Hacking at 36,000 Feet: The Ease of Spying On the Person in Seat 2B

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Flying from New York to San Francisco last week, I had the opportunity to check out the wifi service on the plane. The service, provided by GoGo, was quite good. The log-in was easy and the communication speed was rather impressive – much faster, in fact, than in my hotel room that night!

As with most public wifi, paid or not, the service was unencrypted. The Terms and Conditions, which I read only out of professional interest, state:

“Gogo does not provide encryption between our in-flight Wi-Fi access point and your computer. You should be aware that data from un-encrypted Wi-Fi connections can be captured by technically advanced means. If you have a VPN, Gogo recommends that you use it for greater security.”

[This excerpt has been slightly edited from the original legal-ese for clarity.]

This is a pretty standard disclosure – we make a practice of collecting them for a section in our blog titled “Read the Fine Print.

I would, however, take issue with the assertion that it takes “technically advanced means” to hack into public wifi. In fact, there are many tools that are available free on the Internet to do just that. Some are intended for legitimate use by network administrators, whereas others are clearly intended for hackers. Some require no technical knowledge at all.

These tools can be used to follow all the communication for a particular user, or even record all the traffic from all users on the wifi network for later analysis (e.g., to scan for something that looks like a credit card or Social Security number).

But, as my interest was purely curiosity, I used a tool that just lists the names of the websites that people are visiting.

So what are people doing on the Internet at 36,000 feet?

Well, it is not quite as titillating as other wifi sites we have investigated, in hotels, conventions, and parks. Most is pretty much the same as less-lofty environments: accessing Google Apps, checking Facebook, sending or receiving Tweets, etc. A lot of people were relaxing, reading People online, accessing ESPN, or on a Disney site. One was shopping for SCUBA equipment and another was looking for a home-builder. One person was accessing a site called Gravity.com, which provides content personalized to each individuals’ interests. I wondered what those might be, but did not pursue it further.

Others, of course, were more focused on their job. It seemed to be a very marketing-oriented group, as several were accessing various tools for analyzing visitors to websites. One of these tools, ironically, brags that they are rated “50 out of 50” for “privacy,” including a top-rating of 20 for “anonymity.” (Both hackers and marketing types are becoming equally adept at de-anonymizing network traffic, so I took that with a rather large grain of salt.)

Finally, I saw someone ordering flowers from FTD.com. It made me wonder whether he was sending them to the woman who he had just left, or the one that he was about to visit!

Since inflight wifi was first announced, I have had this rather intriguing image of a hacker sitting in the cheapest Economy seat listening into all the business communication emanating from First Class. Clearly, that is quite possible.

And, as my wife points out, one consequence could be that on the return flight, their seating positions are reversed…

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Kent Lawson

Kent Lawson is the CEO & Chairman of Private Communications Corporation and creator of its flagship software PRIVATE WiFi. He combined his extensive business and technical experience to develop PRIVATE WiFi in 2010. The software is an easy-to-use Virtual Private Network (VPN) that protects your sensitive personal information whenever you’re connected to a public WiFi network. Follow Kent on Twitter: @KentLawson.