Lying on Gang Chair at the Airport

Post submitted by Jayde Lynch

ImmuniWeb, a Swiss cyber defense company, performed an audit of the world’s top 100 airports and discovered that all but three are running outdated security software and are thus vulnerable to cyberattacks. Since airport servers contain passenger information, the 100 most popular airports in the world combine for one of the largest civilian intelligence repositories. If the cyber defenses of virtually every major international airport are compromised, the information of nearly every frequent flyer is at risk of exposure.

Websites, Apps, and Cloud Storage are all Vulnerable

In addition to the 100 airports’ main websites, ImmuniWeb audited 36 of their mobile applications and 13 of their cloud storage units and found vulnerabilities in all three domains. In fact, mobile applications are even more vulnerable than websites, as security flaws were found in every single app. Perhaps the most concerning statistic is that three of the 13 external cloud storage drives are without protection, meaning that three percent of the airports have information publicly available in the cloud. Hackers have already exploited such weaknesses: 87 percent of these airports have experienced data leaks to public code repositories. 

The Three Most Secure Airports

ImmuniWeb graded all 100 airports on a A+ to F scale. Twenty-four were given an F, which signifies that “exploitable and publicly known security vulnerabilities were found”; 47 received a C for harboring security vulnerabilities and several serious misconfigurations; a B was given to the 11 airports that revealed several minor issues in their software or insufficient security hardening; and 15 were lucky enough to receive an A, signifying minor issues in their software or slightly insufficient hardening.

Only three airports received an A+ for flawless security systems: Amsterdam Airport Schiphol, Helsinki-Vantaa Airport, and Dublin Airport. All three are in Europe, which was represented in this survey by 33 total airports. Asia has 35, North America 19, Australia 6, Africa 4, and South America 3. Cyber vulnerability is thus a worldwide issue, so individuals and businesses should remain vigilant of data breaches regardless of where they operate.

66 Percent of Airports Exposed to the Dark Web

The dark web is a criminal underworld in the dark recesses of the internet. Residents traffic in sensitive data stolen from the compromised servers of millions of parties, airports included. The ImmuniWeb report illustrates that 66 percent of the surveyed airports are exposed to the dark web. Thirteen percent of these airports were found to have critical breaches, which indicates that some of their confidential data has recently leaked into the cybers ewer. The worst part about the dark web is that its resident hackers are real people with potentially bad intentions, rather than agent-less programs that spam your inbox with porn.

It’s worth noting that this report comes from a cybersecurity company, not an impartial research firm, so data may be exaggerated. However, owing to the scope and frequency of data breaches occurring to high-profile – and presumably “secure” – organizations, ImmuniWeb has provided a valuable forewarning. Instead of learning about software vulnerabilities after a publicized hack, we’ve been educated beforehand, allowing both airports and passengers to proceed more carefully with sensitive information.