The Perils of Wifi on Planes

Fortune recently published an article listing the airlines with the best in-flight wifi service. Coming in at the top of the list with the most onboard wifi connections globally were 3 American carriers: Delta, United, and American Airlines, respectively. But what defines best? Security is clearly not part of the equation, as one journalist famously discovered last week on a domestic American Airlines flight. But then again, if we're talking about wifi and commercial aircraft, all airlines get a failing grade.

The incident poses some long overdue questions regarding wifi and air travel, specifically—what will it take to secure the giant, passenger-carrying wifi hotspots that are today's modern commercial aircraft? As you may recall, security researcher Chris Roberts was detained by the FBI and subsequently banned from all United flights last year for the following in-flight tweet:

Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ?  Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)
— Chris Roberts (@Sidragon1) April 15, 2015

The issue of in-flight wifi and entertainment systems intermingling with mission-critical avionics systems has been discussed in-depth since then. But what about the security of passengers using in-flight wifi to simply check email or surf the web? This question came to light prominently a few days ago when journalist Steve Petrow was hacked in mid-air while—interestingly enough—working on a story covering the Apple/FBI data privacy showdown. He recounts his experience to USA Today, detailing how a hacker on the same flight intercepted the data of virtually everyone using the in-flight wifi service. For those intent on stealing data transmitted over in-flight wifi, commercial airline flights are rife with opportunity. 

In fairness, all airlines offering in-flight hotspots get a failing grade for wifi security, not just the aforementioned triumvirate of U.S. air carriers. This has less to do with the specifics of in-flight data security, per se, and more with the fact that wifi was never designed for security. 

The more important and difficult question is not why, but how—that is, how can companies not just survive, but thrive in a landscape of digital threats?

But what makes the dangers of in-flight wifi different than those of a Starbucks hotspot? Wifi/avionics co-mingling aside, the unique qualities of mass transit and commercial air travel give hackers a plethora of high-value, low-hanging fruit. Despite delineations per seating area, first/business/economy class passengers share the same in-flight wifi connection. So while it's highly unlikely that you'd find yourself sharing a wifi hotspot with Tim Cook at the local Peet's Coffee, it's entirely possible that you could be sharing a wifi connection with a CEO/board member/insert-dignitary-here seated in first class—including Mr. Cook, on any given flight.

So until in-flight wifi (and wifi technology at large) becomes more secure, the best defense is still personal vigilance. When connecting to a public hotspot—midair or otherwise—use VPN to encrypt the data channel. Avoid connecting to unknown networks and always be on the alert for fake hotspot "honeypots" set up by hackers. Last but not least, plan/prepare accordingly for security compromises that are bound to happen. Here at UpGuard, we're staunch proponents of digital resilience. It's likely that you'll suffer a data breach at some point, whether it be on a flight, at home, or in your office. The key is therefore managing the risks/rewards of digitization to both survive inevitable data breaches and thrive in an increasingly harsh cyber threat landscape.


Reviewed by
No items found.

UpGuard logo in white
UpGuard free resources available for download
Learn more

Download our free ebooks and whitepapers

Insights on cybersecurity and vendor risk management.
UpGuard logo in white
eBooks, Reports & Whitepapers
UpGuard free resources available for download
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Abstract shapeAbstract shape

Related posts

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Abstract shapeAbstract shape
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan ratingAbstract shape