Travel Security - Hotel Safes & Spybuster Tips

Hotel safes typically have a default master code that can be used to open them, especially if the user code is forgotten or the safe is locked upon arrival. These default codes are often 0000, 9999, or variations like 000000 or 111111. 

Hotel staff should reset this code upon installation, but it's wise to check if it's been changed or to try the default codes before using the safe, especially if you plan on storing valuables.

Check for default codes: 

Common default master codes include 0000, 9999, 1234, 1111, 000000, 111111, and 999999. Some safes require entering # # or * * before entering the master code.

• The hotel is responsible for ensuring the safe is secure and the master code is reset to prevent unauthorized access.
• If the master code is not reset, anyone with knowledge of the default code can potentially access the safe. 
• Some hotels may charge a fee to reset the safe code to a custom PIN number.

For more proof of hotel safe insecurity check here, or view one of the many YouTube videos on the subject.

Spybuster Tips

Here are some solutions to try:
• Portable Travel Safes - Soft or hard lockboxes with steel cable tethers. You hide them elsewhere in the room (e.g., attached to plumbing or heavy furniture). They avoid the hotel supplied safe altogether.
• Tamper-Evident Devices - Security tape, zip ties, or door seals placed over the safe seam or keypad can alert you to tampering. They don’t secure, only monitor.
• Bluetooth Tracker - Hide a Tile, AirTag, or Chipolo inside the safe. It may notify if the safe is opened, and its location if it has been moved.
• Security Cables - Wrap a steel cable lock (not a heavy duty bike or motorcycle cable) through the safe door handle or around the body—but this depends on the safe’s design. These may also be useful for turning your suitcase or backpack into an impromptu security enclosure. 

Q. Why make this information publicly available and teach the bad guys?

A. Unfortunately, this information already appears in multiple YouTube videos, and is a click away in ChatGPT. On a positive note, publicity might force safe manufacturers to create better products, and help protect travelers in the meantime.

Protecting Electronic Devices When Crossing U.S. Borders

Some general tips:

• Consider leaving your device behind.
• Password-protect your electronic devices with strong passwords
• Back up data before traveling. 
• Remove sensitive data from a device before traveling.
• Remember that “deleted” files can be searched. 
• Log out of cloud accounts 
• Know your rights and legal status. 
• Keep emergency contact information (including for an attorney) on paper to make this information available if a device is seized. 
• If your device is seized, request a receipt (CBP Form 6051D) 
• After a search, be sure to change your passwords.

Bearing in mind this information can mitigate – but not eliminate – privacy risks that travelers face when crossing the border. more

Webinar Recap! Trade Secrets Audits: Strengthening Your Company’s IP Protection

In our recent webinar, “Trade Secrets Audits: Strengthening Your Company’s IP Protection,” Seyfarth’s Intellectual Property Partner, Lauren Leipold, along with Trade Secret Attorneys Eddy Salcedo and James Yu, shared essential strategies for enhancing IP protection in today’s complex landscape. 

As corporate espionage and data breaches become increasingly prevalent, the session provided valuable insights on effective methods for safeguarding your company’s intellectual assets. Notably, recent developments surrounding the FTC’s Non-Compete Ban—currently stalled in litigation—highlight the pressing need for proactive measures to secure your business against emerging threats.

Key Insights from the Webinar... more

Chinese Language Phone Keyboard Exploits Leave One Billion Users Exposed

We analyzed the security of cloud-based pinyin keyboard apps from nine vendors — Baidu, Honor, Huawei, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi — and examined their transmission of users’ keystrokes for vulnerabilities.

Our analysis revealed critical vulnerabilities in keyboard apps from eight out of the nine vendors in which we could exploit that vulnerability to completely reveal the contents of users’ keystrokes in transit. Most of the vulnerable apps can be exploited by an entirely passive network eavesdropper...

Given the scope of these vulnerabilities, the sensitivity of what users type on their devices, the ease with which these vulnerabilities may have been discovered, and that the Five Eyes have previously exploited similar vulnerabilities in Chinese apps for surveillance, it is possible that such users’ keystrokes may have also been under mass surveillance.

Recommendation: We urge users to install the latest updates to their keyboard apps and that they keep their mobile operating systems up to date. We also recommend that at-risk users consider switching from a cloud-based keyboard app to one that operates entirely on-device. more

How to Hunt Down Malware on Mobile Devices

co-authored by Josh Hickman, Subject Matter Expert Collect and Review, Cellebrite

The ubiquity of mobile devices makes them prime targets for malware attacks. Despite the expertise in incident response and malware detection for PCs and Macs, mobile security, on the other hand, often remains uncharted territory for many organizations and users alike. No longer a question of if but when an attack is going to happen, there is a pertinent need for education in identification, resolution and bolstering defences against future attacks.

What Malware Looks Like and How it Gets There

Mobile malware manifests in various forms, from ransomware encrypting data to spyware surreptitiously monitoring activities. Understanding the modus operandi of mobile malware is critical for detection and mitigation efforts...How it lands on a device and what you can do... more

Spybusters Tip #725: How to Find an Apple AirTag Hidden in Your Car

Apple AirTags are useful devices for locating commonly misplaced items like keys and wallets, but they can also be hijacked for more sinister purposes, such as tracking your whereabouts without your knowledge or consent. 

For a rogue AirTag to reveal meaningful surveillance information to its owner, it must be traveling with you: hidden in a pocket, purse, or vehicle you drive regularly. In most cases, Apple should alert you if it detects an unknown AirTag with a notification to your iPhone (or iPad) like "AirTag Found Moving With You." - Turn on AirTag alerts / Find an AirTag in your car... more

Citizens Warned Against Spy's 'Exotic Beauty' Traps

China has warned its citizens against "exotic beauties" seeking to lure them into the hands of foreign spy agencies.

The Ministry of State Security said a Chinese man, Li Si, went to a nightclub while on an overseas trip and was later blackmailed by foreign spies.

The ministry's WeChat post's title read, "Hunting for beauty? You may become the prey". Analysts say such warnings reflect a sense of insecurity among China's leaders. more

Actually, good advice for any business traveler.

How To Turn On Apple iPhone’s New Anti-Theft Feature

Apple's 'Stolen Device Protection' tool aims to deter cases of phone theft, but you need to enable it first.

Apple's new ‘stolen device protection' tool, was launched as part of its iOS 17.3 release, and plans to squash instances of phone theft by ramping up security requirements and limiting the amount of data thieves have access to...

Activating Apple's new security mechanism is very straightforward. First you need to enable two-factor authentication for your Apple AI and set up a device passcode, Face ID or Touch ID, Find My, and Significant Locations (under Location Services).

Once you have these up, you need to: 

• Go to Settings
• Tap ‘Face ID & PassCode'
• Enter your device passcode
• Tap to turn Stolen Device Protection on

more  video

Spybuster Tip #629: Delete Apps that are 'Spying' Using 'One Day Rule'

Security experts have explained how your phone apps track and collect your data even if they remain unused, but there's a handy hack to avoid data harvesting and potential spying...

The rule involves simply deleting one unused app a day which the expert says can massively improve your phone efficiency and free up your storage space. Doing this will help you manage how your data is used and stop it from being harvested...

To delete an app on the iPhone, find the app on your home screen, touch and hold down the icon and tap "Remove app." If you are an Android user, go to the Google Play store, tap the profile icon in the top right, and go to Manage Apps and Devices > Manage. Tap the name of the app you want to delete and choose to uninstall. more

Spybuster Tip # 823: Store Your Car Key Fobs in a Metal Can

Thieves have perfected the art of stealing the code from that key fob sitting on a kitchen counter or hung on a hook by the door. And tools that make theft fast and easy can be purchased on the internet. Worse, the latest theft devices allow criminals to amplify a vehicle's radio signal so that thieves can better access and copy the key fob signal to steal a vehicle...

The Relay Attack, a two-person attack, is when a thief walks up to the victim’s home with a piece of equipment that captures the signal from the key fob and then transmits the signal from a car key fob. "An accomplice waits nearby at the car door, usually with another device, to open the car when the signal is received," the AARP website said. The copied signal can fool the car into starting the ignition.

Spybuster Tip #823: Store your car key fobs in a metal container when not in use.

Your other fobs are at risk too. Learn more here.

Spybuster Tip #712 - Stop Smartphone Eavesdropping - Cap The App

Remember to check from time to time which apps have access to the microphone.

Here’s how to do it on iPhone:

• Open the Settings app 
• Scroll to Privacy & Security 
• Tap Microphone 
• Review the apps that have access to your microphone and toggle them on or off 

Here’s how to do it on an Android handset:

• Open the Settings app 
• Tap Privacy 
• Tap Permission Manager 
• Tap on Microphone 
• Review the apps that have access to your microphone and toggle them on or off | more

Why is this important and timely?

A hacking group linked to the North Korean government has been caught using new wiretapping malware in recent surveillance attacks, according to an advisory from cybersecurity firm AhnLab. more

Journalist Plugs in Unknown USB Drive Mailed to Him

...it exploded in his face

Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn't get the memos. more

In case you missed our memo...

USB Memory Security Recommendations

• Block ports with a mechanical port block lock.
• Place security tape over that.
• Create a “no USB sticks unless pre-approved” rule.
• Warn employees that a gift USB stick could be a Trojan Horse gift.
• Warn employees that one easy espionage tactic involves leaving a few USB sticks scattered in the company parking lot. The opposition knows that someone will pick one up and plug it in. The infection begins the second they plug it in.
• Don’t let visitors stick you. Extend the “no USB sticks unless pre-approved” rule to them as well. Their sticks may be infected.

Trending… IBM Takes The USB Memory Security Lead

“IBM has allegedly issued a worldwide ban against the the use of removable drives, including Flash, USB, and SD cards, to transfer data.

This new policy is being instituted to prevent confidential and sensitive information from being leaked due to misplaced or unsecured storage devices.

According to a report by The Register, IBM’s global chief Information security officer Shamla Naidoo issued an advisory stating that the company “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).” This advisory further stated that this policy is already in effect for some departments, but will be further enforced throughout the entire company.” more

Spybuster Tip #823 - Remote Control Duplicators

Never let your door / gate opener fob out of your control.

Here's why... Anyone (service person, neighbor, guest, valet, etc.) only needs to have access to your fob for a few seconds to make one for themselves.

Fob duplicators are cheap, available and easy to use... (more detailed version here)

17 CIA Tips - Think like a spy and stay safe while on vacation

The CIA is releasing these tips – or travel tradecraft, in spy parlance – as part of its ongoing effort to demystify its work in assisting the American public, according to agency spokesperson Walter Trosin.

I found the CIA's best practices, culled from the experience of its officers in the field, are exceptionally helpful, easy to adopt and especially relevant to Americans in these fraught times.

Here’s how to think like a spy on the ground overseas... more

Spybuster Tip # 712: How to Thwart Off-Site Meeting Spies

The National Executive Council of the Academic Staff Union of Universities, on Sunday, changed the venue of the meeting... A reliable source said the venue was changed due to the fear of bugging of the auditorium by secret agents of the Nigerian government. more

Reasons You Should Never Connect To Public Wifi

There Are Too Many Risks
Put simply, the risks you take when you connect to Wifi in public places such as libraries, stations, cafes, and shopping malls are often too great to make the benefits worthwhile...

• Misuse of personal data Distribution of malware
• Insecure connection
• Online attacks on business
• Eavesdropping
  

Hackers or anyone with a sound knowledge about internet software and applications can eavesdrop on your personal data if they are using the same public Wi-Fi connection as you are...

• Try not to share your personal data while you are using a personal Wi-Fi connection.
• Avoid logging in to websites that involve your personal or bank credentials.
• Try using a VPN (virtual Private Network) service that will help you to encrypt all the data you receive or send.
• Use 2-Factor authorizations that will make your connection secure and prevent the risk of data loss.” more
  

Spy Tip 592 - How to Eavesdrop More Effectively

Dr Anthony Youn explained that there is a way you can listen into a chat that wasn’t meant for you.

He explained: “Try listening with your right ear and not your left – your right ear is connected to the left side of your brain which processes speech and language.”

His posts on body hacks have gone viral and include a range of tricks and trips.

He also revealed how you can get rid of hiccups. more

How Grandma Hears Everything...

 …and why your business should care. 

There is a new eavesdropping spy trick in town. You could get burned unless you know about it.

Let’s start with Grandma. She is hard of hearing. A while back the family gave her money to buy two new hearing aids. Nice. Now she has stopped saying, “WHAT!” all the time. She hears everything clearly. 

There is only one problem. She seems to  hear everyone’s conversations even when she is not in the room. Sometimes she is in her room with the door closed. 

It’s a mystery, but we’ll figure it out soon. more

The Most Secure and Anonymous Communication Tools Available

 via David Koff, Tech Talk - The Technology Newsletter for Everyone...

What I’m about to share with you here is… kind of fringe. Like, “Edward Snowden” fringe.

Hopefully, that got your attention.

For some years now, the hacker, privacy, and journalism communities have all been debating, discussing, and using the tools I’m about to share with you in this installment. These tools are used not only to lock down your security and anonymity on the known internet, but also to access the portions of the internet that are normally hidden — “The Dark Web.” 

Despite their usefulness, I haven’t really seen information about these tools shared with the general public in a straightforward, easy-to-understand way. I think it’s worth changing that; while most of us don’t need the same high-privacy, high-security tools that confidential informants, journalists, and whistleblowers use, we should all know about these tools in case the time comes when we actually need them. more

Check Your Holiday Rental for Hidden Surveillance Cameras

Australia - There's something unsettling about the idea of being watched while you and your loved ones kick back on holidays. If you've searched online to find whether holiday rental landlords spy on their guests, there's plenty to feed your paranoia...

Still, if something feels off or you want to sweep the house, there are some steps you can take. Although without professionals and high-tech gear involved, it can't be 100 per cent accurate...

Julian Claxton, a counter-espionage specialist, recommended a hidden camera detector — small devices that project a light that will reflect off the lens of a covert camera... "The reality is, that's how a lot of these cameras can be found — through anomalies. Things that just don't look right within an environment," he explained.

Tips:

1. Inspect what's on the Wi-Fi network... Many cameras sold in consumer electronic stores need an internet connection so they can be viewed remotely from a computer or app. This could provide a clue.
   
   
2. Try to spot the camera lens... Julian Claxton, a counter-espionage specialist, recommended a hidden camera detector — small devices that project a light that will reflect off the lens of a covert camera.
   
   
3. Check the power points... Hidden cameras need ongoing power, so Mr Claxton suggested looking at what's connected to power points.
    
4. Look for oddly placed objects... Hidden cameras can be built into just about anything, but for the lay person, Mr Claxton suggested using "a bit of common sense". more

Also, consider taking a one-hour, on-line, video Spycam Detection Training course.