Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Sunday July 22 2018, @10:00PM   Printer-friendly
from the carrier dept.

[...] Coronet, which sells wireless network security products, recently published its list of best and worst airport WiFi offerings here in the United States when it comes to security. According to a study of 45 of the busiest U.S. airports, San Diego International Airport has the riskiest WiFi hotspots. The least vulnerable is Chicago Midway International Airport.

“Unfortunately, WiFi security is often sacrificed by airport operators in exchange for consumer convenience, leaving networks unencrypted, unsecured or improperly configured,” notes the study (PDF). “Even for those airports that do prioritize security, attack techniques such as the Key Reinstallation Attack (KRACK), which can break the WPA2 protocol to capture and/ or expose information shared over public and private WiFi, presents significant risk to passengers in transit.”

Network risk scores were based on the probability of an attacker on a network.

The most troublesome issues found at airports included a WiFi network named “SouthwestWiFi,” which performed an attack on SSL/HTTPS traffic at the Houston William Hobby International Airport.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday July 23 2018, @04:06AM (1 child)

    by Anonymous Coward on Monday July 23 2018, @04:06AM (#711053)

    Who moves important unencrypted data over an insecure wifi connection? The only risk I see is of an adversary using a "trusted" wildcard cert, but that is a risk with "secured" wifi too.

  • (Score: 1, Informative) by Anonymous Coward on Monday July 23 2018, @02:05PM

    by Anonymous Coward on Monday July 23 2018, @02:05PM (#711221)

    Usually you need to activate the connection through a landing page (which may require you to give some information). That web page may itself be a security risk, especially as it may require you to switch off certain security measures (for example, it may require JavaScript). Which is especially bad when you cannot even be sure that it is the actual landing page, and not some hacker's version of it.