1 / 16

Wireless Vulnerability Assessment – Airport Scanning Report Part - II

Wireless Vulnerability Assessment – Airport Scanning Report Part - II. A study conducted by: AirTight Networks, Inc. www.AirTightnetworks.com. About This Study. Background Airtight Networks released the results of its airport wireless vulnerability scan study on March 3, 2008

elroy
Download Presentation

Wireless Vulnerability Assessment – Airport Scanning Report Part - II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Vulnerability Assessment – Airport Scanning Report Part - II A study conducted by: AirTight Networks, Inc. www.AirTightnetworks.com

  2. About This Study Background • Airtight Networks released the results of its airport wireless vulnerability scan study on March 3, 2008 • This follow-up expands the scope by adding vulnerability reports of more airports across the world The Goal • To assess adoption of security best practices at Airport’s Wi-Fi networks • To assess information security risk exposure of laptop users while they are transiting through airports

  3. Study Methodology • Visited 13 new airports world-wide (9 in US, 2 in Europe, 2 in Asia-Pacific) • USA: New York (JFK), Washington (IAD), San Antonio (SAT), Fort Lauderdale (FLL), Dallas (DAL), Seattle (SEA), Omaha (OMA), Chicago (MDW), San Diego (SAN) • Europe: Southampton (SOU), Dublin (DUB) • Asia/Pacific: Bangkok (BKK), Pune (PNQ) • Scanned Wi-Fi signal for 5 minutes at a randomly selected location (typically a departure gate or lounge area) • Total number of APs found = 318 and Clients = 311

  4. 1 2 3 Previous Study Key Findings & Implications Study Findings Critical Airport systems found vulnerable to Wi-Fi threats Data leakage by both hotspot and non-hotspot users ‘Viral Wi-Fi’ outbreak continues Only 3% of hotspot users are using VPNs to encrypt their data! Non-hotspot users found leaking network information ~ 80% of the private Wi-Fi networks at Airports are OPEN / WEP! Over 10% laptops found to be infected! Evidence

  5. New Study Findings • The same pattern of wireless vulnerabilities were found at all airports again • Vulnerabilities in the core systems at airports more wide-spread than previously assessed • Several airports seem to be using WEP-based baggage tracking systems • Insecure configuration practices observed • APs with out-of-the-box default configuration • Open/WEP APs with hidden SSIDs

  6. Wireless Vulnerabilities Revisited – AP Encryption • Majority of APs are OPEN ~ 64% • A significant number of WEP installations are visible ~15% • Only 21% APs are using WPA/WPA2 • The ideal break-up: • Hotspot APs– OPEN • Non-hotspot APs– WPA/WPA2

  7. Wireless Vulnerabilities Revisited – Viral SSIDs • The spread of viral SSIDs is seen at European airports too • Both SOU and DUB airports had viral SSIDs present • Free Public WiFi is the most common viral SSID • Seen at 8 out of 13 newly scanned airports • An active ad-hoc network of 4 users was found at the DAL airport • The users were security-conscious – they were using WEP!

  8. Viral SSIDs Spread to Europe Viral SSIDs spread to Europe! “Free Public WiFi” found at all major airports!

  9. Airport’s Critical Systems are Vulnerable • Previous study reported one instance of baggage system using WEP (at SFO) • New evidence confirms that this occurrence is quite prevalent • Similar vulnerabilities spotted at JFK and IAD airports • Wireless APs possibly used for baggage handling are using WEP. E.g. bagscanjfkt1 (JFK), bagscanlhiad (IAD)

  10. JFK Baggage Scan Possible baggage handling system

  11. IAD Baggage Scan Possible baggage handling system

  12. Bangkok Customs and Baggage Scan Possible baggage handling system Customs network!

  13. Clients Found Connected to Open Customs Network at Bangkok 2 Clients found connected to Customs network

  14. Insecure Practices Observed • APs with default configuration in use! • Over 30% airports have one or more APs with default configuration (which are always insecure) • This not only suggests that security practices were overlooked but these APs can inadvertently also act as Honeypots • Continued reliance on Hidden SSIDs for security! • Over 40% security conscious users still continue to use Hidden SSIDs instead of using WPA/WPA2

  15. Call for Action – Airport Authorities • Airport Authorities and Airlines need to secure their private Wi-Fi networks • Secure legacy Wi-Fi enabled handheld devices being used for baggage handling • Use at least WPA for Wi-Fi enabled ticketing kiosks • Protect the Airport IT networks against active Wi-Fi attacks

  16. Call for Action – Wi-Fi Hotspot Users • Do not connect to Unknown Wi-Fi networks (e.g. “Free Public WiFi”) while at the airport or any other public places • Be aware of your Windows Wi-Fi network configuration • Periodically inspect your Windows Wi-Fi network configuration • Remove unneeded Wi-Fi networks from your “Preferred” list • Do not use computer-to-computer (ad-hoc connectivity) while at public places such as airports • Business Travelers - Use VPN connectivity while using hotspot Wi-Fi networks • Turn OFF your Wi-Fi interface if you are not using it!

More Related