Whether they're planning to snorkel a barrier reef or just walks on the beach, all travelers face risks — starting when they connect to the internet via airport Wi-Fi.

Fraudsters troll free airport Wi-Fi signals and even impersonate those networks to get access to sensitive information such as credit card numbers and banking passwords transmitted through passengers’ laptops, tablets, and smartphones.

“It’s safe enough to check the latest sports scores, weather, or stock market on a newer device with updated software,” said Virginia Tech cybersecurity expert Matthew Hicks. “But it can be risky to perform financial transactions or work with sensitive data in the cloud while waiting to board your flight.”

Fortunately, Hicks has several proactive steps travelers can take to protect themselves, their finances, and their data.

Choose your networks carefully

The first measure of protection airline passengers can take is to look for airport signage or ask employees what Wi-Fi network they should use. 

“Proceed with caution, as attackers often create malicious networks with network names that look very similar to free public Wi-Fi accounts, adding an extra space or period to fool people,” Hicks said. “Connecting to the wrong network is like responding to that Nigerian prince’s email asking you to help them transfer money — it means you are now the focus of an attack.”

Unfortunately, even after connecting to the official airport Wi-Fi network, users remain vulnerable to a range of attacks.

Use secure websites

Because most airport networks connect without a secure password, all internet traffic going though them is vulnerable. 

“On public networks, data is sent without encryption, so anyone in the airport can see what your computer is sending and receiving with minimal effort. Fortunately, advances in web security can protect you from such threats via what’s known as HTTPS,” Hicks said. “By ensuring that all sensitive information like banking is done through an HTTPS website, you can encrypt and protect your data as it travels between your bank’s server and your device.”

To determine if a site is secure, ensure the URL begins with “https://” or check the address bar of your web browser for a lock icon. If either of these indicators are present, work you do on that site is protected, Hicks said.

Keep it private

Protecting your online work and entertainment at the airport requires a Virtual Private Network, or VPN. These paid services can boost your security from wherever you access the internet.

If you’re traveling for business, your employer may provide a VPN to protect their data and devices from malicious actors. However, anyone can purchase a VPN for added security while traveling.

“A VPN provides the same encryption and integrity as  HTTPS, but for all data between your computer and another computer,” Hicks said. “But VPN users should still do highly sensitive transactions using HTTPS websites. The VPN just protects you against attackers on the airport Wi-Fi.”

Another option is a personal hotspot that bypasses public Wi-Fi networks and connects to the internet via a cellular network.

“Using a hotspot where a phone connects to the cellular network and your computer connects to the hotspot provides security similar to a VPN,” Hicks said. “Just make sure the hotspot uses Wi-Fi Protected Access, known as WPA, with a strong password. Otherwise, an attacker could brute force their way into your hotspot network.”

About Hicks

Matthew Hicks is an associate professor of computer science in the College of Engineering at Virginia Tech. His research focuses on securing computer hardware and software.

Interview

To schedule an interview, please contact: Margaret Ashburn at mkashburn@vt.edu or 540-529-0814.

Contact:

Tags

Share this story