We went to Berlin over the weekend. One of the museums that we saw was the German Spy Museum. It was a very interesting and amusing place.
The first thing we noticed was that the museum offered free WiFi. You probably know that for security reasons, you shouldn’t use public WiFi for anything private or secure, like banking. That’s in things like coffee shops, where their business probably isn’t knowing things that they shouldn’t. Spies are in that business. I tunnel all my internet usage through a VPN, encrypted, and I didn’t connect to their network, even though I wasn’t doing anything that used authentication. I really didn’t trust their network.
They also offered free phone charging. Are you starting to see a theme here? Non-wireless phone chargers necessitate plugging a cable into the phone. Most phones allow data syncing over a cable. The data sync port is the charging port. Looking at the phone chargers in the lockers, you can’t tell what they’re plugged into, meaning they could be plugged into a computer. It would also be remarkably easy to destroy a phone by using too high of a voltage in the charger. This is normally impossible to do accidentally, but by cutting the cables and splicing in a stronger power source, it would be possible. Anyway, if a malicious actor has physical access, there’s really nothing that can prevent data destruction, and very little that can prevent data theft, most of which destroys the data.
Interestingly, the charger cables supported the old apple charger that was last used for the iPhone 4s and iPad 3rd generation. Neither of those are seen commonly anymore.
Later in the museum, there was an interactive ‘How secure is your password?’ display. You type in your password, and it tells you how long it would take to brute-force your password and if it’s a common password. The common password part didn’t catch correcthorsebatterystaple (https://www.xkcd.com/936/), but that’s not even the biggest problem. You just typed your password into a computer that you don’t control. The answer to ‘How secure is your password?’ is now ‘It’s not’.
You might think that based on this post, the German Spy Museum is a bad idea, but it’s really not. It was very interesting, and I learned a good bit. If you do go though, be careful. They probably aren’t actually using these security holes, but it’s good to be on the safe side.