Wi-Fi security threats to air travelers identified

In January, a CBC news report revealed that Canada’s electronic spy agency utilized data from a free Internet Wi-Fi service at a major Canadian airport to track the wireless devices of thousands of ordinary air travelers “for days after they left the airport”.

Now a recent news report in Canada’s Globe & Mail (Researcher connects dots on spy agency’s monitoring of Wifi), projects that the airport was Toronto Pearson, the nation’s busiest port of entry. (If you are outside the Globe & Mail paywall, here are the key points).

The newspaper reported that national security researcher Bill Robinson found that Toronto Pearson Airport served as the seed location for the mass surveillance experiment conducted by Communications Security Establishment Canada (CSEC) in 2012.

The experiment came to light through documents released by U.S. whistleblower Edward Snowden. When made public in January, industry experts including Ontario’s Information and Privacy Commissioner, claimed that the clandestine operation was almost certainly illegal.

Now further research released by Robinson, gleaned from Snowden’s documents note that wireless devices ensnared in this experiment were tracked across Canada, ranging from Wi-Fi locations in Vancouver to Calgary, Edmonton, Sudbury, Ottawa, Montreal, Quebec City, Halifax, St. John’s, and even Fort Smith, NWT.

Wireless detection were also made at several locations around the world, including: Kuala Lumpur, Hong Kong, Tokyo, Havana, Paris, Amsterdam, Rome, what appear to be two cities in India, as well as many sites in the United States.

According to Robinson, wireless detection was also made at a large number of U.S. sites, including: Los Angeles, the San Francisco Bay area, Salt Lake City, Chicago, Detroit, Atlanta, St. Petersburg, Charleston, New York City, and Washington.

There is no concrete evidence that CSEC and the National Security Agency (NSA) in the United States cooperated in this experiment, but BiometricUpdate.com has reported on efforts by governments in North America to increase their use of “Big Data” technologies to spy on their citizens. BiometricUpdate.com has also reported that the U.S. government has spent copious amounts of money on its intelligence efforts.

While such spending has occurred to address national security at ports of entry, other risks remain. In terms of wireless technologies, a recent report from Reuters has come to light that show security holes in “onboard Wi-Fi on aircraft or inflight entertainment systems can be used to to hack into avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft’s navigation and safety systems”.

According to authentication experts at Authentify, a leader in multi-factor authentication provider in the healthcare and finance fields, this vulnerability is possible due to unsecured Wi-Fi and poor authentication practices. Using digital certificates and hardening on-board systems is a requisite in mitigating these kinds of threats.

“All of these vulnerabilities and breaches stem from two things: Failures in network security thinking to understand and counter emerging threats, and following the old adage: I don’t need more security until something happens,” said Ken Balich, Chief Information Security Officer at Authentify. “Unfortunately that’s too late and many can pay a steep price.”

With all the threats confronting air travelers, the Biometrics Research Group will explore issues confronting port security in its next Special Report. Special Reports from BiometricUpdate.com provides analysis and competitive industry intelligence for the global biometrics industry including market size, multiple industry segments, venture capital and other business opportunities, along with in-depth profiles on the best emerging companies and solutions.

Article Topics

airports  |  authentication  |  national security  |  privacy  |  security  |  surveillance  |  wireless