[...] Coronet, which sells wireless network security products, recently published its list of best and worst airport WiFi offerings here in the United States when it comes to security. According to a study of 45 of the busiest U.S. airports, San Diego International Airport has the riskiest WiFi hotspots. The least vulnerable is Chicago Midway International Airport.
“Unfortunately, WiFi security is often sacrificed by airport operators in exchange for consumer convenience, leaving networks unencrypted, unsecured or improperly configured,” notes the study (PDF). “Even for those airports that do prioritize security, attack techniques such as the Key Reinstallation Attack (KRACK), which can break the WPA2 protocol to capture and/ or expose information shared over public and private WiFi, presents significant risk to passengers in transit.”
Network risk scores were based on the probability of an attacker on a network.
The most troublesome issues found at airports included a WiFi network named “SouthwestWiFi,” which performed an attack on SSL/HTTPS traffic at the Houston William Hobby International Airport.
(Score: 0) by Anonymous Coward on Monday July 23 2018, @04:06AM (1 child)
Who moves important unencrypted data over an insecure wifi connection? The only risk I see is of an adversary using a "trusted" wildcard cert, but that is a risk with "secured" wifi too.
(Score: 1, Informative) by Anonymous Coward on Monday July 23 2018, @02:05PM
Usually you need to activate the connection through a landing page (which may require you to give some information). That web page may itself be a security risk, especially as it may require you to switch off certain security measures (for example, it may require JavaScript). Which is especially bad when you cannot even be sure that it is the actual landing page, and not some hacker's version of it.