Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Study Conducted by AirTight Networks

Published byWilliam Ira Payne Modified over 6 years ago

Similar presentations

Presentation on theme: "A Study Conducted by AirTight Networks"— Presentation transcript:

1 A Study Conducted by AirTight Networks
Wireless Vulnerability Assessment: Airport Scanning Report A Study Conducted by AirTight Networks

2 A Study Conducted by AirTight Networks Not for circulation
About this Study Background Airports world-wide now provide Wi-Fi Internet access for mobile users Use of Wi-Fi hotspots by business users at airports is steadily increasing Airports are increasingly using private Wi-Fi networks for baggage handling as well as passenger ticketing The Goal To assess adoption of security best practices at Airport Wi-Fi networks To assess information security risk exposure of laptop users while they are transiting through airports A Study Conducted by AirTight Networks Not for circulation

3 Study Methodology Visited 14 airports world-wide (11 in US; 3 in Asia-Pacific) Scanned Wi-Fi signal for 5 minutes at randomly selected location (typically a departure gate or lounge area) Traces collected using off the shelf Wi-Fi card and publicly available data collection tools Traces collected between 30 Jan 2008 through 8 Feb 2008 Number of Access Points = 478; Number of Clients = 585 >> Portland (PDX) >> Chicago (ORD) >> Ottawa (YOW) >> Newark (EWR) >> San Francisco(SFO) Seoul (ICN) >> Philadelphia (PHL) >> San Jose (SJC) >> Pittsburgh (PIT) Malaysia (KLIA) >> Orange County (SNA) >> Myrtle Beach (MYR) Singapore (SIN) >> West Palm Beach (PBI) A Study Conducted by AirTight Networks Not for circulation

4 Key Findings & Implications
Study Findings 1 2 3 Critical Airport systems found vulnerable to Wi-Fi threats Data leakage by both hotspot and non-hotspot users ‘Viral Wi-Fi’ outbreak continues ~ 80% of the private Wi-Fi networks at Airports are OPEN / WEP! Only 3% of hotspot users are using VPNs to encrypt their data! Non-hotspot users found leaking network information Over 10% laptops found to be infected! Evidence A Study Conducted by AirTight Networks Not for circulation

5 A Study Conducted by AirTight Networks Not for circulation
Summary of Findings We expected to find mostly hotspot networks but we found 77% of the Wi-Fi networks are non hotspot (i.e. private) Wi-Fi networks 80% of the private Wi-Fi networks are unsecured or are using legacy WEP security There is a high probability some of these Wi-Fi networks are used for logistics, baggage handling, as well as passenger ticketing We found considerable data leakage by Wi-Fi hotspot users Only 3% of the users are using VPN to secure their hotspot Wi-Fi connection Sensitive information such as user credentials can be easily captured over the air We found all Wi-Fi users at the airport were leaking their Wi-Fi networking information! Users are taking serious risks in connecting to “viral” Wi-Fi networks “Viral” Wi-Fi networks are rapidly spreading… 10% of the laptops are already infected Attackers can take control of victim’s laptop – confidential data theft! We found active “viral” Wi-Fi networks at almost all Airports A Study Conducted by AirTight Networks Not for circulation

6 A Study Conducted by AirTight Networks Not for circulation
Wi-Fi Scan Results Majority of Wi-Fi networks are OPEN A large number of WEP installations are also visible ~28% Small % of secure WPA/WPA2 Wi-Fi networks But are all OPEN Wi-Fi networks Hot-Spots? A total of 478 Wi-Fi Access Points were analyzed across all Airports! A Study Conducted by AirTight Networks Not for circulation

7 These don’t look like hotspot APs!
Wi-Fi Scan Results Public Wi-Fi Hotspots Private Wi-Fi Networks Access Points (APs) Open APs Hot-spot providers These don’t look like hotspot APs! A Study Conducted by AirTight Networks Not for circulation

8 A magnified look at Unsecured Access Points
41% Hotspot APs Non Hotspot APs 59% (1) Hotspot APs don’t hide SSID (2) Hotspot SSIDs are well known/published and advertised (3) Usually signal from multiple hotspot APs is visible at any coverage location Concourse tmobile Wayport AttWi-Fi FlyPittsburgh Flypdx singaporeair_B singaporeair_F JWA Hotspot Ft.Laud-Hlwd_ Airport-Public ACCESS-StarHub (null ssid) Backbone PacGate  LGDacom SFOPRIVATE Ice Currency Services IAACCO KIOSKWIRELESS  BullPenH1 AceRail e-Baggage Trial AP1 A Study Conducted by AirTight Networks Not for circulation

9 Summary of Findings - Questioning Airport IT Security
To our surprise, we found – 77% of the Wi-Fi networks are non hotspot networks (private Wi-Fi networks) 80% of these networks are unsecured or are using legacy WEP security There is a high probability these networks are being used for: Baggage handling Passenger ticketing By retailers These networks can be hacked within minutes… A Study Conducted by AirTight Networks Not for circulation

10 Vulnerability discovered at SFO Airport
The Wi-Fi Access Points listed below are possibly a part of the airport’s baggage management infrastructure ultratrak is possibly an SSID (Wi-Fi network) for baggage tracking service claims their baggage tracking solution “ultratrak” is in use at SFO Prevalent Myth – Hiding SSID is more secure than encryption All APs are Open/WEP! We discovered the “Hidden” SSID of an AP in a mere 5 minute scan! The “Hidden” WEP-encrypted Access Point was communicating with a “Symbol” card typically used in handheld devices that are likely used in baggage management at SFO. The baggage management system at SFO airport may easily be compromised! A Study Conducted by AirTight Networks Not for circulation

11 User Connectivity Analysis
57% 28% 10% 5% OPEN WEP WPA WPA2 7% 1% 6% Non - Hotspot Hotspot 71% 15% 59% HTTP 38% HTTPS 3% VPN Clients ( 585 in number) 59% hotspot users are using plain text protocols such as HTTP Only 3% are using VPN connectivity to secure their data! A Study Conducted by AirTight Networks Not for circulation

12 Data Leakage – By Wi-Fi Users
(2) He is looking at the Nasdaq Composite Index (symb=comp) (1) User is visiting (3) We have his cookie! So we can impersonate him Clients sending data without any encryption using HTTP are in serious danger of having their activities spied on and accounts hijacked in some cases A Study Conducted by AirTight Networks Not for circulation

13 Data Leakage – By Wi-Fi Users
Users’ are leaking their Wi-Fi networking information Which networks they have connected to in the past (including security settings, etc) Home networks Office networks Hotspots This in turn means these Clients are vulnerable to “Honeypot” / “Caffe Latte” style attacks A Study Conducted by AirTight Networks Not for circulation

14 “Honeypot” Attack Scenario
(1) Laptop is probing for SSIDs from your preferred list (cached). (2) Attacker sets up an Access Point with matching SSIDs. Tools for setting this up are easily available (e.g. Karma, Hotspotter) Client (3) Laptop connects to the Attacker’s machine. (4) Attacker launches exploits to download data or gain control of victim’s machine. Attacker Clients who are not active hotspot user can also be attacked! This may already be happening, but nobody will know unless airspace is continuously monitored Airports are good places to find high such high value targets! A Study Conducted by AirTight Networks Not for circulation

15 Wi-Fi virus outbreak at the Airports
% of total Clients infected by one or more viral SSIDs at various Airports 10% of all mobile users were advertising viral Wi-Fi networks! A Study Conducted by AirTight Networks Not for circulation

16 What are Viral Wi-Fi networks?
Viral Wi-Fi networks are Ad-Hoc networks advertising alluring SSIDs Typically these SSIDs advertise “free” Internet connectivity Natural first choice for most naive users – after all its FREE!!! US Airways Free Wi-Fi Free Public Wi-Fi Free Internet! A Study Conducted by AirTight Networks Not for circulation

17 How the Infection happens…
Infected Laptop User Infected! Free Public Wi-Fi Once the User connects, the Viral SSID (”Free Public Wi-Fi”) gets added permanently to the User’s own Wireless Configuration A Study Conducted by AirTight Networks Not for circulation

18 How the outbreak happens…
Infected Once infected, a client will broadcast the “Free Public Wi-Fi” SSID to all other clients in its vicinity Thus the infected user further propagates the infection Any laptop which connected to the Viral SSID broadcasted by the user in turn gets infected! Infected Infected Infected Infected Infected Infected A Study Conducted by AirTight Networks Not for circulation

19 Why are Viral Wi-Fi networks such a big threat?
Infected Once connected to a Viral SSID network… All of the user’s shared folders will be accessible to every other laptop connected to the Viral SSID network A hacker can easily access confidential data on your hard disk A Study Conducted by AirTight Networks Not for circulation

20 Call to Action – Airport authorities
Airport authorities and Airlines need to secure their private Wi-Fi networks – Secure legacy Wi-Fi enabled handheld devices being used for baggage handling Use at least WPA for Wi-Fi enabled ticketing kiosks Protect the Airport IT networks against active Wi-Fi attacks A Study Conducted by AirTight Networks Not for circulation

21 Call to Action – Wi-Fi Hotspot Users
Do not connect to Unknown Wi-Fi networks (example: “Free Public Wifi”) while at the airport or any other public places Be Aware of your Windows Wi-Fi network configuration Periodically inspect your windows Wi-Fi network configuration Remove unneeded Wi-Fi networks from your “preferred” list Do not use computer-to-computer (i.e. Adhoc connectivity) while at public places such as Airports Business Travelers - Use VPN connectivity while using hotspot Wi-Fi networks Turn OFF your Wi-Fi interface if you are not using it! A Study Conducted by AirTight Networks Not for circulation

Download ppt "A Study Conducted by AirTight Networks"

Similar presentations

Wi-Fi Technology.

Wi-Fi Technology.
A Study Conducted by AirTight Networks Wireless Vulnerability Assessment: Airport Scanning Report www.airtightnetworks.net.

A Study Conducted by AirTight Networks Wireless Vulnerability Assessment: Airport Scanning Report
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
LISTING ACCESS POINT ON TOP OF THE LIST Hacking access point users By Uttam Gurung.

LISTING ACCESS POINT ON TOP OF THE LIST Hacking access point users By Uttam Gurung.
“All your layer are belong to us” Rogue 802.11 APs, DHCP/DNS Servers, and Fake Service Traps.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)

OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Wardriving 7/29/2004 The “Bad Karma Gang”. Agenda Introduction to Wardriving The Tools of Wardriving Wardriving Green Lake.

Wardriving 7/29/2004 The “Bad Karma Gang”. Agenda Introduction to Wardriving The Tools of Wardriving Wardriving Green Lake.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Chapter 7 Securing your Wireless Network (WIFI). Synopsis What is a wireless home network? What damage can a wireless network snoop do? Who are the snoopers?

Chapter 7 Securing your Wireless Network (WIFI). Synopsis What is a wireless home network? What damage can a wireless network snoop do? Who are the snoopers?
Lack of Security in Hotspots/Wi Fi Areas Yin Wai ISM 158 4/27/10.

Lack of Security in Hotspots/Wi Fi Areas Yin Wai ISM 158 4/27/10.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Wireless Networking. Wi-Fi or 802.11 Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Wireless Vulnerability Management  2008 AirTight Networks, Inc. Wireless Vulnerability Assessment – Airport Scanning Report Part - II A study conducted.

Wireless Vulnerability Management  2008 AirTight Networks, Inc. Wireless Vulnerability Assessment – Airport Scanning Report Part - II A study conducted.
 2009 AirTight Networks. Financial Districts Wireless Vulnerability Study A study conducted by AirTight Networks, Inc. www.airtightnetworks.com.

 2009 AirTight Networks. Financial Districts Wireless Vulnerability Study A study conducted by AirTight Networks, Inc.
 What is Computer Security  Key Components  Levels  Challenges  Attacks  Desktop Security  Why it is important  Virus/Worms/Trojans  Tips  Web.

 What is Computer Security  Key Components  Levels  Challenges  Attacks  Desktop Security  Why it is important  Virus/Worms/Trojans  Tips  Web.

Similar presentations

Ads by Google