Wireless Vulnerability Assessment:

Airport Scanning Report

www.airtightnetworks.net
A Study Conducted by AirTight
Networks

!
"

#
$

%&

'
%%

" ()

,
'

)-. /--0
1 &20(

/--0
1 ,0,

>> Portland (PDX)

>> Ottawa (YOW)

>> Chicago (ORD)

>> Newark (EWR)

>> San Francisco(SFO)
>> Philadelphia (PHL)

Seoul (ICN)
>> San Jose (SJC)

>> Pittsburgh (PIT)

Malaysia (KLIA)
Singapore (SIN)

>> Orange County (SNA)

>> Myrtle Beach (MYR)

>> West Palm Beach (PBI)

4!

Study Findings

Evidence

Critical Airport
systems found
vulnerable to Wi-Fi
threats

Data leakage by
both hotspot and
non-hotspot users

~ 80% of the private WiFi networks at Airports

are OPEN / WEP!

Only 3% of hotspot users

are using VPNs to encrypt
their data! Non-hotspot
users found leaking
network information

Viral Wi-Fi outbreak

continues

Over 10% laptops found

to be infected!

225
0-5

'66

7*

)5

$*

:
"
;$

;
=

<

<

%-5

>
;

<

!"
# " $%&'
(!
'
)
%

But are all OPEN Wi-Fi

networks Hot-Spots?

A total of 478 Wi-Fi Access Points were analyzed across all Airports!

Access Points (APs)

Public Wi-Fi
Hotspots

Private Wi-Fi
Networks
Open APs

Hot-spot
providers

These dont
look like
hotspot APs!

"

41%

Non Hotspot APs 59%

Hotspot APs
(1) Hotspot APs dont
hide SSID
(2) Hotspot SSIDs are
well known/published
and advertised

*
AB
A
. C
6
D
C
*
7

(3) Usually signal from

multiple hotspot APs is
visible at any coverage
location

+
"

, !
(
./0
/

11

2/ (2 /. , ((
34
.
4

( #

!
8

225
'
+
0-5
7*
F
B
*
B
=

9
*

>

!
G'
F
H
H

<

+
H

Prevalent Myth Hiding

SSID is more secure
than encryption
All APs are
Open/WEP!

We discovered the
Hidden SSID of an
AP in a mere 5 minute
scan!

The
TheHidden
HiddenWEP-encrypted
WEP-encryptedAccess
AccessPoint
Point
was
wascommunicating
communicatingwith
withaaSymbol
Symbolcard
card
typically
typicallyused
usedin
inhandheld
handhelddevices
devicesthat
thatare
are
likely
likelyused
usedin
inbaggage
baggagemanagement
managementat
atSFO.
SFO.
The
Thebaggage
baggagemanagement
managementsystem
systemat
atSFO
SFO
airport
airportmay
mayeasily
easilybe
becompromised!
compromised!

"
57%

28%

10%

5%

OPEN

WEP

WPA

WPA2

Non - Hotspot

Hotspot

71%

15%

7%

1%
6%

59%

HTTP

S
TP
T
H
VP

38%
3%

Clients
( 585 in number)

59%
59%hotspot
hotspotusers
usersare
areusing
usingplain
plaintext
textprotocols
protocolssuch
suchas
asHTTP
HTTP
Only
Only3%
3%are
areusing
usingVPN
VPNconnectivity
connectivityto
tosecure
securetheir
theirdata!
data!

(1) User is visiting

www.marketwatch.com

?B

"

(2) He is looking at the Nasdaq

Composite Index (symb=comp)

(3) We have his cookie! So we can

impersonate him

Clients
Clientssending
sendingdata
datawithout
withoutany
anyencryption
encryptionusing
usingHTTP
HTTPare
arein
in
serious
seriousdanger
dangerof
ofhaving
havingtheir
theiractivities
activitiesspied
spiedon
onand
andaccounts
accounts
hijacked
hijackedin
insome
somecases
cases

"

?B

"

>

'
8

C
9
C

;C

< H;

<

;C

<
'
%+D

!
G
'

+
6
'
/+

*
!
G6
' 663

8C

'
)+D
>

'
&+
>

:
8
:

% of total Clients infected by one or more viral SSIDs at various Airports

10% of all mobile users were advertising viral Wi-Fi networks!

I
$
C
!
G
!
G
;

<

?
@77:
:
:
US Airways Free Wi-Fi
Free Public Wi-Fi
Free Internet!

Infected Laptop

Free Public Wi-Fi

"
!
G'
<

8
$
<+
" >

User Infected!

Infected

<

;
!
G

Infected
Infected

Infected

Infected
Infected

Infected

!
G
:

Infected

9
$

!
G

Infected

>
Infected

Infected

Infected

Infected

Infected

!
G

"
*

*
!

"

"

'

F;

<+
B

*
@

'66

"

<
+

$*