A Mile-High Hack
(reprinted from the Metro Spirit 03-01-16)
The meeting went long, too long if you ask my opinion, but we ended up getting everything that we needed to continue the project. Believe it or not, I’m looking forward to the trip home. The San Jose to Atlanta flight should give me enough time to catch up on email and do some birthday shopping. A year ago, I’m not sure if any carrier had Wi-Fi during their flights. Now, it seems like they all do. It’s a nice touch…
The popularity of in-flight Wi-Fi has skyrocketed. With virtually everyone carrying a mobile device, the airlines were a great big dead spot. Services such as GoGo wireless and Global Eagle Entertainment have filled this coverage gap. The airlines are quick to point out these services when trying to differentiate service.
Last month, my family flew to Denver on Southwest Airlines. Like most airlines, Southwest provides Internet access for a fee ($8). Of course, this Internet access isn’t the greatest – Southwest utilizes satellite-based communications that limit bandwidth to 40 Mbps per plan – but it’s good enough for email and Facebook. In addition, Southwest provides a number of free services, including 19 channels of live TV and on-demand streaming of other TV episodes. The in-flight Wi-Fi proved extremely effective in keeping my kids and, more importantly, my wife entertained during the 3-1/2 hour flight.
I have to admit, it was tempting to close the Word document I was editing and watch a movie. But in the end, I decided to keep the Wi-Fi of my work laptop turned off. If you need an explanation, look no further than Steven Petrow, a columnist for USA Today.
On a flight from Dallas to Raleigh, Mr. Petrow used the in-flight Wi-Fi to send and receive email. In particular, Mr. Petrow was writing a column on how the Apple/FBI case impacted ordinary American citizens, and he emailed some notes on the story. At the end of the flight, another passenger on the flight approached Mr. Petrow. This passenger asked Mr. Petrow if he was interested in the Apple/FBI case, and then divulged that he read all of the emails that Mr. Petrow sent. What’s more, this passenger read the email of many other folks on the flight.
The personal attachment we have with our mobile devices provides a sense of privacy. However, this sense of privacy is an illusion when connecting to an in-flight Wi-Fi system, or any other public and unencrypted Wi-Fi service. All information transmitted over these services is capable of being captured and recorded. The software used to record wireless traffic is freely available. Before connecting to any public Wi-Fi, go ahead and assume that someone is recording your connection.
In-flight Wi-Fi also suffers from a more problematic concern. Secure Socket Layer (SSL) encryption is a common technique used to protect data when transmitted over an unsecure link. (If you see “https” in your browser address bar, your browser is using SSL.) When implemented correctly, the transmission can only be read by the intended destination. However, in-flight Wi-Fi service providers may “spoof” SSL connections for various purposes (Search on “GoGo SSL proxy” if you want to read more). Also, a nefarious passenger with some inexpensive hardware could spoof the on-board Wi-Fi completely and trick others into connecting to a rogue hot spot. Either way, the encrypted connection is now compromised.
I often hear people say, “I don’t care if others can see what I’m doing…I don’t have anything on my phone that is worth protecting.” While that’s a very comforting sentiment, I believe it’s also very naïve. Privacy is about the protection of our personal space. The sensitivity of the information has little to do with it.
We all have stuff in our lives that is simply nobody else’s business. Unfortunately, we live in a time where it’s very easy for others to hack their way in. The tools and techniques exist to keep your business private, but ultimately, the responsibility is up to you to keep it that way.
Until next time,
To read the full USA today article:http://www.usatoday.com/story/tech/columnist/2016/02/24/got-hacked-my-mac-while-writing-story/80844720/