Whether you wanted to binge watch TV, catch up on work, or keep a toddler from yelling for 15 hours straight, the new rules on checked-in electronics are definitely an inconvenience. But they can also present major safety issues for your hardware and data.
The United States announced a new rule that bans bigger-than-a-smartphone electronics from the airline cabin on certain flights to the United States including laptops, tablets and cameras. The rules apply to flights from 10 airports in 8 Middle Eastern and North African countries. The government has attributed the new security measure to concerns about bombs. The U.K. took a similar step Tuesday.
Checking devices opens them up to damage, loss, and even hacks. Before checking any electronic devices, consider the risks and take steps to protect your devices and data.
It could break or be lost
Even airlines don’t want you putting pricey electronics in your check-in luggage. Once a bag is checked, it’s tossed around between conveyor belts, trucks and planes. One bad hit could do serious damage.
Many airlines specifically say they will not be held liable if these types of items break or are lost. They warn against packing valuable or breakable items like computers in checked baggage. For example, United says not to check “computer hardware/software and electronic components/equipment.”
It could get hacked
As soon as you let your computer or tablet out of your sight, it’s vulnerable to hacks.
“Any time your laptop leaves your possession, all bets are off. Malware and spyware can be installed,” said Rene Kolga, head of product of ThinAir.
Checked-bags go through an x-ray machine, but TSA employees are also allowed to open up any bag and examine its contents. Bags containing laptops and other electronic equipment are often inspected by hand. The airlines are usually looking for bombs or other dangerous items. It is possible for an individual to tamper with your device without you ever knowing it.
Someone can get data off your computer “in seconds” by using a malicious USB device, according to Kolga.
“Most likely the device will be treated with a keylogger or other kind of implant that will help locate the device (and its holder) at a later stage, enable remote access or at least enable them to monitor device usage,” said Erka Koivunen, chief information security officer at F-Secure.
Keep your data safe
The best way to keep your data from falling into the wrong hands is to not check a computer at all.
If you have to bring a device, make sure you at least set up a passcode or fingerprint lock and enable remote wipe in case it is stolen. Do a full backup before leaving for the airport. Experts recommend shutting the computer down completely, not just putting it into a sleep mode.
It is possible to bypass a simple passcode lock. A more secure option is to wipe a laptop or tablet clean before traveling. Koivunen recommends deleting most locally stored data as well as authentication tokens, cookies and certificates.
Since it’s difficult to wipe all traces of your data from a machine, consider switching to a “burner” laptop — an inexpensive device that doesn’t have sensitive information on it.
If you need to access your work or personal files at your destination, there are a couple options. You can upload it all to the cloud, but double check to make sure copies aren’t also saved on your hard drive.
“While storing data in the cloud presents its own set of security concerns, it does allow for convenient remote access from nearly any computing device, even smartphones which are allowed by the recent aviation security enhancements,” said Joe Levy, CTO at security firm Sophos. .
If you keep data on the device, encrypt it. Most operating systems offer built-in options for full-disk encryption.
If you’re traveling with a work-issued device, check your company’s security policy. Some IT departments already ask that you don’t check laptops. They may be able to provide clean computers specifically for travel or set up encryption for you. They should be checked out before you connect to a work network, said Javvad Malik, security advocate at AlienVault.
Koivunen recommends putting your devices in a tamper evident bag so that you know if anyone tried to access them. If you’re still worried when you get your laptop back, do some snooping of your own. Monitoring software like Little Snitch can detect if data is being collected from your computer.
Correction: A previous version of this article incorrectly reported the number of countries affected by the U.S. ban.