How safe is inflight Wi-Fi?
-
So after some research on inflight Wi-Fi and a little experiment I ran while on my plane ride back from an Austin trip this weekend, I wrote my first InfoSec article on the security of inflight Wi-Fi. The results from my "experiment" were pretty shocking:
http://baypointetechnology.com/how-safe-is-inflight-wi-fi/ -
Note to self. Do not use inflight wifi. No reason. Bring my kindle and read a book only.
-
That is why I always use VPN when on public networks
-
Wouldn't the means to secure this be fairly trivial? I know Meraki has an option on their APs which isolates all clients on a wireless network so they can only talk to themselves and the gateway.
-
All public WiFi is the same. It's up to you to secure your traffic. It's just like any exposed ISP. Treat it as such as you are perfectly safe. You have to assume exposed ISP for safety no matter when or where you are.
-
I agree with Scott. I'll add that this article is a scare tactic for those that don't know any better. People who don't know better will (for no reason mind you) think their are perfectly safe while on the WIFI connection at Starbucks, but now be leery of using the WIFI on planes.
-
Article is good - a decent PSA reminder for those who forget
-
@Dashrender your totally right that yes its the same level of security that you get at Starbucks, but scare tactic? That definitely wasn't the intention when I wrote it, it was more so the focus of InFlight Wireless because it's a paid for service. An EXPENSIVE paid for service.
-
When I read the title I thought you meant safe as in plane-falling-out-of-sky safe heheh
-
Hotels, Resturants and most places are all like this. I personally have never let two device communicate on Guest wifi. But when when I use these with both a good firewall and using either ssl or a VPN it doesn't bother me too much. Sure SSL can be hacked but so can ANYTHING. I think assuming any network is secure is a bad idea.
-
Great article! I tweeted it and shared it on Facebook!
-
@Doughnut said:
@Dashrender your totally right that yes its the same level of security that you get at Starbucks, but scare tactic? That definitely wasn't the intention when I wrote it, it was more so the focus of InFlight Wireless because it's a paid for service. An EXPENSIVE paid for service.
Hello Doughnut,
I pay for my ISP at home and they offer the exact same level of protection that your in-flight WIFI offers, so I'm not really sure what the issue is here.
My concern with articles like this are the audience. A technical audience will already understand the likeliness that there is no security on this connection. i.e. no WPA
But the non technical reader will most likely just walk away from the service considering it insecure.
Perhaps scare tactic is over stating it, but without the direct comparison to your home service and/or service like that at Starbucks non technical people can walk away feeling this is somehow worse than other services they use.
I'll agree that the article is a good start, but really should include these other comparisons for a rounded non biased 'feeling' article.
-
My home ISP is the same too. They create a hot spot in your house that you don't control that is completely insecure. It's completely standard for all wifi services.
Paid WiFi is always insecure. Whether it is in an airplane, in an airport, in a hotel or whatever. Because they charge you AFTER you have connected they have no means of turning on security. So you know, before even looking, that there is no security. None at all.
Thankfully it has always been like this and will be for the foreseeable future and was solved long ago using tools like VPNs which allow us to bring out own security and never have to worry about whether or not there is an insecure link between us and the destination.
-
@scottalanmiller said:
My home ISP is the same too. They create a hot spot in your house that you don't control that is completely insecure. It's completely standard for all wifi services.
I've heard a lot of ISPs doing that especially Verizon saying they offer free hotspots accross the country to their customers, but it's a piggy back off other customers connections It's why we have always owned our own cable modem. Even though comcast keeps wanting me to upgrade since it's a Docsis 2.0 modem. Funny thing is even with the DOCSIS 2.0 I'm able to get speeds past the technical limits of DOCSIS 2.0 depending on the time of day etc.
-
Erm, so what are risks? I'm a complete novice when it comes to wifi (as you can probably tell).
Websites that transfer sensitive data always use HTTPS. Does that protect you?
E-mail uses SSL. Does that protect you?
And when you connect to a new wifi network, Windows will ask you if it is a public connection and will lock down certain things. Does that protect you?
What are the risks exactly? What does a VPN bring to the table that the above doesn't?
-
@Carnival-Boy said:
What are the risks exactly? What does a VPN bring to the table that the above doesn't?
HTTPS and any other "ssl'd" technology is technically a VPN itself. Just ad hoc, very limited ones.
-
OpenVPN, IMAP/S, HTTPS, FTPS all use the exact same tunneling technology.
-
@scottalanmiller said:
@Carnival-Boy said:
What are the risks exactly? What does a VPN bring to the table that the above doesn't?
HTTPS and any other "ssl'd" technology is technically a VPN itself. Just ad hoc, very limited ones.
The main issue comes when using sites that are "mixed zones" some content is brought in over HTTP while using and HTTPS (SSL) connection. Some would only use the SSL for Authentication and then display content using HTTP. No big deal if it's just web ads but if it's your email etc it is. You shouldn't find too many still doing this today but, I'm sure there are some. A unsecured content warring should appear in most browsers.
-
@Carnival-Boy Several years ago there was a plug in for Firefox called Firesheep. This plug in allowed you to see different logons that were happening on an insecure wifi connection. Firesheep is what got Facebook and several other social media sites to move all of their services off HTTP and over to HTTPS.
You're correct that as long as you are using an SSL'ed something or other, VPN will offer very little additional protection. The main thing it provides you is that whomever you are using to connect to the internet, inflight WiFi or Starbucks, etc, these people won't know what sites you're using and you could bypass filtering they have in place.
An example might be, the inflight WiFi services normally don't allow you to stream Netflix. If you use a VPN that supports Netflix you can bypass the filters the airline put in place and still stream Netflix. -
@Dashrender said:
An example might be, the inflight WiFi services normally don't allow you to stream Netflix. If you use a VPN that supports Netflix you can bypass the filters the airline put in place and still stream Netflix.
Like the OpenVPN I have set on my Ubiquiti EdgeMax router at the house. So my daughters can watch Netflix while in Japan
