Using Airport Wi-Fi May Take You For An Unexpected Ride

Flying those friendly skies may not be as friendly if you use free airport Wi-Fi. An increase in e-ticket hacking has many unsuspecting travelers wondering what went wrong with their plans. Leaving no stone unturned, hackers find that it pays to intercept passenger check-ins to their benefit. Recent revelations find that many airlines using e-ticketing and the check-in processes do not encrypt those Wi-Fi transactions. That’s great news for hackers who easily gain access to the same networks as passengers using public Wi-Fi. Not only can hackers see a ticket-holder’s information, in some cases they can change booking and boarding passes for their own benefit.

Despite endless warnings about how hack-able public Wi-Fi is, many still choose to use it. Researchers from Wandera found that hackers who gain access to public Wi-Fi can find out a lot about a traveler. The PII (Personally Identifiable Information) available to hackers are things like full name, frequent flyer points, confirmation number, passport ID, email, and mobile phone number. In other words, everything needed to book another flight and a boarding pass. For those who had their Wi-Fi hacked, it may not be until they try to board their flights that they find they may no longer have a ticket.

Wandera researchers alerted impacted airlines and government agencies after finding the flaws in December of 2018 with their processes. Worldwide, there are currently eight airlines involved with this particular Wi-Fi vulnerability and all have been notified. It’s not the first time airlines have had security vulnerabilities. Last year, British Airways and almost 400,000 of their customers had their credit card payments compromised. Air Canada and Delta also saw thousands of customers and their PII gone with the wind.

Keeping your PII safe while traveling takes a commitment, especially since PII is also under siege with phishing and malware attacks. Staying off public Wi-Fi, particularly when checking-in, is a great start. Security researchers strongly recommend performing all necessary communications, including check-in and printing your boarding pass, from home or another secure site before arriving at the airport. If you’re not able to connect from a secure site, use the cellular data from your device. It’s a small price to pay to know your PII and your seat on the airplane remain undisturbed. Remember, as stressful as airline travel can be, navigating your trip safely online can help make those skies much friendlier.

Stickley on Security
Published April 7, 2019