How Secure Is Your Data While You're Using Public Transportation?

Whether you're taking a subway train, bus, or airplane, you need to know about your security and privacy. So what risks does public transport pose?

Public transportation tech is widespread. You can use free Wi-Fi while waiting to board a plane or register for an app that tells you when to expect the next bus on a particular route.

What are the cybersecurity risks associated with such public transportation conveniences, though?

What Security Risks Does Public Transport Pose?

There are actually plenty of threats to both your security and privacy when you're using public transport, be it airplanes, the suubway, or buses.

Airport Staff Members May Search Your Devices

Going through airport security can be a stressful experience—yes, even for people with nothing to hide. That’s especially true given the tighter rules after the 9/11 terrorist attacks.

Representatives from the Transportation Security Administration (TSA) should only search a phone that looks suspicious, such as if inspections showed a possible explosive device inside.

On the other hand, border patrol agents can and do take people’s devices to determine if they contain content that could indicate someone’s a national security risk. That means most individuals don’t need to worry about having their devices scrutinized during a border crossing. However, things don’t always turn out that way.

Domestic Travelers Had Phones Searched for No Apparent Reason

The American Civil Liberties Union (ACLU) filed a 2018 lawsuit against the TSA because of allegations from domestic air travelers that representatives seized and searched their electronic devices.

Vasudha Talla, a staff attorney with the ACLU Foundation of Northern California, said:

“We don’t know why the government is singling out some passengers, and we don’t know what exactly TSA is searching on the devices.”

COVID-19 Necessitated the Need for New Tech

The TSA’s lack of transparency is enough to raise eyebrows. It’s also worrisome that its new technology developed in response to the COVID-19 pandemic may collect increasing amounts of passenger data.

For example, the new tech includes imaging software that digitally rotates passengers’ bags without physically touching them. Another aspect verifies a person’s identity to make sure they are not security threats. Plans also include biometric features that let someone use their physical characteristics to access parts of an airport.

However, it’s not yet clear what public cybersecurity measures would help protect passengers’ data or how long the organization stores such information. The TSA has also not discussed how a person could opt out of such programs.

Inequalities Between Physical and Internet Security Measures

Evidence shows public transportation authorities have stepped up physical security for passengers.

For example, the San Diego Metropolitan Transit System signed a multiyear contract for a security company to help keep people safer on buses and trolleys. The project involves tasking 190 public safety officers with checking fares, taking lost item reports, and more.

On the opposite side of the country, New York’s Metropolitan Transportation Authority (MTA) installed security cameras at all 472 subway stations, with some broadcasting real-time feeds to a centralized location.

However, some entities may not prioritize public cybersecurity in the same ways.

Can You Trust Airport and Airplane Wi-Fi?

Waiting to board your plane or reach your destination once in the air becomes much more enjoyable when you have a free Wi-Fi connection to use. However, that complimentary convenience comes with risks, and cybersecurity professionals urge everyone to think carefully about what they do when connected.

Chris Furtick of Fortalice Solutions said:

“We’re seeing criminals and bad actors target more networks that are frequented by travelers and tourists... I relate connecting to public Wi-Fi like walking around Times Square barefoot. You have a significant chance of picking up something that someone left behind.”

Cybersecurity experts also point out that researchers have hacked in-flight Wi-Fi too, such as during a widely cited 2016 case.

In another case, Coronet, a cybersecurity firm, conducted a five-month study of Wi-Fi traffic and devices used at some of the busiest airports in the United States. Representatives then assigned each location a risk score based on the findings.

San Diego International Airport was the least secure option, ranking 10 out of 10 for riskiness. Researchers even found a fake access point that would allow hackers to easily see what travelers did online. Airports in states including Florida, North Carolina, and Arizona also scored as significantly risky.

Related: How Hackers Use Public Wi-Fi to Steal Your Identity

Dror Liwer, Coronet’s founder and CISO, said:

“Far too many U.S. airports have sacrificed the security of their Wi-Fi networks for consumer convenience. As a result, business travelers, in particular, put not just their devices, but their company’s entire digital infrastructure at risk every time they connect to Wi-Fi that is unencrypted, unsecured, or improperly configured.”

What Data Do You Give Up on Registration?

Many transportation apps and public Wi-Fi services require filling out a short registration form to use them. You’ll also probably see some fine print about how those third-party providers may use your data. Be aware that the simple act of using a free Wi-Fi connection could mean you agree to have your data sold to another company.

That’s even true in cases where you have no choice but to provide an organization with details about yourself.

Most people don’t realize that a federal law allows the Department of Motor Vehicles (DMV) to sell driver details, such as their names, birthdays, addresses, and car ownership information, to third parties to supplement their profits. In one year alone, Florida’s DMV made $77 million by doing that.

Not all states participate in the practice, and some have moved away from it (Texas, for instance). If this data usage concerns you, take the time to search the DMV’s website for your state to get more details. For example, the one for New York details the three ways the organization sells to third parties.

When possible, learn the privacy tradeoffs associated with using transportation tech. If you must give several personal details to download a live bus-tracking app, and the provider admits to selling that information, is it worth proceeding? You may decide it is; that’s okay. However, it’s best to learn what tech advancements require of you in return for the right to use them.

How to Stay Safe While Using Public Transport

While you don’t necessarily need to deprive yourself of internet access at the airport, on a bus, or while riding a train, it’s smart to do some specific things to protect yourself.

For starters, don’t engage in anything requiring entering credentials others could steal, including checking your email or bank account.

It’s tempting to get work done while waiting for your flight, but be cautious, especially if the task requires viewing or downloading proprietary information.

Checking the internet security protocol is another quick tip. For example, if the address begins with HTTPS, that means data gets encrypted. Many browsers also show a padlock symbol.

Cybersecurity professionals also stress that, while no connection is totally secure, it's best to use your phone's mobile data if available rather than public Wi-Fi. That’s because it’s an always-encrypted solution.

Public Cybersecurity Is Not Always Tight

These examples show that your data is not necessarily safe as you go through an airport security checkpoint, use an airport’s Wi-Fi connection, or even renew your license at a DMV.

With these things in mind, take the time to determine how to stay as safe as possible. When you must provide data to an organization, learn what that entity does with it. Those proactive measures help protect you while using transportation tech.

About The Author