Are There Hidden Cameras in Your Online BnB or Hotel Room?

Nicole Milici |

Help Ensure Your Vacation is Cyber-Secure!

 

Now that it’s officially summer and the kids are out of school, you might be planning to take a family vacation. There are many options and considerations when preparing for a trip. Portfolio Solutions® hopes that the following suggestions will help prevent your dream vacation from turning into a financial hazard.

Booking the Trip

With the Fourth of July approaching, the Federal Trade Commission is warning travelers to be aware of potential rental scams and “free”, or too good to be true, vacation deals1. Scammers will call, mail, text, and even fax offers for "free" or low-cost vacations. It is better to get recommendations from family and friends, but if you decide to go with a “great deal”, it’s a good idea to do your research. Searching the web for scams, reviews, or complaints related to these deals can be a good place to start.

 

When searching online, it is important to know that individuals may maliciously copy pictures and information from legitimate vacation rental websites. They may even create a phantom listing for a property that doesn’t exist. Use this easy technique to help validate a listing: type the property address into a mapping tool, such as Google Maps or Apple Maps, to confirm that the rental property appears genuine. Simply compare pictures from the booking site to those from the mapping tool to see if they reasonably match.

 

In addition, you should always use a reputable, secure website when booking your travel plans and pay with a credit card. Fraudsters tend to use their own contact information for scam rental properties and require that you pay a deposit (or up front in full) to hold the incredible deal. It is easier to dispute unauthorized charges when paying with a credit card.

 

Scamming rental property owners may also require that you pay by wire transfer. This is a "red flag" as there are generally no ways to recover money after a wire transfer completes. If the property is overseas and you are being asked to transfer money to a foreign bank, decline and request to pay with a credit card. Otherwise, there is a good chance that this is a fraudulent deal and you will never see your money again.

 

After your vacation destination is determined and safely scheduled, travelers need to be mindful of risks associated with using their mobile and electronic devices during the trip. Cybersecurity can often be associated only with desktop and laptop computers. However, cell phones, tablets, video game consoles and vehicle navigation systems all must be secure to ensure you have a fun, safe and cyber-secure vacation.

 

The following tips can help protect you and your family when traveling:

Physical Security

Do not leave your electronic devices unattended. Many people use their mobile devices to store music, access applications, take and store photos, and as a multi-factor authenticator. Once an attacker has physical access to the device, it is easier to extract or corrupt your information.

Update Software

Vendors release new software updates to their devices not only to enhance the product, but also to patch vulnerabilities. These vulnerabilities are known by hackers, and if your devices are not regularly patched they may be vulnerable to attack.

Strong PIN’s and Passwords

PIN’s/Passcodes: Do not allow or use a simple passcode or PIN on your devices. Common passcodes, such as “1234” and “1111”, are not strong or secure. Strengthening passcodes is one of the best security defenses you can use to protect your device. Tony Brumley, Chief Technology and Information Security Manager at Portfolio Solutions®, suggests using at least a six-digit PIN. This PIN should not be easily guessable (for example, your date of birth can be found from a quick Facebook search). If possible, use biometric (fingerprint) or facial recognition to unlock your device. If available, these methods are more secure than a passcode.

Passwords: Every website login, app, and digital service you use should have a long, strong, and distinct password. Do not use easily guessable passwords such as “123456” and “password”. These are still the first and fourth most common passwords used today, respectively4. Consider using an online password manager to generate, store and manage unique and complex passwords across all your online services. Be mindful to create a long, strong and distinct password, as well as two- factor authentication, for logins to any password management service.

Accessing Public Wi-Fi

When using public Wi-Fi, do not perform sensitive tasks such as banking, online shopping, or work that includes confidential information. This is because you don’t know who owns the Wi-Fi network (or hotspot) or whom is on the network. For example, a malicious attacker could be on the same public Wi-Fi network with a packet sniffer (a device or software that monitors network traffic by examining data packets flowing between computers) that can capture your personal data. Compared to public Wi-Fi, it is safer and more secure to use your mobile network connection to access sensitive information. 

 

Finally, ensure that all sites you visit are secure regardless of the method you are using to access them. To do so, check that the site begins with “https://”. All traffic traversing this connection protocol is encrypted, making it more difficult for attackers to obtain the username and password for the site you are visiting.

 

Virtual Private Network (VPN)

If you must access a public Wi-Fi or hotspot, you should use a virtual private network (VPN) service to do so. A VPN encrypts all data that is transmitted across the network, ensuring that communications are secure. Use of a VPN service makes it difficult for hackers to obtain any information that is sent and received.

Disable Remote Connectivity

Wireless technology, like Bluetooth, can be used to connect to other devices and should be disabled when not in use.

Be Cautious When Charging

Nowadays people are always connected and need to make sure their phones are charged, especially when traveling. Public charging stations are available in airports, on planes, in conference centers, and even in some public parks. However, you should not use public USB ports to charge your phone. “Juice jacking”, as it is commonly known, occurs when you connect your mobile phone to a compromised public USB port. Once plugged in, a hacker can access your email, text messages, photos, contacts and other personal information.

 

Another risk involves “video jacking”. This occurs when a hacked USB port uses your video display to record everything you type and all the information you look at on your phone. To prevent this vulnerability, you should use a portable USB battery pack or buy a USB cable that does not transmit data, but only charges the phone. If you’re going to use the cable that came with your device, make sure you use your charger instead of a USB port2.

 

Are there Hidden Cameras in Your Air BnB or Hotel Room?

Owners of both types of lodgings are installing cameras in yards, parking lots, lobbies, and hallways to protect you and their property. However, there can be risks of owners unethically placing cameras in rooms where privacy is expected, such as bedrooms or bathrooms. While reputable booking sites may include rules and standards about the use and disclosure of cameras, opportunities for abuse remain. There are a few things you can do to protect your privacy, some easy and some advanced. While most lodging facilities want happy repeat customers and are likely to be safe, you can use these techniques if you develop concerns about your particular location:

Low-tech: First, look for any devices that appear out of place. Maybe there are additional wires connected to an alarm clock, and the second wire is a charging cable for a camera. Perhaps the device has a hole that may have a camera behind it.

Next, turn off all lights and close the blinds so you have a dark room. Shine your phone flashlight around, looking for a reflective surface like a camera lens. While in the dark room, look for any power lights that may belong to a camera. Are there multiple lights in the smoke detector, for example?

Higher-tech: For those who are technically inclined, download an app like Fing or iNet. These apps allow you to see devices that are connected to a local network. If you see more camera devices than visible security cameras, then you can start searching for hidden devices3!

Rental Car Data

Today many rental cars have USB ports, dashboard navigation systems, and hands-free calling capabilities. Be aware that plugging your phone into the vehicle’s systems, even for charging purposes, may cause your personal data to download to the car. Usually a warning screen appears before synching to help you decide. Should you want to pair with the vehicle’s systems, be sure to delete your data from the car before returning it. From experience, this step is easily forgotten during the rush to return a rental car at the airport! Diligence is required to avoid leaving your contact list and other data in the car for the next renter to see.

Hotel Lobby & Business Center Computers, BnB Courtesy Computers

Beyond simple and anonymous searches for a great local restaurant or attraction, you should avoid the use of public computers. Public computers, often placed for the convenience of guests, can actually jeopardize your personal non-public information and expose you to risks of identity theft. While you may be anxious to print an airline boarding pass for that return trip home, you should never enter personal information or log in to travel, banking or other accounts on a public computer. Keylogging malware may be present, for example, which captures usernames and passwords and delivers them to a hacker.

International Travel

Cyber risks outlined above are present every day in the United States. Such risks are also present, and may be greatly heightened, in destinations with less oversight, regulation and supporting laws. For example, the U.S. Department of State recently lists Mexico and The Dominican Republic in its travel advisories related to crime as “Level 2: Exercise Increased Caution” 5. Be especially aware of your surroundings, digital footprint and exposure of personal data when traveling abroad.

Next Installment: A Brave New (Screenless) World

Within twelve months, 50% of all internet searches may be done without a screen6. How can that be? Voice-enabled services like Alexa (Amazon), Siri (Apple), Cortana (Microsoft) and others will provide the way. Add to this reality the rapid introduction of connected devices (i.e. IOT or the “Internet of Things”) such as smart door locks, thermostats, lights, and video doorbells. In this environment, your attention to cybersecurity becomes even more crucial. Stay tuned for future cybersecurity articles from Portfolio Solutions® on these and other topics to help protect you and your family.

We hope that these tips help to keep your family vacation safe and secure! Please contact your Portfolio Solutions® Financial Advisor with any questions by calling (248) 689-1550. Not a current client, but ready to get started? Click here to schedule a phone consultation to learn more about Portfolio Solutions® and how we can serve you!

 

 

 Sources: 

1https://www.us-cert.gov/ncas/current-activity/2019/05/24/Tips-Cyber-Safe-Vacation

2https://money.cnn.com/2017/02/15/technology/public-ports-charging-bad-stop/index.html

3https://www.digitaltrends.com/home/how-to-find-hidden-cameras/

4https://www.foxbusiness.com/technology/most-hacked-passwords-2019 

5https://travel.state.gov/content/travel/en/traveladvisories/traveladvisories.html

6https://newsroom.cisco.com/feature-content?type=webcontent&articleId=1962155

 

All information presented is compiled from sources believed to be reliable and current, but accuracy cannot be guaranteed. This information is distributed for education purposes, and it is not to be construed as an offer, solicitation, recommendation, or endorsement of any particular security, product, or service, nor should it be construed as tax or legal advice. Please click here to see our blog disclosure, which immediately follows the “Applicable Law and Venue” section.