Why in-flight wifi isn’t as safe as you think: Passenger’s emails hacked by fellow traveller while using exposed connection

5

A newspaper columnist and author has exposed serious flaws in aeroplane wifi after a fellow passenger hacked into his laptop computer and read his emails on a recent flight.

Steven Petrow said he learned of the security breach from the hacker after he used Gogo wifi on an American Airlines flight from Dallas to Raleigh, North Carolina in mid-February.

Petrow, who writes for USA Today and the Washington Post, was astonished that someone was able to infiltrate his email account.

 

In a column for USA Today, he wrote that the hacker, who was seated in the row behind him, approached him after the plane had landed.

1

The man knew Petrow was a reporter and later told him as they walked through the terminal that he was working on a story about the US government’s attempt to force Apple to unlock an iPhone belonging to one of the San Bernardino shooters.

The man told him he hacked his email and read every message he sent and received, and he did it to most passengers on the flight, possibly as they revealed their financial information or personal details.

American Airlines’ wifi service is offered by Gogo, the biggest on-board wifi provider in the US with nearly a dozen international clients, including Air Canada, Japan Airlines, United Airlines and Virgin Atlantic.

MailOnline has contacted Petrow and Gogo for comment.

In light of Petrow’s experience, Andrew Ferguson, editor at London-based thinkbroadband.com, said in-flight wifi is similar to a public hotspot and passengers should always assume that someone will be able to see their data.

Ferguson told MailOnline Travel: ‘This problem is something not unique to just in-flight wifi, but to any public wifi network that is not encrypted.

‘This also highlights the fact business users should be much more pro-active in using encrypted email options, which have been around for many years.’

Ferguson said public wifi networks often operate with no security options so that users can see the network and sign up easily, but the downside is their traffic is not protected like it is at home.

He said: ‘This ultimately means someone with a desire to do so has the potential to watch for unencrypted traffic.

‘On a plane, this is made even easier as there will be less interference from competing wifi networks and the volume of traffic much lower, so spotting something juicy is rather simple.’

Ferguson said passengers should use a virtual private network to encrypt their traffic.

Gary Newe, technical director at F5 Networks, echoed Ferguson’s advice, but said even with a VPN he still wouldn’t connect to his bank or tax services.

He said: ‘Ultimately, you just don’t know how safe a public wifi hotspot is.

2

‘Never connect to your bank or other personal sites when using a wifi hotspot, unless you have a secure VPN you can use.

‘This way anyone who is able to eavesdrop on your connection won’t be able to see any of the details such as credit card information or email correspondence.’

In its privacy policy, Gogo said it does not provide an encrypted channel for its users once they connect and it cannot ensure the security of any information they send.

It recommends that passengers use a VPN for greater security and avoid accessing or sending sensitive or private information over an unencrypted connection.

The privacy policy warns: ‘You should be aware … that data packets from un-encrypted Wi-Fi connections can be captured by technically advanced means when they are transmitted between a user’s device and the Wi-Fi access point.

‘You should therefore take precautions to lower your security risks.’

It suggests users turn off file sharing and ensure that laptops have a personal firewall and other protections against malware.