ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    How safe is inflight Wi-Fi?

    Self Promotion
    infosec
    11
    21
    4.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DoughnutD
      Doughnut
      last edited by

      So after some research on inflight Wi-Fi and a little experiment I ran while on my plane ride back from an Austin trip this weekend, I wrote my first InfoSec article on the security of inflight Wi-Fi. The results from my "experiment" were pretty shocking:
      http://baypointetechnology.com/how-safe-is-inflight-wi-fi/

      1 Reply Last reply Reply Quote 2
      • Minion QueenM
        Minion Queen Banned
        last edited by

        Note to self. Do not use inflight wifi. No reason. Bring my kindle and read a book only.

        1 Reply Last reply Reply Quote 1
        • IRJI
          IRJ
          last edited by

          That is why I always use VPN when on public networks

          1 Reply Last reply Reply Quote 2
          • coliverC
            coliver
            last edited by

            Wouldn't the means to secure this be fairly trivial? I know Meraki has an option on their APs which isolates all clients on a wireless network so they can only talk to themselves and the gateway.

            1 Reply Last reply Reply Quote 2
            • scottalanmillerS
              scottalanmiller
              last edited by

              All public WiFi is the same. It's up to you to secure your traffic. It's just like any exposed ISP. Treat it as such as you are perfectly safe. You have to assume exposed ISP for safety no matter when or where you are.

              1 Reply Last reply Reply Quote 2
              • DashrenderD
                Dashrender
                last edited by

                I agree with Scott. I'll add that this article is a scare tactic for those that don't know any better. People who don't know better will (for no reason mind you) think their are perfectly safe while on the WIFI connection at Starbucks, but now be leery of using the WIFI on planes.

                DoughnutD 1 Reply Last reply Reply Quote 1
                • MattSpellerM
                  MattSpeller
                  last edited by MattSpeller

                  Article is good - a decent PSA reminder for those who forget

                  1 Reply Last reply Reply Quote 0
                  • DoughnutD
                    Doughnut @Dashrender
                    last edited by

                    @Dashrender your totally right that yes its the same level of security that you get at Starbucks, but scare tactic? That definitely wasn't the intention when I wrote it, it was more so the focus of InFlight Wireless because it's a paid for service. An EXPENSIVE paid for service.

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • MattSpellerM
                      MattSpeller
                      last edited by

                      When I read the title I thought you meant safe as in plane-falling-out-of-sky safe heheh

                      1 Reply Last reply Reply Quote 2
                      • ?
                        A Former User
                        last edited by

                        Hotels, Resturants and most places are all like this. I personally have never let two device communicate on Guest wifi. But when when I use these with both a good firewall and using either ssl or a VPN it doesn't bother me too much. Sure SSL can be hacked but so can ANYTHING. I think assuming any network is secure is a bad idea.

                        1 Reply Last reply Reply Quote 0
                        • thanksajdotcomT
                          thanksajdotcom
                          last edited by

                          Great article! I tweeted it and shared it on Facebook!

                          1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @Doughnut
                            last edited by

                            @Doughnut said:

                            @Dashrender your totally right that yes its the same level of security that you get at Starbucks, but scare tactic? That definitely wasn't the intention when I wrote it, it was more so the focus of InFlight Wireless because it's a paid for service. An EXPENSIVE paid for service.

                            Hello Doughnut,

                            I pay for my ISP at home and they offer the exact same level of protection that your in-flight WIFI offers, so I'm not really sure what the issue is here.

                            My concern with articles like this are the audience. A technical audience will already understand the likeliness that there is no security on this connection. i.e. no WPA

                            But the non technical reader will most likely just walk away from the service considering it insecure.

                            Perhaps scare tactic is over stating it, but without the direct comparison to your home service and/or service like that at Starbucks non technical people can walk away feeling this is somehow worse than other services they use.

                            I'll agree that the article is a good start, but really should include these other comparisons for a rounded non biased 'feeling' article.

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              My home ISP is the same too. They create a hot spot in your house that you don't control that is completely insecure. It's completely standard for all wifi services.

                              Paid WiFi is always insecure. Whether it is in an airplane, in an airport, in a hotel or whatever. Because they charge you AFTER you have connected they have no means of turning on security. So you know, before even looking, that there is no security. None at all.

                              Thankfully it has always been like this and will be for the foreseeable future and was solved long ago using tools like VPNs which allow us to bring out own security and never have to worry about whether or not there is an insecure link between us and the destination.

                              ? 1 Reply Last reply Reply Quote 1
                              • ?
                                A Former User @scottalanmiller
                                last edited by

                                @scottalanmiller said:

                                My home ISP is the same too. They create a hot spot in your house that you don't control that is completely insecure. It's completely standard for all wifi services.

                                I've heard a lot of ISPs doing that especially Verizon saying they offer free hotspots accross the country to their customers, but it's a piggy back off other customers connections It's why we have always owned our own cable modem. Even though comcast keeps wanting me to upgrade since it's a Docsis 2.0 modem. Funny thing is even with the DOCSIS 2.0 I'm able to get speeds past the technical limits of DOCSIS 2.0 depending on the time of day etc.

                                1 Reply Last reply Reply Quote 0
                                • C
                                  Carnival Boy
                                  last edited by

                                  Erm, so what are risks? I'm a complete novice when it comes to wifi (as you can probably tell).

                                  Websites that transfer sensitive data always use HTTPS. Does that protect you?

                                  E-mail uses SSL. Does that protect you?

                                  And when you connect to a new wifi network, Windows will ask you if it is a public connection and will lock down certain things. Does that protect you?

                                  What are the risks exactly? What does a VPN bring to the table that the above doesn't?

                                  scottalanmillerS 1 Reply Last reply Reply Quote 1
                                  • scottalanmillerS
                                    scottalanmiller @Carnival Boy
                                    last edited by

                                    @Carnival-Boy said:

                                    What are the risks exactly? What does a VPN bring to the table that the above doesn't?

                                    HTTPS and any other "ssl'd" technology is technically a VPN itself. Just ad hoc, very limited ones.

                                    ? 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller
                                      last edited by

                                      OpenVPN, IMAP/S, HTTPS, FTPS all use the exact same tunneling technology.

                                      1 Reply Last reply Reply Quote 0
                                      • ?
                                        A Former User @scottalanmiller
                                        last edited by

                                        @scottalanmiller said:

                                        @Carnival-Boy said:

                                        What are the risks exactly? What does a VPN bring to the table that the above doesn't?

                                        HTTPS and any other "ssl'd" technology is technically a VPN itself. Just ad hoc, very limited ones.

                                        The main issue comes when using sites that are "mixed zones" some content is brought in over HTTP while using and HTTPS (SSL) connection. Some would only use the SSL for Authentication and then display content using HTTP. No big deal if it's just web ads but if it's your email etc it is. You shouldn't find too many still doing this today but, I'm sure there are some. A unsecured content warring should appear in most browsers.

                                        1 Reply Last reply Reply Quote 1
                                        • DashrenderD
                                          Dashrender
                                          last edited by

                                          @Carnival-Boy Several years ago there was a plug in for Firefox called Firesheep. This plug in allowed you to see different logons that were happening on an insecure wifi connection. Firesheep is what got Facebook and several other social media sites to move all of their services off HTTP and over to HTTPS.

                                          You're correct that as long as you are using an SSL'ed something or other, VPN will offer very little additional protection. The main thing it provides you is that whomever you are using to connect to the internet, inflight WiFi or Starbucks, etc, these people won't know what sites you're using and you could bypass filtering they have in place.
                                          An example might be, the inflight WiFi services normally don't allow you to stream Netflix. If you use a VPN that supports Netflix you can bypass the filters the airline put in place and still stream Netflix.

                                          JaredBuschJ 1 Reply Last reply Reply Quote 1
                                          • JaredBuschJ
                                            JaredBusch @Dashrender
                                            last edited by

                                            @Dashrender said:

                                            An example might be, the inflight WiFi services normally don't allow you to stream Netflix. If you use a VPN that supports Netflix you can bypass the filters the airline put in place and still stream Netflix.

                                            Like the OpenVPN I have set on my Ubiquiti EdgeMax router at the house. So my daughters can watch Netflix while in Japan 😉

                                            DashrenderD 1 Reply Last reply Reply Quote 2
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post