Airport Study Reveals Wireless Security Risks

Mar 11, 2008 4:44 PM

At Gartner Mobile and Wireless, AirTight Networks issued the findings from its study to assess information security risk exposure of laptop users at 14 airports in the United States, Canada and Asia. The company wanted to understand the risks to business travelers and their corporate networks of data leakage while those airline passengers are sending sensitive information using unsecured wireless access points while at the airports. The results regarding the security posture of private Wi-Fi networks in these airports as well as the rapid spread of viral Wi-Fi networks surprised the researchers.

One of the most surprising findings of this initial study was that some ticketing systems, baggage systems, shops and restaurants were using open or poorly secured wireless networks. Of the Wi-Fi networks detected by AirTight researchers, 77 percent were non-hotspot (i.e. private) networks and of those, 80 percent were unsecured or used legacy WEP encryption, a fatally flawed protocol. Based on detailed analysis of these access points, there is a high probability that some of these networks are used for critical airport logistics and operations. The consequences of this lack of security could result in disruption of baggage or passenger ticketing systems.

"If hackers can bring down the power grid in several cities as reported by the CIA, how easy would it be for them to create havoc with an unsecured baggage system," says Sri Sundaralingam, senior director of product management at AirTight. "Imagine the ripple effect at an airport like Heathrow or O'Hare if someone could work their way into the baggage transiting system and reroute luggage all over the world. It could bring the system to a grinding halt with both economic and security consequences."

Despite incidents like the one mentioned above, the massive TJX data breach and the case of an Indiana University student who was able to generate fake boarding passes, AirTight's findings appear to demonstrate that retailers, airlines and providers of critical systems at airports are still not taking a long hard look at cyber security or understanding the additional risks that wireless introduces.

The study also discovered that fully ten percent of the laptops detected during the scans were infected with a viral (ad-hoc) Wi-Fi Network, making the users vulnerable to data leakage and identity theft.

"It is ironic that the traveler passes through a phalanx of physical security to only to be sitting at a gate and be vulnerable to cybercrime," continued Sundaralingam. "Both network administrators and business travelers recognize the benefits of mobility and anywhere, anytime computing but it is time for all of these constituencies to recognize the risks as well and implement best practices."

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue