Shocking Results when the Top 100 International Airports were Tested for Security

All that time in line, waiting to get past TSA and airport security. It does help strengthen the image that airports are a sort of fortress, an impenetrable concrete waiting room…
Well If that’s also the image you get when thinking of LAX or MIA, you’d be surprised to know that “only three of the world’s Top 100 international airports pass basic security checks, according to a report published last week by cyber-security firm ImmuniWeb.”
Three? That is? And those three weren’t even in the United States. The airports that passed included; Amsterdam Schiphol Airport in the Netherlands, Helsinki Vantaa Airport in Finland, and the Dublin International Airport in Ireland.
ImmuniWeb said in a statement after the results, these airports “may serve a laudable example not just to the aviation industry but to all other industries as well.”
The security checks presented to all 100 international airports included public website checks, official mobile applications, and searches for airport data or passenger information in cloud services, public forums, or the dark web.
Scans were run for proper implementations of HTTPS, server supports, website management systems, compliance tests, firewalls, known exploits, third party software, unsafe coding techniques, and public cloud storage services/darkweb related websites.
“97% of the tested airports had problems with their cyber-security posture, and primarily with their public websites.” Stats are as follows:
Main Website Security:
97% of the websites contain outdated web software
24% of the websites contain known and exploitable vulnerabilities
76% and 73% of the websites are not compliant with GDPR and PCI DSS respectively
24% of the websites have no SSL encryption or use obsolete SSLv3
55% of the websites are protected by a WAF
Mobile Application Security:
100% of the mobile apps contain at least 5 external software frameworks
100% of the mobile apps contain at least 2 vulnerabilities
15 security or privacy issues are detected per app on average
33.7% of the mobile apps outgoing traffic has no encryption
Dark Web Exposure, Code Repositories and Cloud:
66% of the airports are exposed on the Dark Web
72 out of 325 exposures are of a critical or high risk indicating a serious breach
87% of the airports have data leaks on public code repositories
503 out of 3184 leaks are of a critical or high risk potentially enabling a breach
3% of the airports have unprotected public cloud with sensitive data
ZDNet writes, “the issues listed above could be credibly exploited to attack an airport authority, obtain a foothold on vulnerable systems, and then infiltrate an airport’s internal network.”
While most publicly disclosed prior attacks on airports haven’t jeopardized passenger safety as they were used for financial gain or political agendas, “cyber-attacks against airport systems are not an unimaginable scenario anymore and should be considered a possible response in the case of an escalation between two countries.”
It may not be convenient for us to use any of these three safest airports, but it’s at least comforting to know there are places where cybersecurity and passenger safety take precedence.
If you need assistance with Managed IT Security Services contact us at 714-970-9330.
– Emmy Seigler
- Artificial Intelligence: Better Living (and Working) through Automation - January 19, 2021
- Touchless Business: A New Era - January 14, 2021
- Automating Business Processes – How Can You Be Better? - January 6, 2021