Traveling

Traveling exposes you to special risks, like the Evil Maid Attack. This attack involves a malicious actor gaining access to one of your devices through an official role, and then using that access to steal data or implant malware. It is not limited to maids in hotel rooms, but rather any time any device is out of your control. This includes coffee shops, conferences, airport security, customs, shipping, etc. As always, though, we should keep in mind our threat model, unless we have specific reason to worry about 1% attack scenarios.

Common attacks

Physical

1. You SHOULD keep a low profile.
2. You MUST NEVER leave a device unlocked AND unattended.
3. You MUST use full disk encryption on any device which supports it (with a strong password)!
4. You SHOULD power devices off before leaving them unattended, not simply lock them; this prevents a lockscreen compromise from granting access to the unencrypted disk contents.
5. You SHOULD choose hotels which have in-room safes, which will reduce the number of people who have access to your devices while you are at dinner or the pool.
6. You MAY use a screen protector to mitigate shoulder surfing.

Network

1. You SHOULD use a VPN when using WiFi.
2. You MAY get a local SIM (eSIM is easier than physical SIM card) if you don't have a global carrier; but even then a VPN will protect you against some attacks (e.g. stingrays).

Uncommon attacks

Mitigating uncommon attacks often requires extreme measures, which will impact your ability to do work. Always remember your thread model!

1. You MAY choose to engage Lockdown Mode, available on Apple and Android devices. Read the documentation carefully if you do so, since the behavior is very different by platform.
2. You MAY choose to wipe your devices before flying, or crossing international borders. Be aware that this may make you look suspicious, which could result in reprecussions not limited to interrogation and/or confiscation of your devices.