Hacking Airport Wi-Fi
Travelers beware: Poorly secured airport Wi-Fi networks are catnip for snoops. AirTight Networks' David King is trying to harden them up
Richard Farina booted up his computer on an American Airlines (nyse: AMR - news - people ) flight in October from New York to San Francisco. It was one of the first commercial flights to offer wireless Internet service. Within a couple minutes of reaching 10,000 feet, Farina was snooping the airwaves with the ability to see what his fellow passengers were doing without having to leave his cramped middle seat.
Farina isn't a bad guy. He was just doing his job as a so-called white-hat hacker for AirTight Networks, a manufacturer of wireless intrusion protection hardware and software. AirTight's chief executive, David King, sends hackers out for unsolicited security assessments. Earlier this year he dispatched Farina and a few other of his 100-plus employees to collect wireless security data at 20 U.S. airports and a few abroad. They found rampant phony Wi-Fi hot spots created by phishers and, at several large airports, plenty of open or insecure networks run by critical operations such as baggage handling and ticketing. Almost all public networks allowed data such as user names and passwords to pass through the air unencrypted. Only 3% of people used something more secure.
Article Controls
imageemail
imageprint
imagereprint
imagenewsletter
comments (1)
imageshare
imagedel.icio.us
imageDigg It!
imageyahoo
imageFacebook
imagerss
Yahoo! Buzz
Video: Hackers Target Airports
To be sure, King's missions are self-serving; he runs a business that sells the devices that plug security holes. But King says that U.S. airports have a genuine problem. Very few, such as McCarran International in Las Vegas, monitor all wireless traffic for intruders. (The Vegas airport officials are quick to add that they don't censor for content.) Others, like San Francisco International, are laissez-faire. AirTight found that 47 wireless networks used for SFO's airport operations were wide open or poorly secured.
Wireless networks are some of the most easily hacked. Indian terrorists this summer broke into underprotected networks to e-mail a warning prior to bomb blasts in Delhi and Ahmedabad. In August the Justice Department indicted 11 members of a retail hacking ring, accusing them of grabbing millions of credit and debit card numbers off networks inside stores run by TJX Companies, BJ's Wholesale Club, OfficeMax (nyse: OMX - news - people ), Barnes & Noble (nyse: BKS - news - people ) and Forever 21, among others.
To be sure, King's missions are self-serving; he runs a business that sells the devices that plug security holes. But King says that U.S. airports have a genuine problem. Very few, such as McCarran International in Las Vegas, monitor all wireless traffic for intruders. (The Vegas airport officials are quick to add that they don't censor for content.) Others, like San Francisco International, are laissez-faire. AirTight found that 47 wireless networks used for SFO's airport operations were wide open or poorly secured.
Wireless networks are some of the most easily hacked. Indian terrorists this summer broke into underprotected networks to e-mail a warning prior to bomb blasts in Delhi and Ahmedabad. In August the Justice Department indicted 11 members of a retail hacking ring, accusing them of grabbing millions of credit and debit card numbers off networks inside stores run by TJX Companies, BJ's Wholesale Club, OfficeMax (nyse: OMX - news - people ), Barnes & Noble (nyse: BKS - news - people ) and Forever 21, among others.
The most common means of protecting Wi-Fi networks, the Wired Equivalent Privacy encryption standard, or WEP, was broken in 2001. Nowadays a moderately skilled hacker needs only a couple of minutes to crack its key with an off-the-shelf wireless card. In November a pair of German computer science students made a critical first step toward cracking the Wi-Fi Protected Access encryption standard, or WPA, once heralded as the solution to WEP's insecurity.
The market for wireless intrusion prevention systems is still small: $168 million worldwide this year, according to research firm Gartner, but that represents a 40% gain from 2007. King's AirTight competes with other sellers of Wi-Fi security gear such as AirMagnet and AirDefense, which was recently acquired by Motorola (nyse: MOT - news - people ) for an undisclosed sum. Publicly traded Aruba Networks (nasdaq: ARUN - news - people ) and Cisco Systems (nasdaq: CSCO - news - people ) sell wireless security systems that are already built into their networking gear. Four-year-old AirTight has 600 customers paying between $40,000 and $50,000 a year. The private company in Mountain View, Calif. also licenses its products to hardware makers Siemens (nyse: SI - news - people ) and 3Com (nasdaq: COMS - news - people ).
Richard Farina booted up his computer on an American Airlines (nyse: AMR - news - people ) flight in October from New York to San Francisco. It was one of the first commercial flights to offer wireless Internet service. Within a couple minutes of reaching 10,000 feet, Farina was snooping the airwaves with the ability to see what his fellow passengers were doing without having to leave his cramped middle seat.
Farina isn't a bad guy. He was just doing his job as a so-called white-hat hacker for AirTight Networks, a manufacturer of wireless intrusion protection hardware and software. AirTight's chief executive, David King, sends hackers out for unsolicited security assessments. Earlier this year he dispatched Farina and a few other of his 100-plus employees to collect wireless security data at 20 U.S. airports and a few abroad. They found rampant phony Wi-Fi hot spots created by phishers and, at several large airports, plenty of open or insecure networks run by critical operations such as baggage handling and ticketing. Almost all public networks allowed data such as user names and passwords to pass through the air unencrypted. Only 3% of people used something more secure.
Article Controls
imageemail
imageprint
imagereprint
imagenewsletter
comments (1)
imageshare
imagedel.icio.us
imageDigg It!
imageyahoo
imageFacebook
imagerss
Yahoo! Buzz
Video: Hackers Target Airports
To be sure, King's missions are self-serving; he runs a business that sells the devices that plug security holes. But King says that U.S. airports have a genuine problem. Very few, such as McCarran International in Las Vegas, monitor all wireless traffic for intruders. (The Vegas airport officials are quick to add that they don't censor for content.) Others, like San Francisco International, are laissez-faire. AirTight found that 47 wireless networks used for SFO's airport operations were wide open or poorly secured.
Wireless networks are some of the most easily hacked. Indian terrorists this summer broke into underprotected networks to e-mail a warning prior to bomb blasts in Delhi and Ahmedabad. In August the Justice Department indicted 11 members of a retail hacking ring, accusing them of grabbing millions of credit and debit card numbers off networks inside stores run by TJX Companies, BJ's Wholesale Club, OfficeMax (nyse: OMX - news - people ), Barnes & Noble (nyse: BKS - news - people ) and Forever 21, among others.
To be sure, King's missions are self-serving; he runs a business that sells the devices that plug security holes. But King says that U.S. airports have a genuine problem. Very few, such as McCarran International in Las Vegas, monitor all wireless traffic for intruders. (The Vegas airport officials are quick to add that they don't censor for content.) Others, like San Francisco International, are laissez-faire. AirTight found that 47 wireless networks used for SFO's airport operations were wide open or poorly secured.
Wireless networks are some of the most easily hacked. Indian terrorists this summer broke into underprotected networks to e-mail a warning prior to bomb blasts in Delhi and Ahmedabad. In August the Justice Department indicted 11 members of a retail hacking ring, accusing them of grabbing millions of credit and debit card numbers off networks inside stores run by TJX Companies, BJ's Wholesale Club, OfficeMax (nyse: OMX - news - people ), Barnes & Noble (nyse: BKS - news - people ) and Forever 21, among others.
The most common means of protecting Wi-Fi networks, the Wired Equivalent Privacy encryption standard, or WEP, was broken in 2001. Nowadays a moderately skilled hacker needs only a couple of minutes to crack its key with an off-the-shelf wireless card. In November a pair of German computer science students made a critical first step toward cracking the Wi-Fi Protected Access encryption standard, or WPA, once heralded as the solution to WEP's insecurity.
The market for wireless intrusion prevention systems is still small: $168 million worldwide this year, according to research firm Gartner, but that represents a 40% gain from 2007. King's AirTight competes with other sellers of Wi-Fi security gear such as AirMagnet and AirDefense, which was recently acquired by Motorola (nyse: MOT - news - people ) for an undisclosed sum. Publicly traded Aruba Networks (nasdaq: ARUN - news - people ) and Cisco Systems (nasdaq: CSCO - news - people ) sell wireless security systems that are already built into their networking gear. Four-year-old AirTight has 600 customers paying between $40,000 and $50,000 a year. The private company in Mountain View, Calif. also licenses its products to hardware makers Siemens (nyse: SI - news - people ) and 3Com (nasdaq: COMS - news - people ).
No comments
Post a Comment