Author Archives: The Flying Detective

About The Flying Detective

The Flying Detective has traveled around the world since the 1990's and has visited many countries. TFD has been involved in travel hacking since 2015 and enjoys free or discounted air travel and hotels. He writes trip reports and other articles that may be of interest to fellow travel hackers.

a close-up of a computer screen

PSA: Stop Using SMS / Text for 2 Factor Authentication (2FA) Access Codes Due to SS7 Vulnerability

Posted on by . 7 Replies

Many people are becoming aware of enhanced security measures taken by banking, internet, email and other institutions.  Commonly known as “two-factor authentication” or 2FA, the user has a choice of receiving the one time PIN or password by text message or on an app loaded on the phone, known as an authenticator.  Another less common format is a security token that can be kept with the user; the token generates a PIN number randomly usually every minute.

Having your email hacked or bank account drained can be daunting for anyone, but for those of us who travel having this happen while you are in a foreign country or on an airplane with not internet access poses another problem and can easily ruin a trip.

If I have 2FA enabled, I’m safe, right?

In short, no, or maybe.  The answer is a bit complicated.  It really depends on HOW you have enabled 2FA.  If you use your text messaging or SMS to receive your code you are vulnerable. Why?  Read on…

Why is 2FA via text messaging or SMS not secure?

To fully understand why we have to look a little deeper and explain how cellular networks work. Specifically we have to understand how cellular networks are connected and why they need to be connected.  Because networks pass information such as text messages, billing information, roaming information and other data a connection called SS7 exists. This network has been vulnerable to hacks and outside access for a long time. Without getting very technical once someone has access to the SS7 network, your cellular movement, calls, and texts are easily accessible.  The text messages sent and received are not encrypted over SS7, so a hacker can read them.  If they have access to your messages, they can see any message, including PIN numbers from your bank, internet provider, email service, etc.  For more information and an example watch the video below.

https://youtu.be/-pEcTv3kX74

Continue reading

a building with a mountain in the background

Trip Report: Viceroy Hotel in Snowmass Village, Colorado

Posted on by . Leave a reply

I arrived in Denver from Maui (read Trip Report: Sheraton Maui Resort & Spa) and checked into the Viceroy Hotel in Snowmass Village, Colorado, about 5 hours later, mid-week in September, for a 3 night stay.  There was no snow on the ground in Snowmass, contrary to the name, but the views were still breathtaking.

There’s not much to say about the Viceroy hotel except one thing: it is awesome!  This particular location has high end finishes on literally everything, including the in-room espresso machine, washer and dryer, gas fireplaces in the master bedroom and living room, and a full kitchen.  If you are into skiing, you will notice the lift is at the base of the hotel.  You can literally get on the lift as you walk out of the resort and ski back down to your room.

a helicopter on a cable car

Viceroy Hotel in Snowmass Village, Colorado

Continue reading

a blue sky with clouds and black text

Trip Report: Sheraton Maui Resort & Spa

Posted on by . 4 Replies

I arrived at the Sheraton Maui Resort & Spa mid-week in September.  The resort is situated on prime beach front real estate and the views are fabulous.  8,000 SPG points were offered for attending a promotional review of their timeshare presentation, so that was a nice bonus as well.

The Flights

I could have done a separate review of United First Class, but it wasn’t all that spectacular. Sure the seats are wider and there was food service in first that presumably coach did not get, but the seats were not lie-flat.  United did have 120V electricity outlets on each seat, which was nice.  The first flight from Denver to San Francisco had WiFi, but there was no entertainment system. The flight from San Francisco to Honolulu did not have WiFi and the DirecTV entertainment system went offline soon after leaving the airport, but movies were still available.  Despite this being a fairly long First Class flight, one doesn’t get United Club lounge access unless you have a membership or Star Alliance Gold status from any carrier but United.

people sitting in a plane

Domestic United First Class

Continue reading

a close-up of a machine

PSA: Use ATMs with NFC Readers to Avoid ATM Skimmers

Posted on by . 9 Replies

Good morning everyone, I just wanted to introduce you to Shane, the Flying Detective, as my newest writer.  He has a law enforcement background and he will write about law enforcement, travel hacking, MSing, and trip reports.  He has quite a few trip reports ready, so those will be coming out over the next few days.  I hope you enjoy reading his posts and please give Shane a warm TWG welcome.

Everyone has seen the news articles about ATM skimmers and how criminals steal your card info from the magnetic stripe and then record your PIN number by a video camera or a fake PIN pad, right?

How Do ATM Skimmers Work?

To help educate readers who are not familiar with the ATM skimmers, check out this ATM skimmer found at an ATM in Vienna, Austria.  Watch the video and you can see how the device records your information.

Continue reading