to privacy that has not been solved. In fact, criminals may also be able to access such data and use it to further attacks like phishing, spam or ransomware attacks.

Tracking Apps

What’s more, some countries require travelers to undergo medical tests or to share private information, sometimes by having them install tracking apps on their mobile devices, which can enable permanent, targeted surveillance. Such policies could remain long past the pandemic in some countries.

Tracking apps can allow various functionalities; they can acquire real-time location data, and also access the data on your smartphone. There may be other future uses for such tracking, such as within law enforcement. We’ll have to monitor how they are used later on.

Shoulder Surfing

In one interesting respect, the pandemic and subsequent restrictions may have actually removed a privacy risk. Last year, we conducted a study on “visual and audible hacking” (aka “shoulder surfing”), a common travel risk. With social distancing requirements and policies still active in many countries and aboard various modes of transportation, such snooping will be harder. Of course, if social distancing restrictions are relaxed, travelers will once again need to take precautions to avoid shoulder surfing.

Digitization of the travel industry didn’t just begin with the pandemic, nor is it relegated to the world of tracking COVID-19 infections. From buying tickets to the equipment in your hotel room, travel is becoming more and more digital—and introducing more and more risks. There are some other important considerations to keep in mind when leaving your home.

Smart Hotels

With the increase in smart technologies, you may already be overwhelmed by all the technology you have at home. It gets much worse in places you don’t own, since you have no control over the IoT-enabled devices around you, at all. Is there a smart TV with a camera in your room? What about smart air controls, voice assistants, entertainment offerings and all the other “little helpers” integrated in modern accommodations? All of them can be a threat to your privacy or cause a security problem if you connect your own devices to them. Even a power outlet with a USB port to charge your phone may be a risk, either in terms of security or the physical health of your device. Hotels and event locations are also using the current quiet period of reduced and/or restricted travel to renovate and upgrade their venues, which means we may see more such technologies when we return.

Public Wi-Fi

Free Wi-Fi is convenient, especially when you’re traveling. But did you ever wonder who controls the network you’re connected to? What type of data you share with the websites you’re opening? Connecting via unsecured Wi-Fi gives criminals an easy opportunity snoop on your traffic, collect sensitive data or even try to attack your devices. Using encryption, not only on your device, but also on your remote connections, should be as essential as your ticket while flying.

The Self-Service Concierge

Nowadays, hotels often offer publicly accessible self-service kiosks. These are usually tablets or a computer. The idea is simple: you log in to your email account (or wherever you may have stored your ticket), you open the digital ticket and print. But did you forget something? Logging out and clearing browsing data may easily be forgotten due to the stress of checking out. However, I’ve experienced many such devices that retain full access to all that data, like email, documents and calendars.

Travel Scams

Even before the pandemic, ensuring that you were communicating with the right person in the digital world was difficult, and in many cases, phishers and other scammers took advantage of this vulnerability. People became even more vulnerable in 2020. Criminals jumped on the opportunity to use the pandemic to make a profit using social engineering to trick people into revealing information. There have been cases of fake emails regarding canceled flight refunds, fake messages from government entities and those pretending to sell N95 masks.

The pandemic forced the introduction of new restrictions and digital processes to protect citizens’ health, and this, in turn, has altered the future of travel. The effects will last far beyond the end of the pandemic. Protecting yourself in the physical and digital worlds when you get back on the road will be more important than ever.

Avatar photo

Marco Pruess

Marco was appointed Director of Europe for the company’s Global Research & Analysis Team in March 2013. Prior to becoming Director of Europe, Marco served as the Head of Kaspersky's Global Research & Analysis Team in Germany and Senior Security Researcher. Marco has been working in the area of networking and IT security since the early 2000s. Having a long time experience in his role, he is responsible for monitoring the threat landscape in Europe while specializing in threat intelligence, darknet research, password security, IoT security and privacy. In addition to research-related projects, Marco is a regular speaker at both closed and public events, and maintains close contact with security partners. Marco began his career with Kaspersky back in 2004 as a Technical Consultant, providing expert knowledge on Linux and Unix-based systems. He has also been involved in corporate sales management, before moving on to become the technical contact for the OEM department, supporting customized solutions. Marco worked extensively with the company’s product design and development teams and joined the research team as a Virus Analyst in 2009.

marco-pruess has 1 posts and counting.See all posts by marco-pruess