SOURCE: AirTight Networks, Inc.

March 03, 2008 08:00 ET

AirTight Study at Worldwide Airports Reveals Wireless Security Risks for Travelers and Airport Operations

Key Findings Reveal Extensive Data Leakage, Unsecured Private Networks and Rapid Spread of Viral Wi-Fi Networks

CHICAGO, IL--(Marketwire - March 3, 2008) - At Gartner Mobile and Wireless, AirTight® Networks, the global leader for wireless intrusion prevention systems, today issued the findings from its study to assess information security risk exposure of laptop users at fourteen airports in the United States, Canada and Asia. The company set out to understand the risks to business travelers and their corporate networks of data leakage while those airline passengers are sending sensitive information using unsecured wireless access points while at the airports. It found surprising results, however, regarding the security posture of private Wi-Fi networks in these airports as well as the rapid spread of viral Wi-Fi networks.

One of the most surprising findings of this initial study was that some ticketing systems, baggage systems, shops and restaurants were using open or poorly secured wireless networks. Of the Wi-Fi networks detected by AirTight researchers, 77 percent were non-hotspot (i.e. private) networks and of those, 80 percent were unsecured or using legacy WEP encryption, a fatally flawed protocol. Based on detailed analysis of these access points, there is a high probability that some of these networks are used for critical airport logistics and operations. The consequences of this lack of security could result in disruption of baggage or passenger ticketing systems.

"If hackers can bring down the power grid in several cities as reported by the CIA, how easy would it be for them to create havoc with an unsecured baggage system," said Sri Sundaralingam, senior director of product management at AirTight. "Imagine the ripple effect at an airport like Heathrow or O'Hare if someone could work their way into the baggage transiting system and reroute luggage all over the world. It could bring the system to a grinding halt with both economic and security consequences."

Despite incidents like the one mentioned above, the massive TJX data breach and the case of an Indiana University student who was able to generate fake boarding passes, AirTight's findings appear to demonstrate that retailers, airlines and providers of critical systems at airports are still not taking a long hard look at cyber security or understanding the additional risks that wireless introduces.

The study also discovered that fully ten percent of the laptops detected during the scans were infected with a viral (ad-hoc) Wi-Fi Network, making the users vulnerable to data leakage and identity theft.

"It is ironic that the traveler passes through a phalanx of physical security to only to be sitting at a gate and be vulnerable to cybercrime," continued Sundaralingam "Both network administrators and business travelers recognize the benefits of mobility and anywhere, anytime computing but it is time for all of these constituencies to recognize the risks as well and implement best practices."

How the study was conducted

AirTight security researchers took five minute scans at randomly selected locations in airports in Ottawa, Canada, Newark, NJ, Philadelphia and Pittsburgh, PA, Chicago, IL, Myrtle Beach, SC, West Palm Beach, FL, Orange County, San Jose and San Francisco, CA, Portland, OR, Seoul, Malaysia and Singapore over a two week period from January 30 through February 8, 2008.

The traces were collected using off-the-shelf (consumer) Wi-Fi cards and publicly available data collection tools. Four hundred seventy eight access points and 585 Wi-Fi clients were scanned. The scans were typically collected at gate or airport lounge areas.

If you would like more information on the AirTight Airport Study, please contact Della Lowe at 650-934-8191.

About AirTight Networks

AirTight Networks is the industry standard for wireless intrusion prevention systems (WIPS) which allow enterprises to enhance security while minimizing the cost and administrative burden associated with a comprehensive wireless security policy. AirTight's patented technology delivers the key elements of an effective WIPS to eliminate false alarms, block wireless threats immediately and automatically and locate wireless devices and events with pinpoint precision. AirTight's customers include global retail, financial services, corporate, education and government organizations. AirTight Networks is a privately held company based in Mountain View, CA. For more information please visit www.airtightnetworks.net

AirTight Networks and the AirTight Networks logo are trademarks; AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks are the property of their respective owners.

Contact Information

  • Media Contact:
    Della Lowe
    AirTight Networks
    (650) 934-8191
    Email Contact