Midair Hack Shows the Dangers of In-Flight Wi-Fi
‘This is far more serious than in your home, because there are 200 or 300 people at once’
The security of airline computer systems was called into doubt last year when cybersecurity consultant Chris Roberts hacked into airline computer systems and controlled aircraft engines during flight. But the Wi-Fi connections airlines offer their passengers on flights are just as liable to be hacked.
USA Today reporter Steven Petrow wrote a column this week detailing how his computer was hacked while he was using American Airlines’ in-flight Gogo Wi-Fi. A passenger in the seat behind him hacked into his email and read every message he sent and received during the flight.
Mr. Petrow outlines many of the implications of this invasion of privacy, but one issue he doesn’t delve into is the inherent problem with airplane Wi-Fi. While access to in-flight Wi-Fi has increased 179 percent in the last three years, many airlines have not outfitted their Wi-Fi networks with the proper security, which means hacks like the one Mr. Petrow experienced could become more common if changes aren’t made soon.
Richard Blech, founder and CEO of the cybersecurity firm Secure Channels, explained to the Observer that there are different kinds of midair hacks. The most sinister hack starts with simply getting the Wi-Fi password for the plane from a member of the crew. Any passenger who uses a free hacking tool or code reader online (they can be easily searched on Google) can then input the password and open the plane’s Wi-Fi channel, even if it is encrypted.
According to Mr. Blech, this hack takes over the plane’s default Wi-Fi system, and the passenger then has access to every computer on the plane. They can then simply surf through emails (similar to Mr. Petrow’s experience) or, more maliciously, send the devices a redirect notice so malware is downloaded.
(Another hack, which is annoying but not harmful, is that many passengers can see what’s on every computer and phone screen in the plane just by getting up from their seat. “You can walk to the restroom and see everything,” Mr. Blech said.)
There are also commercially available hacking devices which can wreak havoc on flights. The Wi-Fi Pineapple, a wireless platform small enough to fit in an overhead storage bag, connects unsuspecting users to public airplane Wi-Fi, and then can spy on their browsing activity or open their files.
Airlines bear a good portion of the blame for giving hackers these backdoors. American Airlines recently filed a lawsuit against Gogo over the speed of its Internet (the suit was quickly dropped), but for Mr. Blech and other IT professionals the security of the service is the real problem.
“Gogo has not taken high level security measures,” Mr. Blech said. “The pressure should be on them. This is far more serious than in your home, because there are 200 or 300 people at once.”
The encryption software offered for many computers and cell phones is also lacking. In his article Mr. Petrow advises readers to use the built-in encryption features on their phones, but Mr. Blech said this is not enough to stop airborne hacks.
“If you disable BitLocker (the encryption program on Windows phones) you can decrypt everything,” Mr. Blech said. “It’s the Walmart or Best Buy option, but it’s nothing against a sophisticated hacker.”
There are easy ways to protect yourself, however—first and foremost, by not using public airplane Wi-Fi for private correspondence.
“Don’t do serious or sensitive things that you wouldn’t want someone to read on a plane,” Mr. Blech said. “This is not a normal person, this is a hacker who can pick up information.”
Mr. Blech said having secure Wi-Fi connections on and off the ground is more important than ever at a time when Apple is battling the federal government over encryption.
“I think it should be on everybody’s mind,” Mr. Blech concluded. “The danger is not going down, it’s further ascending.”
Find the original article here.