Wednesday, November 26, 2008

Hacking Airport Wi-Fi

Richard Farina booted up his computer on an American Airlines flight in October from New York to San Francisco. It was one of the first commercial flights to offer wireless Internet service. Within a couple minutes of reaching 10,000 feet, Farina was snooping the airwaves with the ability to see what his fellow passengers were doing without having to leave his cramped middle seat.
Farina isn't a bad guy. He was just doing his job as a so-called white-hat hacker for AirTight Networks, a manufacturer of wireless intrusion protection hardware and software. AirTight's chief executive, David King, sends hackers out for unsolicited security assessments. Earlier this year he dispatched Farina and a few other of his 100-plus employees to collect wireless security data at 20 U.S. airports and a few abroad. They found rampant phony Wi-Fi hot spots created by phishers and, at several large airports, plenty of open or insecure networks run by critical operations such as baggage handling and ticketing. Almost all public networks allowed data such as user names and passwords to pass through the air unencrypted. Only 3% of people used something more secure.