A few weeks ago a report was published by a cybersecurity firm, ImmuniWeb. This report revealed that only three of the world’s top 100 international airports passed their basic high level cybersecurity test. The top 100 international airports were determined by air travelers around the world in the 2018/2019 World Airport Survey.
What Did They Test For?
The cybersecurity examination involved a long list of security tests that included checks of their public websites, official mobile applications, and searches for leaks of sensitive airport or passenger data in places like cloud services, public code repositories, or the dark web. Along with these three categories, they looked into the compliance of the airports with PCI DSS, NIST, and HIPAA.
On the airport’s websites, they more specifically were looking to see if they had proper implementation of HTTPS, if website content management systems (CMSs) were running up to date versions or vulnerable components, if the airport systems used a web application firewall (WAF) and if the airport’s email server supports SPF, DKIM and DMARC.
On the airport’s mobile applications, they were looking to see if they used components vulnerable to known exploits, relied on third-party software libraries and frameworks, and if the mobile apps employed basic app security settings or if they used unsafe coding techniques.
Lastly, they were looking into what happens with the information from the airport, potentially including network user’s personal information. They were looking to see if airport-related data was available on public cloud storage services, available on public code hosting repositories, and if information is available on the dark web and other criminal and hacking-related websites.
What Can Be Done?
First and foremost, the 97 airports that failed the cybersecurity test need to implement some sort of strategy to improve their respective systems and networks.
For the travelers out there, there are a few things that you can do to protect your data:
- Avoid accessing any personal or financial information while using the unsecure Wi-Fi at the airport. If you can avoid using the Wi-Fi in general at airports and use data, that is recommended.
- Ensure you never use the charging cords that may appear to be free to use. Hackers have found ways to install malware into charging cables, allowing them to take information or potentially taking over a device; Referenced in our article, Hacked Charging Cables Send Data Wirelessly.
- Use A Virtual Private Network (VPN) if you need to use the Wi-Fi. If you must use the Wi-Fi and are dealing with sensitive information, using a VPN from a company such as, ExpressVPN or NordVPN, can secure your connection to reduce the likelihood of a breach.
- Set up a personal hotspot. Setting up a personal hotspot on your phone is a very secure way to access the Internet. Check to be sure your mobile provider provides a plan, and that you have added it to your mobile plan; all the data will be encrypted.
It is always important to be aware of the potential dangers of using Public-WiFi, along with using the best practices, mentioned above. Having a strong sense of cybersecurity awareness can significantly reduce the likelihood of becoming a victim in the seemingly never-ending world of cybersecurity threats.