Airport Wi-Fi helps business travelers stay productive on the road. If you encounter a flight delay or a layover, no problem—plug in your work laptop, connect to the public Wi-Fi, don your noise canceling headphones, and get busy.
But what many business travelers might not understand is that using public Wi-Fi doesn’t come without risks. Sometimes free public Wi-Fi networks are unencrypted. Hackers can leverage unsecured wireless networks to spy on your browsing session, and take advantage of you and your data in other ways.
Network security software maker Coronet identifies the most at-risk airports in a recent report, Attention All Passengers: Airport Networks Are Putting Your Devices and Cloud Apps at Severe Risk. The report documents a five month cycle wherein the company scanned 250,000 consumer and corporate endpoints across 45 airport networks. In analyzing the data collected, they calculate a Threat Index that weighs security criteria of the devices on the networks—whether users have anti-malware, firewalls, password protection, disk encryption, and trusted operating systems and applications—and calculates risks of Wi-Fi networks in the immediate vicinity of each airport. Ratings range 1-10. Coronet advises travelers to avoid airport Wi-Fi rated over 6.5.
Network and device vulnerabilities like the ones Coronet analyzed put at risk user credentials for popular cloud productivity suites like Microsoft Office 365, Google for Work, Dropbox, and others. The report specifies malicious actors can deliver malware to the device and the cloud.
A Man-in-the-Middle attack, for example, requires no special hardware and can be carried out on a mobile phone. The hacker simply creates a Wi-Fi hotspot with an SSID that looks “official” enough to trick somebody into connecting to it, and waits. When unsuspecting users logon to the hotspot, the hacker can sniff out sensitive data using any number of widely available tools like Wireshark, dsniff, or something similar. ARP Poisoning is a variant of the Man-in-the-Middle attack named by the report as a major threat for devices on airport Wi-Fi networks.