Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Study Conducted by AirTight Networks Wireless Vulnerability Assessment: Airport Scanning Report www.airtightnetworks.net.

Published byEleanor Sizer Modified over 10 years ago

Similar presentations

Presentation on theme: "A Study Conducted by AirTight Networks Wireless Vulnerability Assessment: Airport Scanning Report www.airtightnetworks.net."— Presentation transcript:

1 A Study Conducted by AirTight Networks Wireless Vulnerability Assessment: Airport Scanning Report www.airtightnetworks.net

2 A Study Conducted by AirTight Networks Not for circulation About this Study The Goal u To assess adoption of security best practices at Airport Wi-Fi networks u To assess information security risk exposure of laptop users while they are transiting through airports Background u Airports world-wide now provide Wi-Fi Internet access for mobile users u Use of Wi-Fi hotspots by business users at airports is steadily increasing u Airports are increasingly using private Wi-Fi networks for baggage handling as well as passenger ticketing

3 A Study Conducted by AirTight Networks Not for circulation Study Methodology >> Pittsburgh (PIT) >> Philadelphia (PHL) >> Myrtle Beach (MYR)>> Orange County (SNA) >> Ottawa (YOW) >> Portland (PDX) >> San Jose (SJC) >> Newark (EWR) >> West Palm Beach (PBI) >> Chicago (ORD) u Visited 14 airports world-wide (11 in US; 3 in Asia-Pacific) u Scanned Wi-Fi signal for 5 minutes at randomly selected location (typically a departure gate or lounge area) u Traces collected using off the shelf Wi-Fi card and publicly available data collection tools u Traces collected between 30 Jan 2008 through 8 Feb 2008 u Number of Access Points = 478; Number of Clients = 585 Singapore (SIN) Malaysia (KLIA) Seoul (ICN) >> San Francisco(SFO)

4 A Study Conducted by AirTight Networks Not for circulation Key Findings & Implications 123 Critical Airport systems found vulnerable to Wi-Fi threats Data leakage by both hotspot and non-hotspot users Viral Wi-Fi outbreak continues ~ 80% of the private Wi- Fi networks at Airports are OPEN / WEP! Only 3% of hotspot users are using VPNs to encrypt their data! Non-hotspot users found leaking network information Over 10% laptops found to be infected! Evidence Study Findings

5 A Study Conducted by AirTight Networks Not for circulation Summary of Findings u We expected to find mostly hotspot networks but we found l 77% of the Wi-Fi networks are non hotspot (i.e. private) Wi-Fi networks l 80% of the private Wi-Fi networks are unsecured or are using legacy WEP security l There is a high probability some of these Wi-Fi networks are used for logistics, baggage handling, as well as passenger ticketing u We found considerable data leakage by Wi-Fi hotspot users l Only 3% of the users are using VPN to secure their hotspot Wi-Fi connection l Sensitive information such as user credentials can be easily captured over the air l We found all Wi-Fi users at the airport were leaking their Wi-Fi networking information! u Users are taking serious risks in connecting to viral Wi-Fi networks l Viral Wi-Fi networks are rapidly spreading… u 10% of the laptops are already infected l Attackers can take control of victims laptop – confidential data theft! l We found active viral Wi-Fi networks at almost all Airports

6 A Study Conducted by AirTight Networks Not for circulation Wi-Fi Scan Results But are all OPEN Wi-Fi networks Hot-Spots? A total of 478 Wi-Fi Access Points were analyzed across all Airports! u Majority of Wi-Fi networks are OPEN u A large number of WEP installations are also visible ~28% u Small % of secure WPA/WPA2 Wi-Fi networks

7 A Study Conducted by AirTight Networks Not for circulation Wi-Fi Scan Results Hot-spot providers These dont look like hotspot APs! Private Wi-Fi Networks Access Points (APs) Public Wi-Fi Hotspots Open APs

8 A Study Conducted by AirTight Networks Not for circulation A magnified look at Unsecured Access Points Hotspot APs Non Hotspot APs u Concourse u tmobile u Wayport u AttWi-Fi u FlyPittsburgh u Flypdx u singaporeair_B u singaporeair_F u JWA Hotspot u Ft.Laud-Hlwd_ Airport-Public u ACCESS-StarHub 41% 59% u (null ssid) u Backbone u PacGate u LGDacom u SFOPRIVATE u Ice Currency Services u IAACCO u KIOSKWIRELESS u BullPenH1 u AceRail u e-Baggage Trial AP1 (1) Hotspot APs dont hide SSID (2) Hotspot SSIDs are well known/published and advertised (3) Usually signal from multiple hotspot APs is visible at any coverage location

9 A Study Conducted by AirTight Networks Not for circulation Summary of Findings - Questioning Airport IT Security u To our surprise, we found – l 77% of the Wi-Fi networks are non hotspot networks (private Wi-Fi networks) l 80% of these networks are unsecured or are using legacy WEP security There is a high probability these networks are being used for: u Baggage handling u Passenger ticketing u By retailers These networks can be hacked within minutes…

10 A Study Conducted by AirTight Networks Not for circulation Vulnerability discovered at SFO Airport u The Wi-Fi Access Points listed below are possibly a part of the airports baggage management infrastructure l ultratrak is possibly an SSID (Wi-Fi network) for baggage tracking service u http://www.ultra-as.com/products-solutions/ultratrak.html claims their baggage tracking solution ultratrak is in use at SFO http://www.ultra-as.com/products-solutions/ultratrak.html We discovered the Hidden SSID of an AP in a mere 5 minute scan! The Hidden WEP-encrypted Access Point was communicating with a Symbol card typically used in handheld devices that are likely used in baggage management at SFO. The baggage management system at SFO airport may easily be compromised! The Hidden WEP-encrypted Access Point was communicating with a Symbol card typically used in handheld devices that are likely used in baggage management at SFO. The baggage management system at SFO airport may easily be compromised! Prevalent Myth – Hiding SSID is more secure than encryption All APs are Open/WEP!

11 A Study Conducted by AirTight Networks Not for circulation User Connectivity Analysis OPENWEPWPAWPA2 57%28%10%5% Clients ( 585 in number) 15% 7% 1% 6% 59% HTTP 38% HTTPS 3% VPN u 59% hotspot users are using plain text protocols such as HTTP u Only 3% are using VPN connectivity to secure their data! u 59% hotspot users are using plain text protocols such as HTTP u Only 3% are using VPN connectivity to secure their data! Hotspot Non - Hotspot 71%

12 A Study Conducted by AirTight Networks Not for circulation Data Leakage – By Wi-Fi Users (1) User is visiting www.marketwatch.com (2) He is looking at the Nasdaq Composite Index (symb=comp) (3) We have his cookie! So we can impersonate him Clients sending data without any encryption using HTTP are in serious danger of having their activities spied on and accounts hijacked in some cases

13 A Study Conducted by AirTight Networks Not for circulation Data Leakage – By Wi-Fi Users u Users are leaking their Wi-Fi networking information l Which networks they have connected to in the past (including security settings, etc) u Home networks u Office networks u Hotspots u This in turn means these Clients are vulnerable to Honeypot / Caffe Latte style attacks

14 A Study Conducted by AirTight Networks Not for circulation Honeypot Attack Scenario (1) Laptop is probing for SSIDs from your preferred list (cached). (2) Attacker sets up an Access Point with matching SSIDs. Tools for setting this up are easily available (e.g. Karma, Hotspotter) u Clients who are not active hotspot user can also be attacked! u This may already be happening, but nobody will know unless airspace is continuously monitored u Airports are good places to find high such high value targets! (3) Laptop connects to the Attackers machine. Client Attacker (4) Attacker launches exploits to download data or gain control of victims machine.

15 A Study Conducted by AirTight Networks Not for circulation Wi-Fi virus outbreak at the Airports 10% of all mobile users were advertising viral Wi-Fi networks! % of total Clients infected by one or more viral SSIDs at various Airports

16 A Study Conducted by AirTight Networks Not for circulation What are Viral Wi-Fi networks? US Airways Free Wi-Fi Free Public Wi-Fi Free Internet! u Viral Wi-Fi networks are Ad-Hoc networks advertising alluring SSIDs u Typically these SSIDs advertise free Internet connectivity u Natural first choice for most naive users – after all its FREE!!!

17 A Study Conducted by AirTight Networks Not for circulation How the Infection happens… u Once the User connects, the Viral SSID (Free Public Wi-Fi) gets added permanently to the Users own Wireless Configuration Infected Laptop Free Public Wi-Fi User Infected!

18 A Study Conducted by AirTight Networks Not for circulation How the outbreak happens… u Once infected, a client will broadcast the Free Public Wi-Fi SSID to all other clients in its vicinity u Thus the infected user further propagates the infection u Any laptop which connected to the Viral SSID broadcasted by the user in turn gets infected! Infected

19 A Study Conducted by AirTight Networks Not for circulation Why are Viral Wi-Fi networks such a big threat? u Once connected to a Viral SSID network… u All of the users shared folders will be accessible to every other laptop connected to the Viral SSID network u A hacker can easily access confidential data on your hard disk Infected

20 A Study Conducted by AirTight Networks Not for circulation Call to Action – Airport authorities u Airport authorities and Airlines need to secure their private Wi-Fi networks – l Secure legacy Wi-Fi enabled handheld devices being used for baggage handling l Use at least WPA for Wi-Fi enabled ticketing kiosks l Protect the Airport IT networks against active Wi-Fi attacks

21 A Study Conducted by AirTight Networks Not for circulation Call to Action – Wi-Fi Hotspot Users u Do not connect to Unknown Wi-Fi networks (example: Free Public Wifi) while at the airport or any other public places u Be Aware of your Windows Wi-Fi network configuration l Periodically inspect your windows Wi-Fi network configuration l Remove unneeded Wi-Fi networks from your preferred list u Do not use computer-to-computer (i.e. Adhoc connectivity) while at public places such as Airports u Business Travelers - Use VPN connectivity while using hotspot Wi-Fi networks u Turn OFF your Wi-Fi interface if you are not using it!

Download ppt "A Study Conducted by AirTight Networks Wireless Vulnerability Assessment: Airport Scanning Report www.airtightnetworks.net."

Similar presentations

Brute Force Attack Against Wi-Fi Protected Setup

Brute Force Attack Against Wi-Fi Protected Setup
Wi-Fi Technology.

Wi-Fi Technology.
Computer Concepts – Illustrated 8th edition

Computer Concepts – Illustrated 8th edition
Ranveer Chandra, Jitendra Padhye, Lenin Ravindranath, Alec Wolman.

Ranveer Chandra, Jitendra Padhye, Lenin Ravindranath, Alec Wolman.
Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Laptop Security SIRT IT Security Roundtable Harvard Townsend IT Security Officer May 2, 2008.

Laptop Security SIRT IT Security Roundtable Harvard Townsend IT Security Officer May 2, 2008.
Securing A Wireless Home Network. Wireless Facts Range about 50 - 200 feet from access point Security anyone can eavesdrop on an unsecured wireless network.

Securing A Wireless Home Network. Wireless Facts Range about feet from access point Security anyone can eavesdrop on an unsecured wireless network.
Accessing Public Wi-Fi: Security Issues Sankar Roy Department of Computing and Information Sciences Kansas State University.

Accessing Public Wi-Fi: Security Issues Sankar Roy Department of Computing and Information Sciences Kansas State University.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
LISTING ACCESS POINT ON TOP OF THE LIST Hacking access point users By Uttam Gurung.

LISTING ACCESS POINT ON TOP OF THE LIST Hacking access point users By Uttam Gurung.
Peak Support Services Ltd Connecting & protecting your business...

Peak Support Services Ltd Connecting & protecting your business...
Home Wireless Security David Mitchell 12/11/2007.

Home Wireless Security David Mitchell 12/11/2007.
“All your layer are belong to us” Rogue 802.11 APs, DHCP/DNS Servers, and Fake Service Traps.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)

OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.

Similar presentations

Ads by Google