Airports provide the perfect conditions for you to be victimized by hackers via public WiFi. Most people let their guard down because the place can seem so secure. You’ve just walked through a metal detector, taken off your shoes, had your bottled water confiscated, and, perhaps, been required to power on your laptop under the vigilant stare of the TSA.
You’re about to hop on a plane and will likely be incommunicado for hours, unless you want to fork over big bucks for spotty airline WiFi. In the moment, the pressure can be on to quickly send that email, check your bank balance, make that payment, or download your vacation itinerary. Right! Now!
Since many airports host free public WiFi, hopping on it prior to takeoff can feel like a completely normal and secure thing to do since you’ll soon be cut off from civilization, cooped up in that big metal tube. And, when you’re landing somewhere, after several hours offline, you’re usually eager to hop on a network, put in a request for an Uber, confirm your reservations, and check your inbox while you wait for your bags.
And though a lot of airports host very slow WiFi (we’re looking at YOU Montreal, Atlanta, New York – all three airports! – and Detroit…), it can be tempting to use it when it’s available, either in an effort to preserve your cellular data or because even slow WiFi seems a little faster than your phone’s connection.
Unfortunately, airports are notorious for having phony WiFi hotspots. These honeypots are set up by hackers looking to take advantage of your distraction. Thieves know you’re desperate to be connected, don’t want to have to pay for access, and may not be as vigilant as usual. Plus, especially for organized cybercriminal rings (like those who’ve been caught targeting hotel networks), the “clientele” of many airports presents some potentially high-value data, for both corporate and international espionage.
But don’t feel left out if you’re “just” a leisure traveler! Garden-variety identity thieves and other hackers seeking banking information have also been caught hosting fake airport WiFi in an effort to steal from you, too.
On December 21, 2016, Lifehacker posted part of a blog piece written by Domenico Bettinelli detailing out his experience with fake JetBlue WiFi.
I was recently at New York’s JFK airport in the JetBlue terminal, where they have prominent signs offering free wi-fi, courtesy of the airline. But when I went to connect, I noticed that several options were available including one labeled “default” and another labeled “JetBlue free hotspot.” It turns out that the former was the actual free hotspot and the latter was the honeypot.
And the threat isn’t isolated to hotspots set up to lure you in by the bad guys. Legit WiFi hosted at the airport is still susceptible to the same threats as any public WiFi. There are still sniffers intercepting unencrypted information and grabbing access credentials when they can, even from the hoity-toity “private” WiFi networks of the airline lounges.
What does this mean?
It’s safe to presume that when you’re using airport WiFi, your personal information is unprotected and available to crooks. Whether you paused to make sure you were connecting to an official network or hopped on the first free phony one that didn’t make you watch ads for access, everything you do on WiFi at the airport is potentially susceptible to interception and likely exploitation.
Why is airport WiFi so riddled with thieves?
Theories vary, but many security specialists point the finger at both budget constraints for the municipal transportation authorities that are responsible for most airports and to the fact that it’s quite costly and complicated to secure a large, high-traffic location like an airport. Couple that with the distracted nature of the traveling public and it’s clear why setting up scams at the airport is irresistible to cybercriminals.
What can you do?
As a practice, avoid connecting to the airport WiFi, as tempting as it may be. Sticking to your cellular signal, including using your phone as a hotspot for your other devices, is your safest bet.
Alternately, if you feel like you absolutely must use airport WiFi, only connect to WiFi you can confirm is legit. And, even then, don’t access banking information or sensitive work documents while connected. At the airport, take the same precautions to protect your privacy as you would with any public WiFi.
To be even more secure, use a Virtual Private Network (VPN) while you’re connected to the official airport WiFi. If you travel a lot and don’t have a VPN, it’s probably worth looking into. They’re relatively inexpensive and simple to use. And, regardless of WiFi speeds, you’re safest connecting through a VPN because your data – including passwords, credit card numbers, and other personal information – will be encrypted, which is essential in the notably sketchy airport WiFi environment.
Next time you’re at the airport and get the urge to use the free WiFi, consider sticking to your phone’s network or be really careful!