Air Tight - AirTight Expands Study of Airport Wireless Security Risks; Results Reinforce Findings of Earlier Scans

News

Home >
News > Press Releases

AirTight Expands Study of Airport Wireless Security Risks; Results Reinforce Findings of Earlier Scans

Key Findings Reveal Continuing Pattern of Data Leakage in Core Airport Systems and Rapid Spread of Viral Wi-Fi Networks Globally at Additional 13 Airports

San Francisco, CA - April 9, 2008 - At RSA 2008, AirTight^® Networks, the global leader for wireless vulnerability management, today issued the findings from its second study of wireless security vulnerabilities at airports worldwide. The goal of the studies is to assess the adoption of security best practices for Airport WiFi networks and to assess the information security risk exposure of laptop users and wireless networks at airports in the United States, Canada, Europe and Asia. For this study, scans at an additional 13 airports were added to the original group of facilities scanned in the first study.

While the results of the new scans reveal the same patterns of wireless vulnerabilities revealed in the previous study, the vulnerabilities in the core systems at airports were found to be more widespread than in the first study.

“While we were somewhat surprised at how widespread the vulnerabilities were now at a total of 26 airports, we still found ourselves astounded at the magnitude of vulnerabilities exposed in the core systems of many of these airports,” said Pravin Bhagwat, CTO of AirTight. “Several airports, such as JFK International in New York and Washington’s Dulles International, appear to be using WEP based baggage tracking systems which can be easily hacked. When you consider the chaos caused recently by a glitch in the baggage handling system at Terminal 5 at Heathrow in London, you can just imagine the mischief that could be caused if someone intentionally broke into those systems in four or five major airports around the world.”

In this continuing series of studies, AirTight has set out to understand the risks to business travelers and their corporate networks of data leakage while those airline passengers are sending sensitive information using unsecured wireless access points while at the airports. The expanded study continues to find troubling results regarding the security posture of private Wi-Fi networks in the airports scanned as well as the rapid spread of viral Wi-Fi networks.

Just as in the first study, AirTight researchers discovered the rapid spread of viral (ad hoc) infections. Users at both Southampton, UK and Dublin, Ireland airports were seen to be infected with viral SSIDs and the most common infection Free Public WiFi was seen at eight of the newly scanned airports. The earlier study discovered that fully ten percent of the laptops detected during the scans were infected with a viral (ad-hoc) Wi-Fi Network, making the users vulnerable to data leakage and identity theft.

“In this time of heightened security concerns, it is surprising that core systems at major airports are still using a broken encryption system such as WEP or open access points,” continued Bhagwat. “While wireless networks provide great efficiencies in enormous facilities such as an airport, the data that is being transmitted can be so sensitive that all methods available to protect it must be undertaken. It is time for all of these enterprises and government agencies to recognize the risks and implement best practices.”

How the study was conducted
AirTight security researchers took five minute scans at randomly selected locations at 26 airports in Ottawa, Canada, New York, NY, Newark, N.J., Philadelphia and Pittsburgh, Pa, Chicago, Il, Myrtle Beach, SC, West Palm Beach and Ft. Lauderdale, FL, Washington, D.C., San Antonio and Dallas, TX, Seattle, WA, Omaha, NE, Orange County, San Diego, San Jose and San Francisco, CA, Portland, OR, Southampton, UK, Dublin, Ireland, Bankok, Thailand, Seoul, Korea, Malaysia, Singapore and Pune, India from January through March, 2008.

The scans were typically collected at gate or airport lounge areas.

If you would like more information on the AirTight Airport Studies, please contact Della Lowe at 650-934-8191 (office) or 650-868-5829 (mobile).

About AirTight Networks
AirTight Networks, the industry standard for wireless vulnerability management, is the only company that offers customers a flexible, end-to-end solution that gives them visibility into their wireless security posture and a choice in how to manage it. AirTight provides full wireless intrusion prevention systems (WIPS) and the world’s first on demand wireless vulnerability management service. AirTight’s patented technology delivers the key elements of an effective WIPS to eliminate false alarms, block wireless threats immediately and automatically and locate wireless devices and events with pinpoint precision. AirTight’s customers include global retail, financial services, corporate, education and government organizations. AirTight Networks is a privately held company based in Mountain View, CA. For more information please visit www.airtightnetworks.com

Media Contacts:
Della Lowe
AirTight Networks
Tel: +1 (650) 934 8191
della.lowe@airtightnetworks.com

AirTight Networks, and the AirTight Networks logo are trademarks; and AirTight and SpectraGuard are registered trademark of AirTight Networks, Inc. All other trademarks are the property of their respective owners.

<< Back to: Press Releases