97% of airports showing signs of weak CyberSecurity


Digital Technology Unlocked

Cyber SecurityTech News

97% of airports showing signs of weak CyberSecurity

New research has shone on a light on what appears to be a shocking lack of security at the world’s airports.

Boffins at ImmuniWeb took a look at 100 of the world’s largest airports, and only found three that passed with flying colours for their web and app security.

According to research published by ImmuniWeb, “97 out of 100 the world’s largest airports have security risks related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.”

Problems with the airports’ official websites included:

  • outdated web software (97%)
  • known and exploitable vulnerabilities (24%)
  • not GDPR compliant (76%)
  • not PCI DSS compliant (73%)
  • and no SSL encryption or the use of obsolete SSL version 3 (24%)

Furthermore, a test of 36 official airport smartphone apps found a grand total of 288 mobile security flaws (15 per app on average).

According to the researchers, 100% of the mobile apps contained vulnerabilities, with 15 security or privacy issues detected per app on average.

Disappointingly, 33.7% of the mobile apps sent outgoing traffic with no encryption. So, maybe you should remember to pack your VPN, after all?

The only international airports which passed with top grades were Schiphol airport in Amsterdam, Helsinki-Vantaa airport in Finland, and Ireland’s Dubin airport.

“Given how many people and organizations entrust their data and lives to international airports every day, these findings are quite alarming. Being a frequent flyer, I frankly prefer to travel via the airports that do care about their cybersecurity,” said Ilia Kolochenko, CEO and founder of ImmuniWeb. “Cybercriminals may well consider attacking the unwitting air hubs to conduct chain attacks of the travelers or cargo traffic, as well as aiming attacks at the airports directly to disrupt critical national infrastructure.”