Hackers fly too

Tim Stackpool looks at the safety of in-flight internet access as more and more airlines add internet availability to their offering.

The 21st Century miracle of in-flight internet access comes with its own online security issues.

More and more airlines are adding the ability to keep in touch via the internet while flying at 30,000 feet. While this is cool to have, the technology is constantly developing, and the systems often use a combination of ‘air-to-ground’ services, where the flight connects to towers located on the ground for access, or ‘air-to-orbit’ which uses satellite communication.

You can guess which service will be used depending on the flight path of your journey. On board Wi-Fi is becoming standard with flights where your own device is used for accessing the inflight entertainment (it’s wise to download the appropriate airline’s app before take-off), but accessing the internet while over the Atlantic takes even more clever technology.

Leaving aside the stories of hackers accessing the flight navigation telemetry and other flight deck services via the entertainment system, opportunistic hackers are attempting to take advantage of passengers naively thinking their in-flight internet browsing is secure.

Most passenger hacking attempts are fairly unsophisticated and generally play on creating confusion as to which network is the official in-flight service. A hacker can use a device, resembling a mere USB stick, which behaves as if it is a Wi-Fi hotspot. Sitting amongst other passengers, the hacker gives the phoney hotspot a name such as ‘free inflight Wi-Fi’ or ‘skywide internet access.’  This may fool other passengers into immediately or automatically connecting, especially after a few complimentary gin and tonics. The hacker routes the real internet access via their hotspot, so the user generally suspects nothing, but then surreptitiously collects your browsing data and any password or user names entered during the flight. After which, your information can be used to compromise your email, Facebook or your online banking access.

To be safe, always check on the official way of connecting to the in-flight internet service. This is usually explained in the inflight magazine or via an announcement by the flight attendants. Some airlines use a particular app, but most have you log in (and purchase) via a website that appears when you first access the service. Again pay particular attention that you are using the official log-in page, and not a clever mocked-up version (that might even include the airline’s logo) created and used by an on-board hacker.

Another way to improve safety is to use auto-fill for your various usernames and passwords. Although this can be unpopular due the vulnerability of access to your accounts should your laptop or device be stolen, not having to actually type your usernames and passwords in-flight means the hacker has no critical keystrokes to collect, as the auto-fill function encrypts the information as it is entered.

Even when travelling on business, we sometimes let our guard down, but these are the same type of precautions you should also follow on the ground with regular internet use.

Whenever using unfamiliar or irregular internet services, think twice about doing online banking or fund transfer activities, particularly via websites other than using dedicated apps, and report any suspicious account behaviour immediately to your bank. Nothing can ruin a trip more than discovering you were hacked even before you touched down at your destination.

Separate to security, if you or the boss fly often, the cost of the in-flight internet service can sometimes be minimised by pre-buying the service before take-off. You’ll need to know what service your airline uses (there aren’t a whole lot), but the major providers have better deals than the ad-hoc user, and some even extend the service for use on the ground, which can be a good saving over global roaming.

About the Author:
Techno expert Tim is technology writer for Executive PA Magazine. He can be heard on talk radio Australia-wide each week and is a tech presenter speaking at conferences and trade shows about technology’s impact on work and lifestyle