The perils of travel have not abated, as fraudsters are usually a step ahead. Hackers can interfere with your safety as well as your identity.
Your data is not secure at a cruising altitude of 30,000 miles or when you are traveling by train or especially a rental car. Hacking is prevalent no matter what form of transportation a traveler chooses.
Planes, trains and automobiles are powered and managed by highly connected networks and systems that share internet protocol addresses between the critical control systems and the passenger Wi-Fi hotspot networks, said Chris Morales, head of security analytics at Vectra, a San Jose, Calif.-based provider of automated threat management solutions. While the networks are usually segregated by some form of firewall, they can be penetrated by hackers — sometimes posing as travelers.
Hackers have already targeted these forms of transportation as more consumers opt to use them as they travel, opening themselves up to the possibility of infecting their devices with malware or having their passwords stolen.
Here’s Where it Gets Dangerous
While hacking a shared Wi-Fi network is “fairly trivial” for people who understand how networks and systems operate, penetrating the critical control systems on airplanes, trains and cars is much more difficult, said Morales. But it can be done.
“A passenger on any of these vehicles could hack the onboard network, compromise users on the shared WiFi hotspot network or worse, bypass the firewall to compromise the critical control systems while the vehicle is in operation,” he said.
The fraudsters can also target other systems such as electrical grids in order to hamper transportation throughout the country, such as the recent outage in the Atlanta airport where there was a lack of power for nearly 11 hours, said Chris Roberts, chief security architect at Acalvio, a Santa Clara, Calif.-based provider of advanced threat detection and defense solutions.
“We can now sit in the comfort of our hacking basements and manipulate the grid at will,” he said. “There are some interesting arguments that have been put forward concerning the ability to move from the electronic attacks into kinetic ones that can cause direct or indirect damage. Who knows if Atlanta was caused by such a thing?”
The current rail system in the U.S. is wide open and vulnerable to all forms of attack since many of the Amtrak trains can be breached from within, Roberts said. While experts and law enforcement are still investigating the cause of December Amtrak incident, cyber security experts are aware that wireless, wired and other forms of attacks are “not only possible and probable, but should be expected,” he said.
“The signal systems are well and truly open to the elements when it comes to the ability to attack them at the electronic level,” Roberts said.
Rental Car Cache
Rental cars are not immune from the attention of hackers who can easily compromise an automobile’s drive, safety or other control systems, said Nathan Wenzler, chief security strategist at AsTech, a San Francisco-based security consulting company.
“As more and more automobiles rely more heavily on software to operate all of their safety and control functions, there has always been a concern that unknown vulnerabilities in this software can be exploited and put drivers and passengers at risk,” he said.
The good news is that the majority of the exploits require a sophisticated understanding of the software and the methods in which these systems connect and function.
Simply having access to the vehicle is not enough since hackers must possess a level of expertise that “most casual hackers don’t possess,” Wenzler said.
While drivers are often fervent fans of the mapping, infotainment and phone systems in newer vehicles, many of them are not aware of the security risk created when they connect their smartphones to the media system.
“Bluetooth makes it very easy to connect your phone to a car’s media systems, allowing the use of your phone hands-free, along with music playback from your device,” he said. “These systems also generally load all of your related personal information to the car’s storage, including your contacts list, your internal phone information and any other personal information about yourself you may include in the phone.”
All of this data is being saved to the car’s memory and it is left behind for the next driver to obtain when they rent the car.
“I’ve personally found this on well over half the cars I’ve rented in the last few years and in many cases, there are more than one driver’s phone, contacts and personal information stored,” Wenzler said. “It’s a much larger problem for identity theft and other malicious use and is trivial to obtain from any vehicle.”
The number of drivers in rental cars easily increase the odds.
“It is more likely that more people will pair their phones to the car without clearing the information when they return it,” he said.