CloudFlare pros pen paranoid phone plan for pwn-free peregrination

Travelling executives should use modern iPhones with burner SIMs, no PINs, and minimal apps, CloudFlare security boffin Filippo Valsorda says.

Valsorda of the anti- distributed denial of service attack firm's London office says his 'paranoid' guide focuses on iOS because he considers it the most secure operating system currently available.

The travelling executive should start with a burner Apple ID with Touch ID activated, and a ridiculously long log-in password which will frustrate physical attackers but not the user, thanks to the biometric option.

"Use Airplane mode extensively," Valsorda says. "Turn off WiFi when you don't need it."

Apple security questions should be passwords, not personal information which can be obtained from Facebook and other leaky sources.

1Password with Touch ID and syncing killed is your best option for handling passwords.

Safe travel requires protection, so USB condoms which prevent data theft over the port during charging are a must. Alternatively the traveller must label their trusted charger and only ever use that.

Siri is off. As is Bluetooth, voice dial, Safari's Javascript, and nine other options.

If Javascript is required, use the Brave browser as it uses the HTTPS Everywhere extension and blocks possibly malicious advertising.

Do not use your normal email address, but instead set up a temporarily one that contains the emails you'll need, sans anything with the phrases password, reset, recover, or subject:login, all of which can be nixed with a blacklist.

After 10 failed password attempts, the modern iPhone should obliterate data held within, while two factor authentication must be used to help protect the burner Apple ID.

Valsorda continues; install only essential apps before travelling, refuse updates, slap encryption on the Notes app and avoid writing sensitive things on the first line, which remains unencrypted.

A spare SIM card should be taken with the original kept hidden, and PINs set on both. "It's not much, but it's all you can do against a SS7 attack," Valsorda says.

Snowden's Signal, and WhatsApp are your communications apps to be tied to the disposable SIM. You'll need to keep an email record of your fingerprint to ensure the people you talk to are who they say, and turn off backups.

Valsorda rounds off his paranoia guide recommending execs use auto responders on real email addresses that point people to burner contacts with a note to not blab confidential data. ®