Airport Wireless Networks Unsafe?

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Researchers have discovered that, after running tests at fourteen different airports, ninety seven percent of all mobile users’ data was unsecured, literally open to anyone with wireless access. I knew the number would be high but I wasn’t expecting a percentage THAT high.

Researchers from AirTight Networks visited 14 airports around the world and discovered that most business travelers aren't taking the basic steps necessary to protect sensitive data. "We found that only three percent of all mobile users were using virtual private networks (VPNs), so most of their data was free and clear to anyone who could sniff the airwaves."
Click to expand...
 
Not that I'm surprised that public networks are unsafe...but not everybody has a VPN to use...
 
Eh, not surprising. I usually don't have any personal info on my laptop anyway. I would bet hotels are the same way. I know a buddy of mine that wiped some dudes My Music folder when he was out here visiting and stayed at a hotel.
 
Not really surprising. If someone used a the airport wireless and see a webpage that says "$15 for 1 hour" and then see another unsecured wireless for free, they're going to pick the free one and consider themselves safe because they have an anti-virus software running on their computer they swear by.
 
The problem is that there isn't an easy to use standard for securing wireless. Sure we have WPA but airports and other places don't use it... because they'd have to distribute passwords or crypto keys. Or hell, maybe there is some new hotness standard, but old hardware doesn't use it... Either way the APs are open, which sucks.

This reminds me of the old days when cell phones were analog and all you needed was a radio receiver to listen in. At least that was understandable because there was a tech barrier. Today, what is the technical barrier to ubiquitous secure wireless?
 
digitalfreak said:
Another useless company trying to use scare tactics to sell product
Click to expand...

Did you read the article?? It didn't say anything about buying a product, it was just a research about the security issues in airports.

Anyways, the last few bits of info are particularly useful for everyone to follow.
 
k1DBLITZ said:
No harm if you're merely catching up on the news & current events.
Click to expand...

Thats fine if the laptop has no data on it and you intend to wipe it clean later and re-install.
Theres a lot to be concerned about, just this one paragraph should be enough
"The biggest risk that creates is that all your shared folders are exposed to everyone else on that network, so you could be sitting in the airport completely unaware that your laptop is connected to the guy sitting next to you" with your personal and corporate data exposed, Baglietto said. One out of 10 users was infected, the researchers noted, and in one airport five users were connected to the same viral network
Click to expand...

Before you even know it you might end up on a bad network.
If you have admin shares enabled (by default they are) and havent set an admin password...

You should at a minimum remove any shares and restrict connections to admin shares or disable them.
Personally I would either not use my laptop, disable the wireless interface or install a new Windows that I can delete later. And not do anything via the network that requires a login!
 
Nenu said:
Thats fine if the laptop has no data on it and you intend to wipe it
You should at a minimum remove any shares and restrict connections to admin shares or disable them.
Personally I would either not use my laptop, disable the wireless interface or install a new Windows that I can delete later. And not do anything via the network that requires a login!
Click to expand...

That's one of the nice things about having Vista on a laptop. Whenever you connect to a public network, it automatically disables network discovery.
 
I have to wonder why anyone's surprised by this. We live in a day and age where people with highly sensitive data are just leaving their laptops with said data in easily accessible areas rather than going one step beneath rectally concealing all the data in a plastic-wrapped USB drive.

The idea of security seems to be a "We'll worry about it when something happens" kind of thought today.
 
SamuraiInBlack said:
I have to wonder why anyone's surprised by this. We live in a day and age where people with highly sensitive data are just leaving their laptops with said data in easily accessible areas rather than going one step beneath rectally concealing all the data in a plastic-wrapped USB drive.

The idea of security seems to be a "We'll worry about it when something happens" kind of thought today.
Click to expand...

Its reasonable to expect that an authority themselves bent on good security should have secure networks for people to connect to and to not expose themselves to attack!
I call that breach of trust.

I agree that regardless of where you are connecting, you should eliminate the possibility of your data being stolen.
 
Nenu said:
Its reasonable to expect that an authority themselves bent on good security should have secure networks for people to connect to and to not expose themselves to attack!
I call that breach of trust.

I agree that regardless of where you are connecting, you should eliminate the possibility of your data being stolen.
Click to expand...

What authority are you talking about? The TSA doesn't run airports, nor does it run the networks that they happen to provide. If you have a problem with security in public airports, then you need to take it up with the airport and the company/agency that owns it.

I can't tell you how many times I've fired up Network Neighborhood when at an airport and dropped my jaw at how unaware the vast majority of people are. If I wanted, there are many, many identies that I could've stolen without even breaking out any 'hacker' tools.
 
the airports themselves are concerned about security.
There are many airport authorities, see
http://en.wikipedia.org/wiki/Airport_authorities

It doesnt matter who runs the networks, they should still be monitored and adhere to good minimum security standards.
It makes sense, your own experience highlights the need.
 
Nenu said:
the airports themselves are concerned about security.
There are many airport authorities, see
http://en.wikipedia.org/wiki/Airport_authorities

It doesnt matter who runs the networks, they should still be monitored and adhere to good minimum security standards.
It makes sense, your own experience highlights the need.
Click to expand...

These networks are totally unconnected to the security of the airport itself. this is analogous to being put in an automobile. it's up to you, the user, to be safe. anyone can drive a car off a cliff or into another car -- it's your responsibility to be safe.
 
Yes that is the current state of play but its about time Airport Authorities took control of the networks available on their premises.
 
Nenu said:
Yes that is the current state of play but its about time Airport Authorities took control of the networks available on their premises.
Click to expand...

do you realize how much it's costing them in infrastructure roll-out to get you Internet access for free? Now, you want them to dedicate IT man-hours to administrating it and being responsible for security? Good luck getting that for free.

Atlanta-Hartsfield charges upwards of $11/hr (last time I was there) to access their Wi-Fi. That's what you'd be looking at (or more) if you wanted any kind of security.
 
Why does it have to all be free?
They could provide a tiered system, the more you pay, the more you get.
Free access could be for basic info on flights, the airport etc.
However its done it should be secure.
 
Public WiFi connections may be insecure. So what! They're connecting you to the Internet, which is insecure. Any and all connections to the Internet should assume snooping and MITM attacks.

WPA is good for private networks. You don't need it for public networks. Wired or WiFi, public networks are not secure.
 
svet-am said:
do you realize how much it's costing them in infrastructure roll-out to get you Internet access for free? Now, you want them to dedicate IT man-hours to administrating it and being responsible for security? Good luck getting that for free.

Atlanta-Hartsfield charges upwards of $11/hr (last time I was there) to access their Wi-Fi. That's what you'd be looking at (or more) if you wanted any kind of security.
Click to expand...

I offer this argument:

If you can afford $7 for your Half-caff half-fat soy latte grande with rose scented syrup and vegan dark-chocolate biscotti every morning, you can afford paying for by-the-hour wifi access at the airport. It might throw you out of whack to go a day or two without it, but if whatever you need to do online is honestly that important, you'll pay and not think twice about the cost, because whatever you're doing is well worth it. If you are honestly that high profile that you need to keep a laptop with you and use it at any opportunity you have a public accessible source of internet, an hourly fee for net access is not much of a hurdle for you, unless you're so poor your food stamps bounce. But then again, if you're that broke, what the HELL are you doing at an airport?
 
Any decent hotspot provider would have enabled AP isolation, which would prevent wifi client to client communication. The "windows folder shares exposed to the whole world" becomes a non-issue here. That does not solve the problem of non-encrypted data being captured with a sniffer though.

Hotspots without encryption probably use some form of captive portal where you authenticate yourself, then your DHCP IP and MAC address is added to a whitelist. Yes, it's the crappy MAC filtering all over again. Other hotspots may provide better security.

YMMV.
 
AP isolation only applies when connected to an access point. The ad-hoc "free public wifi" thingy still exposes your data.
 
SamuraiInBlack said:
I offer this argument:

If you can afford $7 for your Half-caff half-fat soy latte grande with rose scented syrup and vegan dark-chocolate biscotti every morning, you can afford paying for by-the-hour wifi access at the airport. It might throw you out of whack to go a day or two without it, but if whatever you need to do online is honestly that important, you'll pay and not think twice about the cost, because whatever you're doing is well worth it. If you are honestly that high profile that you need to keep a laptop with you and use it at any opportunity you have a public accessible source of internet, an hourly fee for net access is not much of a hurdle for you, unless you're so poor your food stamps bounce. But then again, if you're that broke, what the HELL are you doing at an airport?
Click to expand...

What? Yes windows has shared folders, when you connect it shows these folders to everyone on the network. Big deal. Clearly you do not value money the same way I do. I am not close to broke, but I do NOT spend money on things I do not need.
 
wilkinru said:
What? Yes windows has shared folders, when you connect it shows these folders to everyone on the network. Big deal. Clearly you do not value money the same way I do. I am not close to broke, but I do NOT spend money on things I do not need.
Click to expand...

He must be out of touch with reality and failed to see that flights have gotten cheaper and affordable for everyone.
 
Yeah, most people even in large cities have their networks open... I was in Quebec City this winter and printed off 50 copies of the Canada Food Guide, on some guys HP printer that he was sharing.
 
QwertyJuan said:
Yeah, most people even in large cities have their networks open... I was in Quebec City this winter and printed off 50 copies of the Canada Food Guide, on some guys HP printer that he was sharing.
Click to expand...

LOL that's mean :eek:
 
QwertyJuan said:
At lest he'll know how to eat properly!! ;)
Click to expand...

I'd probably do the same thing... :D

Except I might rasterbate a giant picture of a bunny or something similar... see if he could figure it out and layout all the pictures on the ground at the airport... some crazy guy figuring out a puzzle and why his printer is posessed...

I dunno, could be funny...
 
Blazestorm said:
I'd probably do the same thing... :D

Except I might rasterbate a giant picture of a bunny or something similar... see if he could figure it out and layout all the pictures on the ground at the airport... some crazy guy figuring out a puzzle and why his printer is posessed...

I dunno, could be funny...
Click to expand...

Send a fake suicide note or a fake ransom note to the printer. He'll be scratching his head when he reads:

"Dear mom and dad. I love you, I really do -- but there's no reason in continuing this charade any longer..."

OR

"If you wish to see the broad alive again, you'll deposit 550 million dollars...."
 
rofl I've seen shared printers too on open wireless. I usually leave it alone, but once I couldn't help myself and sent a printout that says "you might want to think about securing your network a little bit".

Within a week, that wireless point was WEP'd. Smart guy.
 
Heh... I think our network is open right now... with a shared printer...

Too lazy to setup WEP and honestly people would have to be parked in front of our house to do anything...
 
Frankly, I'm shocked it is so high. While theses same users are just as vulnerable when they use DSL without a firewall at home - port-scanning a small DHCP range at an airport is certainly less tedious than hunting for n00bs across the entire IP space of a service provider, at best that is security by obscurity.

The real issue: 90-some percent of business laptops are running so porous that this is even a concern. The admin shares and other exploits may be there, but what brilliant IT wizard thought it would be OK to deploy business-class machines without a GPO preventing use of file sharing all together? - obviously there are other exploits, all of which can be locked down. I don't eveninstall that component on my personal Windows machines, and I would expect a professional IT department to at least exercise some control over the trouble their users could get into :eek:
 
I get more calls for users with spyware after using hotel/airport wireless than any other time.
 
Stereodude said:
How do you make public wi-fi secure? Wouldn't people need the WEP or WPA key? How do you distribute that in a public area? :confused:
Click to expand...

Perhaps a magnetic card system, USB dongle or running a config file that populates the correct key info etc etc.
They dont have to be restricted to currently available devices, if a system is employed by all the Airports, it will become mainstream.
 
Stereodude said:
How do you make public wi-fi secure? Wouldn't people need the WEP or WPA key? How do you distribute that in a public area? :confused:
Click to expand...

The way it works is you can connect to the wireless, but when you open your web browser and go to, say, hardocp.com, you will be redirected by the wireless router to it's built-in webpage where you supply your credit card information and it will in turn generate a password for you to get online.

Lots of hotels are the same way.

But the obvious danger in that of course is that wireless router could belong to a scammer, not the airport. You'd be giving your credit card information away to some thief.
 
With WEP/WPA only, we're screwed, yep.

But the problem isn't unsolvable. Public key crypto a la SSL will allow a secure connection between you and the remote machine even if someone is eavesdropping.

Surely APs can be secured in a similar manner. I know it is in use sometimes, I see settings for crypto certs in wireless drivers already. It just hasn't been made user friendly yet. It would definitely require people to change some habits, though.

https://www.securetrust.com/resources/how-ssl-works
 
You must log in or register to reply here.
Back
Top