My top 5 OPSEC rules for airport lounges
While traveling abroad I’m always surprised at the way people behave in airport lounges. These mystical places in the airports trigger certain promiscuity in the people that cross their premises.
In terms of categories of people present in airport lounges I would say that business travelers are definitely the most encountered category of them all (heavy travelers which hold airline loyalty program premium cards).
For some reason (that I don`t understand) most of these people feel uninhibited and casual in this kind of environments. So relaxed and yet so dedicated to their work that as soon as they arrive they’ll pop-out their laptops and start working without paying attention or caring of their surroundings.
A determined social engineer could easily gather loads of juicy information about potential targets just by shoulder surfing. This is also due to the fact that in most of the cases the layout of the tables and seats in the lounge are back to back which makes the job of the social engineer easier.
In many occasions I’ve passively participated in conf. calls and overheard many important details just by doing nothing and sitting in my place.
Having said this, here are my top 5 threats that I’ve encountered and how to overcome them.
1. Shoulder surfing
As you can observe in these images nobody actually cares that there might be somebody behind them checking their screens (or thanking their picture for that matter :) ).
Be aware of your surroundings (Who is behind you, how easily can he/she see your laptop screen).
Use privacy filters for your laptop screen.
It is quite rare to see people using privacy filters on their laptop screens even less on their phones. Don`t be one of those people!!!
2. Passive conversation listening
If you need to have a personal/business call, make sure you have it in designated places rather than loudly speaking on the phone while being among many people.
3. Dumpster diving
Many people throw away their boarding passes or other kings of documents containing important information (If you have doubts of what you can achieve with information from boarding passes read here and here). Make sure you manually “shred” or dispose the documents so that no important data is leaked.
4. Public computers
Travelers some times use the designated workstations provided by the airport lounge in order to check their emails and/or print their boarding passes. First of all we don`t know if those particular workstations are safe, second, travelers often forget to logout of their inboxes.
I came across wide open email inboxes where I could easily read everything (I actually just logged them out). The main message is: avoid using such workstations/devices.
5. Unattended devices
The unconditional reflex everybody has right after entering the lounge, is to grab their mobile phones and laptops put them on the table (even opening and booting up the laptop) then go right away for food while leaving the devices unattended. Since physical access to the device is possible, there are countless ways in which your data can be compromised (RubberDucky, Teensy devices, PoisonTap, Malduino, evilMaid etc.)
Never leave your laptop/phone unattended or unlocked!
Being cautious and aware is important, even when you are laying in comfortable chairs in an airport lounge. Of course these recommendations can be applied in any other similar environment like for example while traveling in metro, train, bus etc.
Stay safe and secure!!!