For years I really enjoyed working on my laptop on a plane. Without WiFi I was disconnected from the barrage of emails and IM’s. I enjoyed uninterrupted deep thought, planning, and personal reflection free of distractions. Unfortunately, Wi Fi is now the norm on most planes. My cross-country jaunts are punctuated by emergency requests, direct messages (DM’s) and instant messages (IMs). With this last bastion of non-connectivity gone, should I have cybersecurity concerns? Is WiFi at 40,000 feet safe?
Unfortunately, the answer is no, it is definitely not safe! Recent federal advisories highlight critical cybersecurity risks associated with in-flight Wi-Fi. Recent howto articles have shown how easy it is to stand up a rogue WiFi access point (AP) on a plane and co-opt unsuspecting travelers into connecting to this person-in-the-middle attack even at 40,000 feet in the air! Let’s explore these risks and what you can do to protect yourself.
Understanding the Risks of Airplane Wi-Fi
Airplane Wi-Fi, while allowing passengers to stay connected, exposes them to various risks. According to the federal advisory issued in July 2024, the primary concern is that in-flight Wi-Fi networks are often unencrypted, making it easy for malicious actors to intercept communications between passengers and the Internet. Secondly, cheap networking equipment can easily stand up rogue, malicious Wi-Fi networks for unsuspecting passengers to connect to. Finally, weak network security configurations, shared access points, and a lack of robust authentication methods compound these risks.
Common Risks from Airplane Wi-Fi Networks:
- Man-in-the-Middle Attacks: Hackers can intercept communication between your device and the network, gaining access to sensitive data such as passwords, personal information, or as reported by the Federal Aviation article, your credit card.
- Malware Infections: Rogue Airplane Wi-Fi networks could deliver malware to your machine, infecting your device(s) while allowing you to browse the Internet.
- Lack of Encryption: Most airplane networks don’t enforce strong encryption standards, exposing your unencrypted communications in transit to eavesdropping.
- Device Vulnerabilities: many travelers have unpatched systems with all ports and protocols enabled and listening putting their devices at risk to attacks by other travelers.
Why Legitimate Airplane Wi-Fi Networks are an Easy Target
In-flight Wi-Fi is a shared public network, which means that once connected, all passengers’ devices are visible to each other. This makes it easier for malicious actors to identify and target vulnerable devices. Compounding this openness is the fact that most travelers fail to implement proper security measures such as a VPN, leaving their data wide open for theft.
Moreover, airlines prioritize convenience and speed over robust security protocols. As a result, many networks lack the sophisticated encryption and authentication standards you’d expect from a secure network. This lack of protection creates fertile ground for cybercriminals.
Why Rogue Airplane Wi-Fi is Even More Dangerous
Connecting to a rogue access point on an airplane puts your equipment at risk of a person-in-the-middle (PITM) attack. Hackers have been caught standing up fake Wi-Fi networks, and scanning all traffic passed through the Fake WiFi network for sensitive data to steal, while forwarding it on to the legitimate airline Wi-Fi network. Unsuspecting passengers are open to a host of additional risks when connected in this fashion.
Steps to Protect Yourself on all In-Flight Wi-Fi
Even though the risks are real, there are ways to reduce your exposure. Consider the following precautions when using airplane Wi-Fi:
- Use a VPN: Virtual Private Networks (VPNs) encrypt your data, making it difficult for anyone to intercept or monitor your online activities.
- Hard-Code your Domain Name Services (DNS) to a trusted source. Many VPN services come with trusted DNS providers to protect you from fake IP Address information that could be provided by a rogue WiFi network paired to fake DNS services. Simple Terms: if you ask to go to Facebook.com on a rogue Wi-Fi network, the hacker may provide a lookalike website for Facebook that steals your Facebook login credentials before forwarding you on to the legitimate website and logging you in without your knowledge.
- Avoid Sensitive Transactions: Refrain from logging into banking apps, checking sensitive emails, or making purchases that require your credit card details while on in-flight Wi-Fi.
- Update Software and Devices: Ensure that your devices have the latest software updates and security patches installed. Outdated systems are easier to exploit.
- Enable Two-Factor Authentication (2FA): Activate 2FA on important accounts, such as email or banking, to add an extra layer of protection even if your credentials are compromised.
- Turn Off File Sharing, BlueTooth, and AirDrop: Disable any sharing services, Bluetooth, or AirDrop features to prevent accidental data transfers to malicious devices.
Airline Wi-Fi of the Future?
The federal advisory suggests that airline companies should strengthen the security of their in-flight networks, and passengers should remain alert. Moving forward, airlines will need to adopt stronger encryption protocols, implement multi-factor authentication for network access, and monitor for rogue access points and alert personnel on the plane to investigate, and monitor for additional emerging security threats.
In the meantime, passengers must prioritize their own security when flying, keeping in mind that public Wi-Fi—whether on a plane or elsewhere—presents inherent risks.
Conclusion
For travelers who wish to stay connected at 40,000 feet you must recognize the associated cybersecurity risks. With man-in-the-middle attacks, malware infections, and unencrypted data transfers, in-flight Wi-Fi poses numerous threats to your personal and business information. By taking appropriate precautions, such as using a VPN, avoiding sensitive transactions, and keeping devices updated, you can better protect yourself from the Wi-Fi dangers.
Fly high, stay wise—protect your data and avoid costly surprises.