wigstheone
Jan 14, 02, 12:19 pm
As the airline industry scrambles to meet a Jan. 18 deadline to screen every checked bag for explosives, security experts, analysts and government officials are raising serious concerns about the security of wireless technology that's integral to the effort.
At issue is the adoption by airlines of industry-standard 802.11b, or WiFi, wireless LANs operating in the 2.4-GHz band. These systems, which are widely viewed as inherently insecure, are being used to support such applications as bag matching and curbside and roving-agent check-in.
The concerns appear to be justified, based on two investigations that were conducted last week by professional security firms that analyzed airline wireless LAN systems at Denver International Airport and San Jose International Airport.
The analysis in Denver was conducted Jan. 9 by White Hat Technologies Inc., a Westminster, Colo.-based security firm. It revealed that American Airlines Inc. operated wireless LANs totally in the clear without any encryption in its portion of the DIA terminal.
The vulnerability of the American Airlines wireless LAN networks was highlighted by the fact that the security specialists witnessed an intrusion while conducting their monitoring. According to a report furnished to Computerworld, security of the wireless LANs supporting Fort Worth, Texas-based American's curbside check-in stands was further compromised by the fact that the IP address of the curbside terminal was prominently pasted on the monitor.
Except for an administrative network operated by the Denver International Airport authority itself, none of the networks monitored by the security specialists had turned on even the simplest form of encryption: the 40-bit Wired Equivalent Privacy encryption algorithm.
http://www.computerworld.com/storyba/0,4125,NAV47_STO67344,00.html
At issue is the adoption by airlines of industry-standard 802.11b, or WiFi, wireless LANs operating in the 2.4-GHz band. These systems, which are widely viewed as inherently insecure, are being used to support such applications as bag matching and curbside and roving-agent check-in.
The concerns appear to be justified, based on two investigations that were conducted last week by professional security firms that analyzed airline wireless LAN systems at Denver International Airport and San Jose International Airport.
The analysis in Denver was conducted Jan. 9 by White Hat Technologies Inc., a Westminster, Colo.-based security firm. It revealed that American Airlines Inc. operated wireless LANs totally in the clear without any encryption in its portion of the DIA terminal.
The vulnerability of the American Airlines wireless LAN networks was highlighted by the fact that the security specialists witnessed an intrusion while conducting their monitoring. According to a report furnished to Computerworld, security of the wireless LANs supporting Fort Worth, Texas-based American's curbside check-in stands was further compromised by the fact that the IP address of the curbside terminal was prominently pasted on the monitor.
Except for an administrative network operated by the Denver International Airport authority itself, none of the networks monitored by the security specialists had turned on even the simplest form of encryption: the 40-bit Wired Equivalent Privacy encryption algorithm.
http://www.computerworld.com/storyba/0,4125,NAV47_STO67344,00.html