Of the Wi-Fi networks detected by AirTight researchers, 77 percent were not-hotspot (private) networks and of those, 80 percent were unsecured or using legacy WEP (wired equivalent privacy) encryption, nowadays regarded as a flawed encryption protocol.
Based on detailed analysis of these access points, there is a high probability that some of these networks are used for critical airport logistics and operations.
Sri Sundaralingam, senior director of product management at AirTight commented that if hackers can bring down the power grid in several cities as reported by the CIA, “how easy it would be for them to create havoc with an unsecured baggage system.”
“Imagine the ripple effect at an airport like Heathrow or O’Hare if someone could work their way into the baggage transition system and reroute luggage all over the world,” Sundaralingam said. “It could bring the system to a grinding halt with both economic and security consequences.”
The study also discovered that ten percent of the laptops detected during the scans were infected with a viral (ad-hoc) Wi-Fi Network, making the users vulnerable to data leakage and identity theft, while just three percent of all mobile users were using virtual private networks (VPNs).
According to Sundaralingam, it is ironic that the traveler passes through a phalanx of physical security to only be sitting at a gate and be vulnerable to cybercrime.
“Both network administrators and business travelers recognize the benefits of mobility and anywhere, anytime computing but it is time for all of these constituencies to recognize the risks as well as implement best practices,” he added.
AirTight security researchers took five minute scans at randomly selected locations in airports in Ottawa, Canada; San Jose and San Francisco, California; Chicago, Illinois and other US cities as well as Seoul, Malaysia and Singapore over a two week period from January 30 through February 8, 2008.
The traces were collected using off-the-shelf (consumer) Wi-Fi cards and publicly available data collection tools. Four hundred seventy eight access points and 585 Wi-Fi clients were scanned.
The findings concluded that despite incidents like the massive TJX data breach and the case of an Indiana University student, (who was able to generate fake boarding passes), retailers, airlines and providers of critical systems at airports are still not taking a long hard look at cybersecurity or understanding the additional risks the wireless introduces.
Simple and common sense measures can help put a stop to these problems, AirTight said, such as turning off wireless connectivity when it’s not being used.