Home GDPR #Privacy: Most of the world’s biggest airports having cybersecurity weaknesses
GDPR - February 17, 2020

#Privacy: Most of the world’s biggest airports having cybersecurity weaknesses

Exploring the current state of aviation transportation security, Immuniweb has conducted research on cybersecurity, compliance and privacy of some of the world’s largest airports.

Immuniweb built upon previous research dedicated to application security of top banking institutions, including comprehensive coverage of their web, mobile and API security. The methodology of this research was also complemented with OSINT-based:

  • Discovery and non-intrusive security testing of public cloud storages (e.g. AWS S3)
  • Monitoring of Dark Web exposure (e.g. marketplaces and forums)
  • Monitoring of public code repositories (e.g. GitHub)

Key findings of the report

Main Website Security:

  • 97 percent of the websites contain outdated web software
  • 24 percent of the websites contain known and exploitable vulnerabilities
  • 76 percent and 73 percent of the websites are not compliant with GDPR and PCI DSS respectively
  • 24 percent of the websites have no SSL encryption or use obsolete SSLv3
  • 55 percent of the websites are protected by a WAF

Mobile Application Security:

  • 100 percent of the mobile apps contain at least 5 external software frameworks
  • 100 percent of the mobile apps contain at least 2 vulnerabilities
  • 15 security or privacy issues are detected per app on average
  • 33.7 percent of the mobile apps outgoing traffic has no encryption

Dark Web Exposure, Code Repositories and Cloud:

  • 66 percent of the airports are exposed on the Dark Web
  • 72 out of 325 exposures are of a critical or high risk indicating a serious breach
  • 87 percent of the airports have data leaks on public code repositories
  • 503 out of 3184 leaks are of a critical or high risk potentially enabling a breach
  • 3 percent of the airports have unprotected public cloud with sensitive data

Top 3 Most Secure Airports

During the research Immuniweb identified 3 international airports that successfully passed all the tests without a single major issue being detected:

  1. Amsterdam Airport Schiphol (EU)
  2. Helsinki-Vantaa Airport (EU)
  3. Dublin Airport (EU)

Ilia Kolochenko, CEO & Founder of ImmuniWeb, comments:

“Given how many people and organizations entrust their data and lives to international airports every day, these findings are quite alarming. Being a frequent flyer, I frankly prefer to travel via the airports that do care about their cybersecurity.

“Cybercriminals may well consider attacking the unwitting air hubs to conduct chain attacks of the travelers or cargo traffic, as well as aiming attacks at the airports directly to disrupt critical national infrastructure.

“Today, when our digital infrastructure is extremely intricate and intertwined with numerous third-parties, holistic visibility of your digital assets and attack surface is pivotal to ensure success of your cybersecurity program. Without it, all your efforts and spending are unfortunately vain.”

The post #Privacy: Most of the world’s biggest airports having cybersecurity weaknesses appeared first on PrivSec Report.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Analysis: The Cyber Impact of Biden/Putin Summit Meeting

Experts Discuss Impact of ‘Transformational Moment’After U.S. President Joe Bi…