Airport Hotspot Hacking Takes Off

In the post 9/11 world, tighter airport security has made travelers keenly aware of terrorist threats. But few travelers realize the most immediate threat to their security at airports could arise before they ever board the plane. It could be just one click away in the virtual world.

Free airport wifi hotspots are a boon for busy travelers. But they’ve also become a haven for hackers. Hiding in plain sight there – they could be sitting right beside us or as much as 300 feet way. Hackers are co-opting the names of airlines and airports, setting up fake free wifi hotspots that look like the real thing. When an unsuspecting user logs on, what they’re connecting to isn’t a real hotspot – it’s the hacker’s laptop. Once that happens, the hacker can use free software from the Internet to hijack most of the information sent to and from the victims’ laptop. That means everything from passwords and user names to confidential business documents.

Free Airport Wifi Could Come at a Very High Price

It’s human nature for people to want to use free wifi hotspots. But many airport wifi users don’t seem to know or care whether the hotspots they’re connecting to are real ones or rogues. In 2008, AirTight Networks sent a group of white hat hackers to 27 airports around the world to test the vulnerability of wifi networks to hackers. What it found was shocking – 77% of Internet connections at those airports were to peer to peer (computer to computer) ad hoc networks, not real hotspots.

A year later, CNN visited London’ Heathrow, an airport that wasn’t part of the original survey, to explore possible dangers to wifi users. Here’s what it discovered.

It’s worth noting that, while turning on wifi security can protect wireless traffic at home and at the office, very few public hotspots offer wifi  security as an option.

Hotspot Users Could Be Unknowingly Spreading Fake WiFi Hotspots Virally

Even worse, another AirTight Networks’ study of 22 U.S airports and three in the Asia-Pacific region found that users were unknowingly spreading ad hoc wifi networks virally, creating another pathway for hackers. The most common wireless network names for these viral attacks were “Free Internet” and “Free Public Wi-Fi.”

One of the few U.S. airports that spends money on wifi security is McCarran International in Las Vegas. McCarran monitors the airwaves for intruders. The gambling capital of the nation apparently thinks exposing visitors to fake wifi hotspots is too big a risk! If you don’t want to gamble with your hotspot security, follow these steps.

How to Be Safe at Airport Hotspots

• Make sure your firewall is turned on and your virus protection is up to date
• Don’t connect to any ad hoc network just because the name sounds familiar
• If the network indicates it’s a computer to computer (ad hoc) network, don’t join it
• Turn off file sharing when you’re at a hotspot or traveling
• Make sure your laptop doesn’t automatically connect to non-preferred networks
• Be aware that fake airport hotspots may exist and have a stronger signals than real ones.
• If a hotspot supports a secure network option (Wi-Fi Protected Access), use it
• If a hotspot offers an automated connection manager for secure login, use it
• Read each hotspot’s login or “terms of service” page to know who you’re connecting to
• If a hotspot’s login or “terms of service” page triggers a web browser warning, disconnect
• Don’t expose any personal information online you can’t afford to lose.
• Use a virtual private network (VPN) like PRIVATE WiFi™ to insure that all your online information is transmitted through a secure VPN tunnel that’s invisible to hackers.

In the meantime, if you’ve been hacked at an airport hotspot or had a near miss, we’d like to hear from you. Tell us your hotspot horror story.