The next time you're in an airport terminal with your wireless notebook on, there's a good chance you're exposing your or your company's data to others. Even worse, the wireless network you're connected to might be completely insecure -- or even be running on the laptop of the guy sitting next to you.
Researchers from AirTight Networks visited 14 airports around the world and discovered that most business travelers aren't taking the basic steps necessary to protect sensitive data. "We found that only three percent of all mobile users were using virtual private networks (VPNs), so most of their data was free and clear to anyone who could sniff the airwaves," said Mike Baglietto, director of product marketing for AirTight Networks.
With little effort the researchers were able to see what Web surfers were looking at, and even capture their cookies (small text files that allow Web sites to identify and track users). "There's a huge data-leakage exposure," Baglietto said. "We're able to track people's cookies in the air, and once you start getting a user's cookies, you could impersonate that user" to steal their banking credentials, for example.
Insecure Access Points
Web surfers weren't the only ones operating insecurely, Baglietto told us. Most of the wireless networks the AirTight researchers checked out were insecure.
The team noted 478 access points, of which 57 percent were completely unprotected, and another 28 percent were protected by WEP (wired equivalent privacy), an encryption protocol that is easily broken. Even worse, 77 percent of the networks were not hot spots (networks offered by the airport or a provider like T-Mobile). Rather, eight out of 10 were insecure networks run by shops, restaurants and even the airport back offices.
The names of some of the access points -- for example, e-Baggage Trial -- gave the researchers clues that those networks were being used for airport operations like baggage handling to airline ticketing. Just like the other access points, Baglietto said these were also insecure.
The potential for an attack on airport systems is enormous, and such an attack would have catastrophic ramifications. "Imagine somebody doing a denial-of-service attack on the baggage infrastructure at San Francisco or Heathrow airports," Baglietto said. "It would send the entire airport into total chaos" and would likely impact air travel around the globe. (continued...)