Bitcoin Security: Tips to Help You While Traveling
Everyone is extremely excited for the upcoming Bitcoin 2021 conference in Miami. For a lot of us we get to dust off our luggage, let down our hair (see author’s picture), and break free from post-pandemic fatigue. While we are looking forward to catching up with long lost friends 🤝, discussing the latest in Bitcoin technology (Taproot 🟩), and enjoying the crystal clear waters of Miami (watch out for those boating accidents! 🛥️), we should be aware that as conference season is heating up again, so are criminals, attackers, and malicious actors 🦹. Here are some tips and reminders to stay safe when traveling and attending cryptocurrency-related events.
Getting to the destination safely is the part of your trip where some quick pre-planning can help avoid issues.
- Power down your electronic devices fully before going through the security checkpoint. Once a device is outside of your control, anyone can do anything with it. It is much harder to unlock and decrypt a computing device when it is in a powered off state versus a powered on state where the device was previously unlocked (PIN code, biometrics). It is generally safer to power on all devices once passengers have boarded the plane and the plane doors have been locked. The risk of devices being seized once a plane is boarded and moving is much lower.
- Never take the majority of your Casa keyset with you. Your keyset is designed for geographical distribution and security. If you need to transact in bitcoin at the conference, it is better to use the mobile single key wallet with a limited amount of funds. Having 2-of-3 or 3-of-5 keys in your possession makes YOU the single point of failure and puts your funds at risk.
- Don’t advertise the goods. I take note every time I am in a travel hub of who is wearing a crypto-currency shirt or who has a Bitcoin sticker on the lid of their laptop. Criminals and thieves take note of this as well.
- Only use your own device power chargers and cables. Attackers have been known to set up impromptu “charging stations” in travel hubs in the hopes that someone with an unpatched device will connect to it for charging purposes. Your device may charge, but it will also now be infected by a process known as “Juice Jacking”.
Lodging and Accommodations
- Hotel safes are not to be trusted for high-value items, including hardware wallets. These safes are easily accessible to hotel staff and cleaning services using bypass codes. These safes are even more easily accessible to attacks using things such as a room key, screwdriver, or ball-point pen cap. When in doubt, don’t bring high-value items with you.
- Some hotels and suites have a double door connecting rooms or bathrooms directly. If your room has a double access door, ensure it is locked from your side. You can move or brace a piece of furniture against the door to stop an inquiring neighbor.
- Consider using a small portable non-intrusive “door brace” style lock security device or deadbolt strap for your hotel door. These devices can vary in effectiveness, ease of use, and known flaws but ultimately can help prevent an unwanted visitor from gaining entry while you are in your room.
- Airbnb style lodging is great for cost but not as much for security. These accommodations are offered by individual owners rather than a company, and they may not have the same level of physical and network security controls. Your personal property may not be protected or covered by insurance in the instance of a break-in or robbery.
- Use a VPN at all times when on a shared network, including hotels, Airbnbs, and individual rental locations.
- Pseudonyms work in real life, too! When ordering delivery, food, or car rental services, use only a first or fake name if possible. If you decide to do this, make sure the hotel and clerk know as well, otherwise your pizza delivery for “Satoshi Nakamoto” may go to the wrong person.
- If you are using shared car transportation services, ensure the driver is who they say they are and work for the company they are representing. This does not need to be a full blown interrogation but more of a verification - "Are you Kevin with Uber? Oh, your name is Pete. My mistake, my app does show that." can work well as a false pre-text verification.
At The Event
- Ensure you have an emergency contact (or notify your Casa Emergency Contact) who knows you will be traveling to a remote location. This person does not need to know all of your whereabouts but should be aware of your general plans and location.
- Update any computers, tablets, or mobile devices you may be bringing with you prior to the event. This ensures the latest security updates are applied and minimizes the risk of known attacks against the device.
- Turn off all unneeded network communications including Bluetooth, WiFi (in certain areas), and the MacOSX/iOS Airdrop file sharing utility. This stops random connections and scanners from picking up your devices for further analysis and potential attack. Learn how to disable your AirDrop in this Wiki article.
- Just like when you’re traveling, make sure to use your own power chargers for your mobile and computing devices. A portable battery is a great and cheap option to charge while you’re on the move.
- Do not share any pictures of a location on social media while you are still in that location. It is better to post pictures after you have left the location, or some time thereafter. This stops a bad actor from finding your physical location in real-time. One should also be aware of what is in the background of the photograph, who is in it, and if they are okay with the picture being posted online.
- While there may be some conflicting options regarding wearing a mask, it’s a great excuse to hide your identity and blend into the crowd. Altering small things about ones appearance can greatly help to obfuscate your identity.
- Be aware of those in attendance at afterparties, bars, and shared party locations. These patrons may not be attending the conference, but they are now extremely interested in your “bitcoin citadel retirement plan” they overheard you discussing. Limiting alcohol intake will also help to keep one’s senses sharp (but make sure to still have some fun!).
It is an effort to get back into the traveling security mindset, but hopefully some of these tips are things you can incorporate into your personal security plan. While most attendees should feel safe and not be targeted, “An ounce of prevention is worth a pound of cure.” Have fun at the conference and beyond!
Need peace of mind for your bitcoin? Let's get it handled.
Casa Gold is FREE to try for 30 days and only $120 / year after that. Ready to move directly to our Platinum or Diamond tiers? You can get started here or book a call with our Client Services team to learn more.
Stay safe out there
Casa's CTO Jameson Lopp regularly reports on the Bitcoin security + privacy landscape. Sign up for our weekly security newsletter to stay in the know.
The Services are a platform for managing cryptographic keys and nodes. The Services are not an exchange for buying, selling, or trading digital or virtual currency or assets (an “Exchange”), and Casa is not a bank or other financial institution. The Services do not and cannot sell, hold, invest, send or receive money or cause or effect any digital or virtual currency or asset transactions. BY USING THE SERVICES IN ANY MANNER, YOU ACKNOWLEDGE AND AGREE THAT (A) CASA IS NOT IN THE BUSINESS OF PROVIDING FINANCIAL, LEGAL, TAX, ACCOUNTING, OR INVESTMENT ADVICE OR SERVICES, (B) NONE OF THE SERVICES ARE INTENDED TO PROVIDE OR CONTAIN ANY SUCH ADVICE OR SERVICES, AND (C) ANY AND ALL SERVICES ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. Casa urges you to consult a qualified professional for any such advice or service.