SDMmag logo
search
Go to Ask SDM AI
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
SDMmag logo
  • NEWS
  • PRODUCTS
  • TOPICS
    • Access Control & Identification
    • Integration & Network Solutions
    • Life Safety & Fire Alarm
    • Monitoring
    • Smart Home
    • Trends & Industry Issues
    • Video Solutions
  • COLUMNS
    • Digital Shuffle
    • Editor's Angle
    • Insider News & Business
    • Integration Spotlight
    • Marketing Madmen
    • Security & the Law
    • Security Comings & Goings
    • Security Networkings
    • Technology @ Work
    • Technology Solutions & Skills
    • SIA Waypoints
    • Cybersecurity Chronicle
  • EXCLUSIVES
    • Annual Industry Forecast
    • Dealer of the Year
    • Project of the Year
    • SDM 100
    • State of the Market Series
    • Systems Integrator of the Year
    • Top Systems Integrator Report
    • TMA Excellence Awards
  • BLOG
  • MEDIA
    • Videos
    • Podcasts
    • Polls
    • White Papers
  • EVENTS
    • Industry Calendar
    • Webinars
  • MORE
    • Classified Ads
    • Newsletters
    • SDM Store
    • State of Security eBook
    • Sponsored Insights
  • BUYERS GUIDE
    • Buyers Guide
    • Take a Tour
  • EMAG
    • eMagazine
    • Archive Issues
    • Monitoring Today
    • Advertise
  • SIGN UP!
SDM Newswire

97 of 100 World's Largest Airports are Vulnerable to a Cyberattack

Doorway to Cybersecurity
January 29, 2020

New research finds that 97 out of 100 the world's largest airports have security risks related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.

The report from web security company ImmuniWeb is based on its analysis of cybersecurity, compliance and privacy of the world's largest airports.

During the research, ImmuniWeb identified three international airports that successfully passed all the tests without a single major issue being detected:

  1. Amsterdam Airport Schiphol (EU)
  2. Helsinki-Vantaa Airport (EU)
  3. Dublin Airport (EU)

Main Website Security

According to the research only 3 main (“www.”) websites of the airports received the best possible “A+” grade, 15 got an “A” grade, the report says.

As many as 24 of the main websites had a failing “F” grade, it says, meaning that they had outdated software with known and exploitable security vulnerabilities in CMS (e.g. WordPress) and/or web component (e.g. jQuery). Some of the websites even had several vulnerable components, such as:

  • 97% of the websites contain outdated web software
  • 24% of the websites contain known and exploitable vulnerabilities
  • 76% and 73% of the websites are not compliant with GDPR and PCI DSS respectively
  • 24% of the websites have no SSL encryption or use obsolete SSLv3
  • 55% of the websites are protected by a WAF

Mobile Application Security

The research found and tested 36 official mobile applications belonging to the airports. In total, 530 security and privacy issues were identified, including 288 mobile security flaws (15 per application on average). It found that:

  • 100% of the mobile apps contain at least 5 external software frameworks
  • 100% of the mobile apps contain at least 2 vulnerabilities
  • 15 security or privacy issues are detected per app on average
  • 33.7% of the mobile apps outgoing traffic has no encryption

Dark Web Exposure, Code Repositories and Cloud

After purification of the results, the research team found that 66 out of the 100 airports are exposed on the Dark Web in one way or another. 13 airports have leaks or exposures of a critical risk:

  • 66% of the airports are exposed on the Dark Web
  • 72 out of 325 exposures are of a critical or high risk indicating a serious breach
  • 87% of the airports have data leaks on public code repositories
  • 503 out of 3184 leaks are of a critical or high risk potentially enabling a breach
  • 3% of the airports have unprotected public cloud with sensitive data

Ilia Kolochenko, CEO & Founder of ImmuniWeb, says: “Given how many people and organizations entrust their data and lives to international airports every day, these findings are quite alarming. Being a frequent flyer, I frankly prefer to travel via the airports that do care about their cybersecurity. Cybercriminals may well consider attacking the unwitting air hubs to conduct chain attacks of travelers or cargo traffic, as well as aiming attacks at the airports directly to disrupt critical national infrastructure. Today, when our digital infrastructure is extremely intricate and intertwined with numerous third-parties,  holistic visibility of your digital assets and attack surface is pivotal to ensure the success of your cybersecurity program. Without it, all your efforts and spending are unfortunately vain.”

Kolochenko recommends that enterprises:

  • Implement a continuous security monitoring system with anomaly detection to spot intrusions, phishing and password re-use attacks.
  • Run a continuous discovery and inventory of your digital assets, visualize your external attack surface and risk exposure with a solution that is enhanced with Dark Web and code repositories monitoring.
  • Implement a holistic, DevSecOps-enabled application security program to test and remediate web and mobile applications, APIs and OSS in a timely manner.
  • Implement a third-party risk management program encompassing continuous monitoring of vendors and suppliers, going beyond a paper-based questionnaire.
  • Invest in security awareness of personnel, explain the risks of using professional emails on third-party resources, gamify anti-phishing training and reward the best learners.

Looking for quick answers on security topics? Try Ask SDM, our new smart AI search tool. Ask SDM →

This article was originally posted on www.securitymagazine.com.
KEYWORDS: airport security cyber security cybercrime cybersecurity

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
to unlock your recommendations.

Already have an account? Sign In

  • 2026 Top Systems Integrators

    SDM’s 2026 Top Systems Integrators Find Their Lane

    In a market defined by AI, convergence and economic...
    Exclusives
    By: Karyn Hodgson
  • SDM 100

    SDM 100: Top 100 Security Dealers of 2026

    The top 100 security dealers navigated a complex...
    SDM 100 Report
    By: Karyn Hodgson
  • Security camera

    State of the Market: Video Surveillance

    As video surveillance shifts from siloed systems to...
    State of the Market Series
    By: Brianna Wilson
Manage My Account
  • SDM Newsletters
  • Online Registration
  • eMagazine Subscriptions
  • Subscription Customer Service
  • Manage My Preferences

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the SDM audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of SDM or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Doctor examining child patient with mother present in medical clinic
    Sponsored byHID

    The Human Side of Hospital Security: How Modern Visitor Management Protects People First

Popular Stories

2026 Top Systems Integrators

SDM’s 2026 Top Systems Integrators Find Their Lane

OnWatch

Navigating the ‘Wide Open Ocean’ of Video Monitoring

Zeus Fire and Security & SEi Teams

Zeus Fire and Security Acquires SEi to Expand its Midwest Presence

Schneider Electric sponsored webinar fire alarms webinar fire alarms webinar

Events

July 23, 2026

Fire Alarms in Focus: Tech Trends, Code Changes & Business Growth Strategies

LIVE: July 23, 2026 at 2 PM EDT SDM will explore how companies are expanding their fire offerings, increasing recurring revenue, and strengthening customer relationships. Discover practical insights to help position your company for success.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Poll

What’s the most promising trend in the industry?

What’s the most promising trend in the industry?
View Results Poll Archive

Products

Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
SDM 100 2026 Rankings

Related Articles

  • image of Hybrid Trends Report 2023 cover

    Netwrix Annual Security Survey: 68% of Organizations Experienced a Cyberattack Within the Last Year

    See More
  • The World’s Largest CCTV Camera

    See More
  • NSCA Financial Analysis of the Industry

    NSCA’s 2025 Financial Analysis Delivers Insight into Financial Performance of Nearly 100 Integrators

    See More
×

Be in the forefront of security intelligence when you receive SDM.

Join over 10,000+ professionals when you subscribe today.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Directories
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing