Frequent fliers and international travelers are well familiar with these seatback devices (i.e., in-flight entertainment consoles) that serve as the only connection to the outside world while cruising at 30,000 feet. Soon, however, wifi on commercial flights will be generally available, rendering these devices obsolete—at least to the average laptop-toting flyer. This raises a series of concerns around their future obsolescence and resulting security gaps, as well as the potentially grave consequences of compromised wifi networks on planes.
This post is in fact being brought to you courtesy of in-flight wifi. Having just woken up, my guess is that we’re somewhere over the North Pacific, midway between the West Coast of the United States and Japan, en-route to Taiwan. A quick look at the seatback lets me know that my estimates are way off.
Thanks for the play-by-play, Airline. Now get us there in one piece.
Point being, it’s great to know that we’re a lot closer to arrival than expected—but having this knowledge doesn’t get us there any quicker. And how segregated are these systems in the first place? Critical systems that provide flight data to pilots—and now passengers—are in both close physical and digital proximity to those that provide wifi. And as renowned IT security expert Chris Roberts demonstrated back in April, these systems are in fact not secure. Furthermore, disclosing this information can land you in hot water—check out The Ongoing Perils of In-Flight Wifi for more regarding this story.
What amenities and allowances are worth the risk? Arguably none—at least when it comes to air travel. The airline industry’s longstanding ban on in-flight mobile phone usage presumably supports this notion, so it’s surprising that in-flight wifi has been rolled so quickly and—some experts say—injudiciously.
"Cell phones and wireless devices such as laptops represent a different concern. They emit active transmissions on the electromagnetic spectrum, which is used by devices that include phones, radios and Wi-Fi networks. But the FCC divided the spectrum into different chunks for different uses, and so a cell phone call should not interfere with the bands reserved for aircraft communications or GPS navigation systems."
— The Real Reason Cell Phone Use Is Banned on Airlines, LiveScience.com
As it stands, mobile use is still prohibited during flight. So why am I permitted to use this highly-vulnerable technology to craft a post in mid-air, even as infosec professionals warn of its dangers? Because people get bored during long flights and wifi is a lucrative revenue stream for airlines. Louis CK’s famous bit “Everything’s Amazing and Nobody’s Happy” puts the issue into perspective quite nicely:
“Did you partake in the miracle of human flight, you non-contributing zero?! You got to fly! It’s amazing! Everybody on every plane should just constantly be going ‘Oh my God! Wow!’ You’re flying! You’re sitting in a chair, in the sky!”
In our latest podcast, we had an in-depth conversation with Phil Bosua and Phil Kearney from Soraa regarding the dangers of ill-conceived wifi integrations. An expert on wifi and networking technologies, Kearney was responsible for developing all of Apple products’ Wi-Fi, Bluetooth, Ethernet, modem & 3G technologies.
The problem that you have now is that you have incumbents that have no domain knowledge, and that’s why stuff like the tweeting fridge happens. The fellas that make fridges— what do they know? They know compressors and they know insulation. That’s what they know, and they know a bunch of mechanical engineers that sit around and figure out the way to put the most stuff in there. They’re not software guys, they’re not networking guys.”
Granted, he's referring to the recent Twitter-enabled Samsung refrigerator hacks, but arguably the same can be said about aircraft and wifi networks. And when wifi becomes a free in-flight amenity across the board, seatback units will invariably head towards obsolescence—which presents another critical security concern. Remember that deprecated server or forgotten switch in the datacenter that was compromised because IT didn’t care enough to patch it?
When it comes to technology, alluring benefits tend to overshadow related security concerns. Businesses and consumers alike are quick to embrace innovation, giving little thought to what risk exposure they are taking on. This is changing, however: the rising, ongoing threat of cyber attacks is giving way to a more security-conscious public. Unfortunately, some lessons are hard learned through catastrophe, and in this case it seems we’ve forgotten lessons learned from previous tragedies all too quickly. One hopes the airline industry can pre-empt future disasters through the enforcement of tighter security controls—physical and digital—even if it means limiting or removing certain amenities.
What amenities are you willing to forego for the sake of security?
How CSTAR Works What's In the Website Risk Grader? Understanding Risk in the 21st Century
So how do events like 000webhost's massive data breach involving free web hosting providing 000webhost transpire? In a word, negligence. Gross negligence, to be precise.
Read Blog >
Access to free vulnerability assessment should be a basic right in a world where computing is integral to social and economic life. For our part, we're offering our full product, including vulnerability assessment, free forever for a user's first ten machines.
Read Blog >
Even today, the risk of data breaches in particular threaten to hamper business innovation. So what is cyber risk, and what can be done about it?
Read Blog >