Shocking Results when the Top 100 International Airports were Tested for Security

By:  |  Category: Cloud Tuesday, February 4th, 2020  |  No Comments

All that time in line, waiting to get past TSA and airport security. It does help strengthen the image that airports are a sort of fortress, an impenetrable concrete waiting room…

Well If that’s also the image you get when thinking of LAX or MIA, you’d be surprised to know that “only three of the world’s Top 100 international airports pass basic security checks, according to a report published last week by cyber-security firm ImmuniWeb.”

Three? That is? And those three weren’t even in the United States. The airports that passed included; Amsterdam Schiphol Airport in the Netherlands, Helsinki Vantaa Airport in Finland, and the Dublin International Airport in Ireland.

ImmuniWeb said in a statement after the results, these airports “may serve a laudable example not just to the aviation industry but to all other industries as well.”

The security checks presented to all 100 international airports included public website checks, official mobile applications, and searches for airport data or passenger information in cloud services, public forums, or the dark web.

Scans were run for proper implementations of HTTPS, server supports, website management systems, compliance tests, firewalls, known exploits, third party software, unsafe coding techniques, and public cloud storage services/darkweb related websites.

“97% of the tested airports had problems with their cyber-security posture, and primarily with their public websites.” Stats are as follows:

Main Website Security:

97% of the websites contain outdated web software

24% of the websites contain known and exploitable vulnerabilities

76% and 73% of the websites are not compliant with GDPR and PCI DSS respectively

24% of the websites have no SSL encryption or use obsolete SSLv3

55% of the websites are protected by a WAF

Mobile Application Security:

100% of the mobile apps contain at least 5 external software frameworks

100% of the mobile apps contain at least 2 vulnerabilities

15 security or privacy issues are detected per app on average

33.7% of the mobile apps outgoing traffic has no encryption

Dark Web Exposure, Code Repositories and Cloud:

66% of the airports are exposed on the Dark Web

72 out of 325 exposures are of a critical or high risk indicating a serious breach

87% of the airports have data leaks on public code repositories

503 out of 3184 leaks are of a critical or high risk potentially enabling a breach

3% of the airports have unprotected public cloud with sensitive data

ZDNet writes, “the issues listed above could be credibly exploited to attack an airport authority, obtain a foothold on vulnerable systems, and then infiltrate an airport’s internal network.”

While most publicly disclosed prior attacks on airports haven’t jeopardized passenger safety as they were used for financial gain or political agendas, “cyber-attacks against airport systems are not an unimaginable scenario anymore and should be considered a possible response in the case of an escalation between two countries.”

It may not be convenient for us to use any of these three safest airports, but it’s at least comforting to know there are places where cybersecurity and passenger safety take precedence. 

If you need assistance with Managed IT Security Services contact us at 714-970-9330.

– Emmy Seigler

Source: https://www.zdnet.com/article/only-three-of-the-top-100-international-airports-pass-basic-security-checks/

Leave a Comment
Read previous post:
Avast in the Hot Seat for Selling Users Data

According to a joint investigation by PCMag and Motherboard, the widely used antivirus solution Avast has been profiting off of...