By Bev Robb, IT consultant
When you are 30,000 feet in the air and your flight offers Wi-Fi, are you really thinking about hacker Jon who is sitting in seat 44C? Probably not. Most people do not even consider that in-flight Wi-Fi is just like public Wi-Fi at a coffee shop. When you purchase time on an in-flight wireless network, your credit card transaction is encrypted. Once the transaction is complete, your laptop and devices are flying high in their birthday suits, again, if you do not take information security hygiene seriously. In the eye of a cybercriminal, in-flight Wi-Fi-gorging passengers are like a shiny tin of pungent tightly-packed sardines.
Though Wi-Fi may be one of the most sought-after amenities for business travelers, it may not be the best option for unsecured devices and laptops that harbor client data and company secrets. The hacker in seat 44C does not care who you are. You could be a traveling salesman, a marketing executive, or a feast-or-famine entrepreneur — when there is nothing insulating your devices from the hacker sitting in seat 44C, all bets are off.
Hackers have plenty of access to popular freeware hacking tools too, and if your devices are not protected, hacker Jon will capture all of your real-time browsing, your passwords, plunder your bank accounts, and eavesdrop on all of your communications. Never forget that identity and data theft are hot sellers on the black market — don’t become their next victim.
Wi-Fi access point insecurity
With most airline Wi-Fi providers there is no encryption between your device and the airplanes wireless access point. Even if you use a good VPN, it is still prone to disconnection. A word to the wise: Avoid working on sensitive company documents while on in-flight Wi-Fi and save your financial transactions for home.
Airlines also include advisories in their FAQs around in-flight VPN use. They will reference not being able to guarantee that the VPN will not be dropped or have intermittent losses of connectivity.
10 in-flight information security hygiene best practices
- Always verify the Wi-Fi network name.
- Use strong passwords.
- Keep all devices updated and protected.
- Turn off Bluetooth.
- Turn off Wi-Fi when not in use.
- Double check website addresses for https.
- Use a VPN service. This will deter sniffing and encrypts your traffic.
- Do not perform any online sensitive/financial transactions.
- When logging off from in-flight Wi-Fi be sure to forget the network.
- Turn off file sharing on laptops and use a good firewall.
Hackability of avionics
Earlier this year, while on a flight from Chicago to Syracuse, New York, security researcher Chris Roberts jokingly tweeted that he was accessing an in-flight network (to see if he could play with passenger oxygen masks). His sarcastic thigh-slapper quickly lit up social media as law enforcement and the feds eagerly waited for his plane to land.
Roberts initially sent out the tweet in response to a U.S. Government Accountability Office (GAO) report1 that implied passenger jets may be vulnerable to in-flight hacking. The report stated: “Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems.”
Since aircraft navigational systems are not windows-based and many use RTOS, a real-time operating system2 — they are not vulnerable to the same exploits as popular operating systems are. A Defcon 22 presentation demonstrates further that though a hacker could affect autopilot operations, it is highly doubtful that he or she could override the pilot. So for the moment, it appears that there is more hullabaloo than story here.
If you have to work on sensitive documents in-flight, encrypt all work files and store them on a thumb drive. Treat in-flight Wi-Fi like you would treat any public hotspot — proceed with caution.
1U.S. Government Accountability Office. AIR TRAFFIC CONTROL: FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen. GAO-15-370, 14 Apr. 2015. Web. 16 July 2015. <http://www.gao.gov/assets/670/669627.pdf>.
2Avionics. Real-Time Operating Systems: Versatility Plus Security. page 3. (2013) 16 July 2015. <http://www.dca.ufrn.br/~affonso/DCA_STR/trabalhos/rt-rtos/RTOS%20for%20avionics.pdf>
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.