Upload
hoine
View
219
Download
0
Embed Size (px)
Citation preview
8/4/2019 AirTight Airport Scan Results Part2
1/16
Wireless Vulnerability Management
2008 AirTight Networks, Inc.
Wireless Vulnerability
Assessment Airport ScanningReport Part - II
A study conducted by:AirTight Networks, Inc.
www.AirTightnetworks.com
http://www.airtightnetworks.com/http://www.airtightnetworks.com/8/4/2019 AirTight Airport Scan Results Part2
2/16
Page 2 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
About This Study
The Goal
To assess adoption of security best practices at Airports Wi-Fi networks
To assess information security risk exposure of laptop users while they aretransiting through airports
Background
Airtight Networks released the results of itsairport wireless vulnerability scan study onMarch 3, 2008
This follow-up expands the scope by adding
vulnerability reports of more airports across theworld
8/4/2019 AirTight Airport Scan Results Part2
3/16
Page 3 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
Study Methodology
Visited 13 new airports world-wide (9 in US, 2 in Europe, 2 in Asia-Pacific)
USA: New York (JFK), Washington (IAD), San Antonio (SAT), Fort Lauderdale(FLL), Dallas (DAL), Seattle (SEA), Omaha (OMA), Chicago (MDW), SanDiego (SAN)
Europe: Southampton (SOU), Dublin (DUB)
Asia/Pacific: Bangkok (BKK), Pune (PNQ)
Scanned Wi-Fi signal for 5 minutes at a randomly selected location (typically adeparture gate or lounge area)
Total number of APs found = 318 and Clients = 311
8/4/2019 AirTight Airport Scan Results Part2
4/16
Page 4 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
Previous Study Key Findings & Implications
1 2 3
Critical Airportsystems found
vulnerable to Wi-Fithreats
Data leakage byboth hotspot and
non-hotspot users
Viral Wi-Fi outbreak
continues
~ 80% of the private Wi-Fi networks at Airports
are OPEN / WEP!
Only 3% of hotspot usersare using VPNs to encrypt
their data! Non-hotspotusers found leakingnetwork information
Over 10% laptops foundto be infected!
Evidence
Study
Findin
gs
8/4/2019 AirTight Airport Scan Results Part2
5/16
Page 5 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
New Study Findings
The same pattern of wireless vulnerabilities were found at all airports again
Vulnerabilities in the core systems at airports more wide-spread than previouslyassessed
Several airports seem to be using WEP-based baggage tracking systems
Insecure configuration practices observed
APs with out-of-the-box default configuration
Open/WEP APs with hidden SSIDs
8/4/2019 AirTight Airport Scan Results Part2
6/16
Page 6 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
Majority of APs are OPEN ~ 64%
A significant number of WEPinstallations are visible ~15%
Only 21% APs are usingWPA/WPA2
The ideal break-up:Hotspot APsOPENNon-hotspot APsWPA/WPA2
Wireless Vulnerabilities Revisited APEncryption
8/4/2019 AirTight Airport Scan Results Part2
7/16
Page 7 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
Wireless Vulnerabilities Revisited Viral SSIDs
The spread of viral SSIDs is seen at European airports too
Both SOU and DUB airports had viral SSIDs present
Free Public WiFi is the most common viral SSID
Seen at 8 out of 13 newly scanned airports
An active ad-hoc network of 4 users was found at the DAL airport
The users were security-conscious they were using WEP!
8/4/2019 AirTight Airport Scan Results Part2
8/16
Page 8 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
Viral SSIDs Spread to Europe
Free Public
WiFi found at
all majorairports!
Viral SSIDsspread toEurope!
8/4/2019 AirTight Airport Scan Results Part2
9/16
Page 9 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
Airports Critical Systems are Vulnerable
Previous study reported one instance of baggage system using WEP (at SFO)
New evidence confirms that this occurrence is quite prevalent
Similar vulnerabilities spotted at JFK and IAD airports
Wireless APs possibly used for baggage handling are using WEP. E.g.bagscanjfkt1 (JFK), bagscanlhiad (IAD)
8/4/2019 AirTight Airport Scan Results Part2
10/16
Page 10 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
JFK Baggage Scan
Possible baggagehandling system
8/4/2019 AirTight Airport Scan Results Part2
11/16
Page 11 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
IAD Baggage Scan
Possible baggagehandling system
8/4/2019 AirTight Airport Scan Results Part2
12/16
Page 12 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
Bangkok Customs and Baggage Scan
Possible baggagehandling system
Customs network!
8/4/2019 AirTight Airport Scan Results Part2
13/16
Page 13 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
Clients Found Connected to OpenCustoms Network at Bangkok
2 Clients foundconnected to Customs
network
8/4/2019 AirTight Airport Scan Results Part2
14/16
Page 14 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
Insecure Practices Observed
Continued reliance on Hidden SSIDs for security!
Over 40% security conscious users still continue to use Hidden SSIDs instead of usingWPA/WPA2
APs with default configuration in use!
Over 30% airports have one or more APs with default configuration (which arealways insecure)
This not only suggests that security practices were overlooked but these APscan inadvertently also act as Honeypots
SSID Encryption Location
Linksys (1 Clientconnected)
OPEN JFK
Linksys WEP SAT
Default (2) WEP BKK
Linksys OPEN DALLinksys OPEN BKK
8/4/2019 AirTight Airport Scan Results Part2
15/16
Page 15 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
Call for Action Airport Authorities
Airport Authorities and Airlines need to secure their private Wi-Fi networks
Secure legacy Wi-Fi enabled handheld devices being used for baggage handling
Use at least WPA for Wi-Fi enabled ticketing kiosks
Protect the Airport IT networks against active Wi-Fi attacks
8/4/2019 AirTight Airport Scan Results Part2
16/16
Page 16 Wireless Vulnerability Management 2008 AirTight Networks, Inc. Proprietary & Confidential.
Call for Action Wi-Fi Hotspot Users
Do not connect to Unknown Wi-Fi networks (e.g. Free Public WiFi) while at the airport orany other public places
Be aware of your Windows Wi-Fi network configuration
Periodically inspect your Windows Wi-Fi network configuration
Remove unneeded Wi-Fi networks from your Preferred list
Do not use computer-to-computer (ad-hoc connectivity) while at public places such asairports
Business Travelers - Use VPN connectivity while using hotspot Wi-Fi networks
Turn OFF your Wi-Fi interface if you are not using it!