Business travelers beware: Connecting your company device to airport Wi-Fi networks could open up a host of cybersecurity issues. While this is a risk on any insecure Wi-Fi network, some airports have more vulnerabilities than others, according to a Wednesday report from Coronet, and professionals should take extra caution when traveling through them.
It's much easier for attackers to access and exploit data from devices connected to airport Wi-Fi than to do so within the confines of a well-protected office, the report noted. Hackers can use the poor cyber hygiene and insecure Wi-Fi at many airports to inject advanced network vulnerabilities like captive portals, Evil Twins, ARP poisoning, VPN gaps, honeypots, and compromised routers.
Any of these network vulnerabilities could allow an attacker to access credentials for Microsoft Office 365, G Suite, Dropbox, and other cloud apps, or to deliver malware to the device and the cloud, the report found. The attacks could also potentially give adversaries access to the entire organization, leading to damages like operational disruption and financial losses.
"Far too many U.S. airports have sacrificed the security of their Wi-Fi networks for consumer convenience," Dror Liwer, Coronet's founder and CISO, said in a press release. "As a result, business travelers in particular put not just their devices, but their company's entire digital infrastructure at risk every time they connect to Wi-Fi that is unencrypted, unsecured or improperly configured. Until such time when airports take responsibility and improve their cybersecurity posture, the accountability is on each individual flyer to be aware of the risks and take the appropriate steps to minimize the danger."
The report collected data from more than 250,000 consumer and corporate endpoints that traveled through the 45 busiest airports in the US over the course of five months, and analyzed the device vulnerabilities and Wi-Fi network risks to assign each airport a threat score. Coronet classified any score above 6.5 as unacceptable exposure.
Here are the least cybersecure airports in America, according to the report:
- San Diego International Airport, San Diego, CA (Score: 10)
- John Wayne Airport-Orange County Airport, Santa Ana, CA (Score: 8.7)
- William P Hobby Airport, Houston, TX (Score: 7.5)
- Southwest Florida International Airport, Fort Myers, FL (Score: 7.1)
- Newark Liberty International Airport, Newark, NJ (Score: 7.1)
- Dallas Love Field, Dallas, TX (Score: 6.8)
- Phoenix Sky Harbor International Airport, Phoenix, AZ (Score: 6.5)
- Charlotte Douglas International Airport, Charlotte, NC (Score: 6.4)
- Detroit Metropolitan Wayne County Airport, Detroit, MI (Score: 6.4)
- General Edward Lawrence Logan International Airport, Boston, MA (Score: 6.4)
In terms of the most secure airports, Chicago-Midway International Airport, Raleigh Durham International Airport, Nashville International Airport, and Washington Dulles International airport topped the list, the report found.
Business travelers can take a number of steps to ensure that their devices and data stay safe while on the road, including using a trusted VPN, avoiding public USB charging stations, and moving sensitive data to the cloud, according to TechRepublic's Tom Merritt.
The big takeaways for tech leaders:
- Hackers can use the poor cyber hygiene and insecure Wi-Fi at many US airports to inject advanced network vulnerabilities like captive portals, Evil Twins, ARP poisoning, VPN gaps, honeypots, and compromised routers. -- Coronet, 2018
- The least cybersecure airports are San Diego International Airport in San Diego, the John Wayne Airport-Orange County Airport in Santa Ana, and the William P Hobby Airport in Houston.-- Coronet, 2018.