airtight airport scan results part2

8/4/2019 AirTight Airport Scan Results Part2

1/16

Wireless Vulnerability Management

2008 AirTight Networks, Inc.

Wireless Vulnerability

Assessment Airport ScanningReport Part - II

A study conducted by:AirTight Networks, Inc.

www.AirTightnetworks.com
http://www.airtightnetworks.com/http://www.airtightnetworks.com/


2/16

Page 2 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.

About This Study

The Goal

To assess adoption of security best practices at Airports Wi-Fi networks

To assess information security risk exposure of laptop users while they aretransiting through airports

Background

Airtight Networks released the results of itsairport wireless vulnerability scan study onMarch 3, 2008

This follow-up expands the scope by adding

vulnerability reports of more airports across theworld


3/16


Study Methodology

Visited 13 new airports world-wide (9 in US, 2 in Europe, 2 in Asia-Pacific)

USA: New York (JFK), Washington (IAD), San Antonio (SAT), Fort Lauderdale(FLL), Dallas (DAL), Seattle (SEA), Omaha (OMA), Chicago (MDW), SanDiego (SAN)

Europe: Southampton (SOU), Dublin (DUB)

Asia/Pacific: Bangkok (BKK), Pune (PNQ)

Scanned Wi-Fi signal for 5 minutes at a randomly selected location (typically adeparture gate or lounge area)

Total number of APs found = 318 and Clients = 311


4/16


Previous Study Key Findings & Implications

1 2 3

Critical Airportsystems found

vulnerable to Wi-Fithreats

Data leakage byboth hotspot and

non-hotspot users

Viral Wi-Fi outbreak

continues

~ 80% of the private Wi-Fi networks at Airports

are OPEN / WEP!

Only 3% of hotspot usersare using VPNs to encrypt

their data! Non-hotspotusers found leakingnetwork information

Over 10% laptops foundto be infected!

Evidence

Study

Findin

gs


5/16


New Study Findings

The same pattern of wireless vulnerabilities were found at all airports again

Vulnerabilities in the core systems at airports more wide-spread than previouslyassessed

Several airports seem to be using WEP-based baggage tracking systems

Insecure configuration practices observed

APs with out-of-the-box default configuration

Open/WEP APs with hidden SSIDs


6/16


Majority of APs are OPEN ~ 64%

A significant number of WEPinstallations are visible ~15%

Only 21% APs are usingWPA/WPA2

The ideal break-up:Hotspot APsOPENNon-hotspot APsWPA/WPA2

Wireless Vulnerabilities Revisited APEncryption


7/16


Wireless Vulnerabilities Revisited Viral SSIDs

The spread of viral SSIDs is seen at European airports too

Both SOU and DUB airports had viral SSIDs present

Free Public WiFi is the most common viral SSID

Seen at 8 out of 13 newly scanned airports

An active ad-hoc network of 4 users was found at the DAL airport

The users were security-conscious they were using WEP!


8/16


Viral SSIDs Spread to Europe

Free Public

WiFi found at

all majorairports!

Viral SSIDsspread toEurope!


9/16


Airports Critical Systems are Vulnerable

Previous study reported one instance of baggage system using WEP (at SFO)

New evidence confirms that this occurrence is quite prevalent

Similar vulnerabilities spotted at JFK and IAD airports

Wireless APs possibly used for baggage handling are using WEP. E.g.bagscanjfkt1 (JFK), bagscanlhiad (IAD)


10/16


JFK Baggage Scan

Possible baggagehandling system


11/16


IAD Baggage Scan



12/16


Bangkok Customs and Baggage Scan


Customs network!


13/16


Clients Found Connected to OpenCustoms Network at Bangkok

2 Clients foundconnected to Customs

network


14/16


Insecure Practices Observed

Continued reliance on Hidden SSIDs for security!

Over 40% security conscious users still continue to use Hidden SSIDs instead of usingWPA/WPA2

APs with default configuration in use!

Over 30% airports have one or more APs with default configuration (which arealways insecure)

This not only suggests that security practices were overlooked but these APscan inadvertently also act as Honeypots

SSID Encryption Location

Linksys (1 Clientconnected)

OPEN JFK

Linksys WEP SAT

Default (2) WEP BKK

Linksys OPEN DALLinksys OPEN BKK


15/16


Call for Action Airport Authorities

Airport Authorities and Airlines need to secure their private Wi-Fi networks

Secure legacy Wi-Fi enabled handheld devices being used for baggage handling

Use at least WPA for Wi-Fi enabled ticketing kiosks

Protect the Airport IT networks against active Wi-Fi attacks


16/16


Call for Action Wi-Fi Hotspot Users

Do not connect to Unknown Wi-Fi networks (e.g. Free Public WiFi) while at the airport orany other public places

Be aware of your Windows Wi-Fi network configuration

Periodically inspect your Windows Wi-Fi network configuration

Remove unneeded Wi-Fi networks from your Preferred list

Do not use computer-to-computer (ad-hoc connectivity) while at public places such asairports

Business Travelers - Use VPN connectivity while using hotspot Wi-Fi networks

Turn OFF your Wi-Fi interface if you are not using it!

airtight airport scan results part2

Documents