Only 3 Out of 100 Airports Meet Basic Cybersecurity Standards

By Ava McKinneyOnline Safety

Only 3 Out of 100 Airports Meet Basic Cybersecurity Standards

Experts from ImmuniWeb have analyzed the cybersecurity of the world’s 100 largest international airports. As a result, only three airports met the researchers’ numerous requirements: Amsterdam Schiphol Airport, Helsinki-Vantaa Airport in Finland, and Dublin International Airport in Ireland.

How the Security Assessment Was Conducted

The security checks included tests of public websites, official mobile applications, and searches for leaks of confidential data belonging to the airports or their passengers through cloud services, public repositories, and the dark web. Specifically, ImmuniWeb experts checked:

  • Proper implementation of HTTPS;
  • Whether the airport’s mail server supports SPF, DKIM, and DMARC;
  • If the website’s CMS is updated to the latest version and free of vulnerable components;
  • Compliance with PCI DSS, NIST, and HIPAA standards;
  • Presence of a Web Application Firewall (WAF) in airport systems;
  • Correct configuration of cookies, headers, and related settings;
  • Whether mobile apps contain components vulnerable to known exploits;
  • If mobile apps rely on third-party libraries and frameworks;
  • Whether mobile apps use basic security settings and avoid unsafe coding practices;
  • If airport-related data is accessible in public cloud storage services;
  • If airport-related data is available in public repositories;
  • If airport-related data is found on the dark web or hacker sites.

The assessment revealed that 97% of airports have various cybersecurity issues, with the majority of problems found on their websites.

Website Issues

  • 97% of websites run outdated software;
  • 24% of websites contain known vulnerabilities;
  • 76% and 73% of websites do not comply with GDPR and PCI DSS, respectively;
  • 24% of websites lack SSL encryption or use outdated SSLv3;
  • 55% of websites are protected by a WAF.

Mobile Application Issues

  • 100% of mobile apps contain at least 5 external frameworks;
  • 100% of mobile apps have at least 2 vulnerabilities;
  • On average, each app has 15 different privacy issues;
  • 33.7% of outgoing mobile app traffic is unencrypted.

Data Leaks

  • Data from 66% of airports can be found on the dark web;
  • 87% of airports have data leaks in public repositories;
  • 503 out of 3,184 leaks are classified as critical or high risk, potentially leading to breaches;
  • 3% of airports use unsecured public cloud storage for confidential data.

Leave a Reply