Today, everyone takes logging onto an airport’s WiFi for granted, so they can idle away the time prior to departure, or post on Instagram to all of their followers anticipating their next great adventure.
But what many travelers likely never think about is whether or not their internet wanderings leave their electronic devices vulnerable to cyberattacks, malware, and other digital hacking risks that could compromise their security.
“The lax cybersecurity posture at most airports has created an environment in which adversaries can utilize insecure public WiFi as the attack vector to introduce a plethora of advanced network vulnerabilities,” according to Coronet, a cyber security company that recently published a Threat Index for airport WiFi systems.
“Any one of these network vulnerabilities can empower an attacker to obtain access credentials to Microsoft Office 365, G-Suite, Dropbox and other popular cloud apps; deliver malware to the device and the cloud, and snoop-and-sniff device communications,” they said.
Coronet said it collected data from more than 250,000 “consumer and corporate endpoints” (digital devices) that traveled through America’s 45 busiest airports over the course of five months.
San Diego International Airport tops the list
Based on their analysis, Coronet said San Diego International Airport presented the highest risk for travelers, with a threat index score of 10. The top five highest risk airports were:
1. San Diego International Airport (10).
2. John Wayne Orange County (California) Airport, (8.7).
3. Houston’s William P Hobby Airport, (7.5).
4. Southwest Florida International Airport (Fort Myers), (7.1).
5. Newark (New Jersey) Liberty International Airport, (7.1).
Coronet said an acceptable airport WiFi risk level is below 6.5, and it listed only one other airport above that ranking, Dallas Love Field, at a score of 6.8.
In San Diego, “an Evil Twin WiFi access point with the name “#SANfreewifi” was used at the San Diego international airport, running an ARP Poisoning attack” on a digital device that Coronet examined.
Meanwhile, at Houston's Hobby, “an attacker on a WiFi network named “SouthwestWiFi” performed an attack on SSL/HTTPS traffic.”
Overall, Coronet said that the probability of connecting to a medium-risk network is about 1 percent, while finding yourself connected to a high-risk network at an airport is .6 percent – but much higher for airports like Houston and San Diego.
The other 39 airports they reviewed fell below that level, including: Phoenix Sky Harbor International Airport, 6.5; Charlotte Douglas International Airport, 6.4; Detroit Metropolitan Wayne County Airport, 6.4; and Boston Logan International Airport, 6.4.
The airports where traveler devices are least vulnerable included: Chicago Midway International Airport, 4.5; Raleigh Durham International Airport, 4.9; Washington Dulles International Airport and Nashville International Airport at 5.1; and Kansas City International Airport, Louis Armstrong New Orleans International Airport and San Antonio International Airport, all at a risk level of 5.2.
Point proven at ASTA conference
Traveler and travel agent cyber vulnerability was revealed at the American Society of Travel Agents (ASTA) 2018 annual global conference, held in San Diego. In a general session, Teddy Lindsey, CTO of cyber security firm Ntrepid, asked attendees how many of them had logged on to the “ASTAFreeWifi” service at the hotel. Hundreds of hands went up.
Lindsey then informed attendees that this connection was set up by his firm to benignly ensnare device names to prove a point about cyber vulnerability, and the risks of being complacent while traveling.
“What could have been happening, is that your phone was going out to check email, and that traffic was being redirected to one of their servers,” Lindsey said. Anything in those emails, including business critical and confidential information, credit card numbers, or ID information like passport details, would then be in the hands of people with malintent.
“It should be concerning for the traveler and for you, the travel advisor,” he said.
In its report, Coronet said that while most airports presented an acceptable level of risk, “even for those airports that do prioritize security, attack techniques such as the Key Reinstallation Attack (KRACK), which can break the WPA2 protocol to capture and/or expose information shared over public and private WiFi, presents significant risk to passengers in transit.”
The company recommends travelers ensure they are using up-to-date security solutions that can “identify both malicious networks and attackers,” and that travelers should only connect to networks they can identify and/or know.