Nebraska's #1 Voted Computer Repair Company

Terrorists Could Get Free Boarding Passes Because of This Glitch

Every week on our radio shows we take calls from listeners with devices that require passwords. Routers, computers, external hard drives, camera systems, and all kinds of other Internet devices all come with default passwords that you are supposed to change when you first hook them up.

So many people and businesses skip this step that a search engine has popped up to allow you to search for exposed devices.

When it comes to the Stewart International Airport in New York, you would think its network administrator would take the time to secure all of their devices.  Apparently that is not the case.

Airport Security Compromised by Unsecured Buffalo DriveFor over a year the airport, an hour north of Manhattan, was backing up all of their critical systems to a Buffalo external network hard drive.  Unfortunately, the backup was never password protected and the backup images were available to the general public.

Once downloaded, these backup images contained staff email accounts, HR payroll data of employees, DHS memos marked “sensitive,” schematics of airport infrastructure, and a document called “password list” that contained all of the user names and passwords for the airport’s internal computer systems.

In a best case scenario, the data contained on the drive would have allowed a terrorist on the no-fly list to create a valid boarding pass for any flight departing from the airport.

In a more dire scenario, a would-be terrorist could have used the information about the airport infrastructure and the detailed descriptions of DHS passenger screening to increase the odds of successfully bypassing security.

The hard drive was recently secured, effectively closing the vulnerability, but that damage has already been done.  Now passwords for every system on the airport’s network will need to be changed, among other actions.

So if you have a “Internet of Things” device in your home or business, take this opportunity to change its default password.  If not, your home or office could end up on the same online search engine that helps hackers find vulnerable systems.

If you enjoyed this article, please review it and tell us what you think!

Share this post