The Menace That Is Airport WiFi
By Robert McGarvey
Stop right there if you are reading this on airport WiFi. It just cannot be trusted.
That is the frightening take away from a report via data security company Coronet that looked at the security of the public wifi at the nation’s 45 busiest airports. The verdict is unsettling: “For attackers, it is infinitely easier to access and exploit data from devices connected to Wi-Fi in an airport than it is to do so within the confines of a wellprotected office. In fact, the lax cybersecurity posture at most airports has created an environment in which adversaries can utilize insecure public Wi-Fi as the attack vector to introduce a plethora of advanced network vulnerabilities, such as captive portals (AKA Wireless phishing), Evil Twins, ARP poisoning, VPN Gaps, Honeypots and compromised routers.”
Don’t know what all that geek talk means? Here’s a translation: your data is toast and criminals are already busy spreading jam and butter on it as they chow down.
Explained Coronet: “business travelers connected to risky airport networks unintentionally share important information about their cloud-based-apps with adversaries. Such compromise can trickle down through entire organizations, leading to operational disruption, financial losses and even reputational harm, among other damages.”
How did we get in this situation?
Good question but, first, know that risks do vary by airports, according to Coronet. Some do a much better job of protecting their wifi than do others. Coronet came up with a complex metric to measure and weigh risks at airports and it determined that some airport wifi is just too risky to use.
What goes wrong with some airport wifi is that it is a petri dish for malware and another, huge issue is that some networks just aren’t good about hunting for and blotting out fake networks that masquerade as real.
Understand: a criminal with a few hundred dollars worth of easily purchased gear that will fit in a briefcase can erect a bogus network and slap on it a name that seems legit, maybe something like FreeAirportWifi. Use that network and, very probably, a criminal is logging your every keystroke – into your company server, your bank account, your email, and the list goes on.
But criminals have been inventive in coming up with novel attacks via airport wifi. Lock one door and they already have opened another. At least at many airport wifis.
What wifis must we avoid? Coronet identified seven that it believes are very high risk.
The nation’s worst? San Diego International (SAN) which notched a threat index score of 10. (Coronet believes scores of 6.5 and higher should be avoided.)
Next worst: John Wayne (SNA) at 8.7.
Followed by Hobby (HOU), 7.5; Southwest Florida (RSW), 7.1; Newark (EWR), 7.1; Dallas Love Field (DAL), 6.8; and Phoenix Sky Harbor (PHX), 6.5.
Color me very aggravated because the two airports I have used the most in recent years are PHX and EWR.
Some airports do a good job with their wifi. The safest airport, per Coronet, is Midway in Chicago at 4.5.
But really just don’t trust airport wifi. Not in the US, not overseas.
How can you stay safe and still use it? My advice has been and remains to avoid free airport wifi. Just don’t use it. What I do is create a hotspot with my cellphone and connect through it. (I have had no issues despite travel through EWR and PHX.)
Many travelers tell me they frequently use airline club wifi with no issues. Personally I have often used Amex’s Centurion wifi, again with no issues.
Some also use VPN – and if you are going to use free airport wifi, even at the airports identified as safer, do use VPN or the cloud-based secure browser Silo via Authentic8 which confines risks to its servers, not your company’s, not even your laptop. Which is better? That’s your call but, personally, I am liking Silo because I don’t see a speed hit as I have with VPN.
Others have told me they use fee-based hotspot network Boingo, often in connection with a free plan via American Express.
Bottomline: just as smart travelers eschew hotel wifi as too risky, the time is now to cold shoulder free public airport wifi. The risks simply will multiply and there is no indication that airport authorities have any plans to seriously attack the criminals who now are hunting for victims on airport wifis around the country.