There are a lot of dire warnings about traveling to China with a smartphone and laptop. Examples:
- from Stanford University
- from Travel and Leisure magazine: “Within an hour of landing in China, there will be malware on your mobile device,” says Dave Anderson, a senior director at Voltage Security in Cupertino, Calif
Counterexample:
- nytimes article that says download ExpressVPN and be happy
Is the situation truly riskier than in the U.S.? What special tools do attackers in China have that couldn’t be deployed at a Starbucks in Peoria?
I’m not worried about someone from the Chinese government reading all of my email. Any opinions that I have about China and the Chinese government are already published here on this blog (and they’re mostly wrong! In 2003, I predicted that the Chinese would be able to make and export a basic automobile for $2,000 to $3,000 (at most $4,200 in today’s mini-dollars). As of 2016, there was a $2,400 Chinese four-seat car, but it lacks A/C and other “basics”. Today there is a $9,000 Chinese made four-door electric car.)
I wouldn’t want someone transferring money out of my online banking accounts, using my credit cards, etc., however. Given two-factor authentication with text messages to my phone, can people truly do that without having control of my mobile number?
Update: Based on Denis’s comment below, I updated the “SIM PIN” on my iPhone away from the Verizon factory default. I hope that is what he meant by “Make sure your sim is locked.”
Make sure you sim is locked. Steal a phone, swap the sim into a fresh phone, and get into all your accounts is a common thing.
I have been to China many times and never had any issues. Make sure you get a VPN before leaving the US otherwise access to most western media, gmail, google, etc will be blocked. I use Express VPN. It doesn’t work all that well, sometimes it works and sometimes it doesn’t and it always takes forever to download anything, but the reviews seem to say it is the best one out there for the PRC.
Thanks, Jack. I wonder if this is a case of academic grandiosity. The Stanford folks imagine that their ideas are so brilliant that everyone in China is desperate to steal them (but not desperate enough to spend $500 to fly over to SFO and sniff packets on the campus?). Entire cruise ships full of tourists are unloaded in China every day. Do they all go home with a Chinese government minder?
If you’ve ever been curious about what life without Google is like, go to China. Search, maps, GMail, etc. were mostly unavailable when I was there four years ago. Locals and expats can sometimes work-around it with VPNs or Hong Kong based SIM cards, but it’s a cat ‘n mouse game.
Another tip: If you have an Android phone, install the WeChat app before you go. Once you’re there, you can’t get to the Google Play store to install it, and all communication with locals (and local businesses, transportation, etc.) essentially requires it.
Oh yeah…and even when Google Maps does work in China, it’s about a quarter-mile off.
Install “WeChat” on your phone, almost everyone uses it for payments. It also automatically pays fines within seconds of your jaywalking: https://www.reddit.com/r/conspiracy/comments/d1he4n/chinas_facial_recognition_i_was_jaywalking_in/
Use a burner with WeChat on it. Depending on your risk matrix take your own phone but don’t go out of airplane mode and keep it always in your possession. I consulted for a firm that issued you a laptop to go to china with and then destroyed it on return, because they had found “additions” to the circuit boards in the past.
> Given two-factor authentication with text
> messages to my phone, can people truly do
> that without having control of my mobile number?
How secure do you suppose your mobile number is?
https://en.wikipedia.org/wiki/SIM_swap_scam
When I go to China in a few months, I will bring my old phone, and not be logged on to my regular gmail account.
This SIM card is worth a try for plentiful cheap data, but YMMV:
https://www.amazon.com/gp/product/B07TV1K9MG/
Google FI is a practical service for China, and comes with built in VPN, and the marginal cost of data is $10/GB.. If you use your own carrier in roaming mode, it is also likely you’re not subject to the great firewall, but things change fast. https://fi.google.com
Five years ago, the great firewall could be circumvented by using a (private) server stateside as a proxy, for example a raspberry pi on the home router DMZ ip address, but that supposedly gets detected and blocked as soon as you start using it.
For moderate internet usage (1GB), and free incoming calls and texts, $25 gets you a local Chinese number. Despite mediocre rating, this worked fine. You would have to email a copy of your passport to seller for activation. No anonymous net access in China!
https://www.amazon.com/China-Local-Calls-Texts-Incoming/dp/B0187UMJI0/