Airport TSA agents don’t check terminals for insecure WiFi networks, so stay on your toes when using hotspots at these airports.
With time to spare at an airport, fliers don’t think twice about cracking open their laptops and taking advantage of one of many free WiFi hotspots. But they should, warns Coronet.
Coronet, which sells wireless network security products, recently published its list of best and worst airport WiFi offerings here in the United States when it comes to security. According to a study of 45 of the busiest U.S. airports, San Diego International Airport has the riskiest WiFi hotspots. The least vulnerable is Chicago Midway International Airport.
“Unfortunately, WiFi security is often sacrificed by airport operators in exchange for consumer convenience, leaving networks unencrypted, unsecured or improperly configured,” notes the study (PDF). “Even for those airports that do prioritize security, attack techniques such as the Key Reinstallation Attack (KRACK), which can break the WPA2 protocol to capture and/ or expose information shared over public and private WiFi, presents significant risk to passengers in transit.”
Network risk scores were based on the probability of an attacker on a network.
The most troublesome issues found at airports included a WiFi network named “SouthwestWiFi,” which performed an attack on SSL/HTTPS traffic at the Houston William Hobby International Airport.
“An Evil Twin WiFi access point with the name ‘#SANfreewifi’ was used at the San Diego international airport, running an ARP Poisoning attack,” according to the report.
What follows is a list of both the least vulnerable and most vulnerable airports. The higher the “threat index score” the riskier the airport.
A slew of products from medical dispensing company BD are susceptible to the KRACK vulnerability disclosed last fall.
Google this week finally addressed the KRACK vulnerability in Android, three weeks after the WPA2 protocol flaw was publicly disclosed.
Apple has patched the KRACK vulnerability in iOS and elsewhere in its product line, closing a key re-installation vulnerability in the WPA2 protocol implemented used by its software.
Join thousands of people who receive the latest breaking cybersecurity news every day.