AOH :: ISNQ5775.HTM

Airlines system vulnerable to hackers at BIAL




Airlines system vulnerable to hackers at BIAL
Airlines system vulnerable to hackers at BIAL



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-1399493415-1261646051=:724
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://www.bangaloremirror.com/index.aspx?page=article§id=1&contentid=200912232009122302030019231da5603 

By Debi Prasad Sarangi
Bangalore Mirror
December 23, 2009 

Airlines, beware! With the Bangalore International Airport leaving the 
wi-fi hotspots unsecured at the airport, a hacker can break into the 
servers containing your databases and tamper with sensitive information 
pertaining to flight schedules and passenger details.

Not only that. The e-mail ID of a passeger surfing the net while waiting 
for his flight can be hacked to send a terror mail, and he could end up 
under the scanner of security agencies while the real culprit remains 
undetected.

Shockingly, the wi-fi access points in a sensitive area like BIA are 
still vulnerable to hacking, even after the danger facing open and weak 
wi-fi networks was exposed by Bangalore Mirror three months ago (=E2=80=98Wi-fi 
Way to Terror=E2=80=99, Sept 2).

To gauge the threat level facing wi-fi networks that service the 
international airport, Bangalore Mirror decided to check out the 
loopholes with the help of the team from www.indiacyberarmy.in (ICA). 
During the process of 'war driving', we found that nearly 90 per cent of 
all wi-fi networks are based on WEP (wired equivalent privacy) 
encryption and can be easily hacked into.

"This time, our entire operation lasted 15 minutes and the results were 
appalling. All we did was to check their security level, and all of them 
were quite weak, which means anyone with a reasonable knowledge of 
computers and the internet can easily penetrate the network.

"Just as importantly, almost all the wireless routers (internet access 
points) belonging toalmost all airlines operating through BIA were 
open," the moderator of the ICA team said. However, he chose not to 
elaborate on the weak networks due to security concerns.

The Sept 2 Bangalore Mirror story had highlighted the fact that there 
are more than 40,000 vulnerable wi-fi access points in the city, and a 
majority of them are unsecured as they are based on a weak WEP 
encryption code. Not only that, we had sent two e-mails to the DG&IGP 
Ajai Kumar Singh by hacking into two wi-fi networks during the exercise.

However, responding to our queries, the airport authorities stated that 
all security arrangements are in place to tackle cyber-related 
'problems'. But they seem to have ignored the Nov 14 guidelines issued 
by the Ministry of Communication and Department of Telecommunication 
(GoI), which direct all service providers to implement an online 
centralised authentication procedure for their subscribers by January 
14, 2010. "I wonder how this type of situation is still prevailing in 
sensitive establishments like airports. It is clear that the 
implementation of the centralised authentication procedure is not done 
over there (BIA). The internet service provider (ISP) concerned is to be 
held responsible for such negligence. Undoubtedly, the authority on 
whose premises these things are happening is responsible too," said 
Naresh Ajwani, secretary of the Internet Service Providers Association 
of India (ISPAI). According to him, of the 72 operational ISPs in the 
country 40-45 are members of ISPAI.

However, referring to the guidelines issued by Ministry of Communication 
and Department of Telecommunication (GoI), the BIAL authorities 
said,"BIAL is aware of the authenticated internet access mechanism and 
has meticulously implemented the mechanism since the opening of airport 
on May 24, 2008."


How to secure your wi-fi

Wi-fi networks are growing in popularity, but both service providers and 
users seem ignorant of the problems related to unsecured wi-fi. Such 
'hit and run' attacks can not only frame an innocent user, they also 
pose a technological challenge for law enforcement in India.

1) Change default administrators, user names and passwords
2) Enable WPA/WPA2 (Wi-fi Protected Access) encryption instead of WEP
3) Use strong pass phrase for WPA / WPA2
4) Change the default SSID (Service Set Identifier)
5) Disable SSID broadcast
6) Enable MAC Filtering for Access Control (a secured hardware address 
to avoid such hacking)
7) Make sure that you switch off your access points when not in use


--1457021584-1399493415-1261646051=:724
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org 
--1457021584-1399493415-1261646051=:724--

Site design & layout copyright © 1986-2014 CodeGods