From takeoff to landing, the U.S. Federal Aviation Administration and its counterpart in the European Union have cleared the use of computers and mobile devices, though flyers will still be prohibited from using onboard Wi-Fi and from sending and receiving text messages, calls, and emails during takeoff and landing.
Obviously, once in the air, travelers have for some time been allowed to connect to onboard Wi-Fi networks. It is likely however that this relaxing of rules will spur more people to connect to those networks than currently do, causing us to wonder, how safe is in-air Wi-Fi in the first place?
One of the first things I remember learning about Internet security is that you never, ever connect to an airport wireless network. At this point, I feel like most remotely cautious Internet users are aware of the dangers of airport Wi-Fi. So, if Airport Wi-Fi is so toxic, then why would airline Wi-Fi be any less so?
We reached out to Kaspersky Lab’s principle security researcher, Kurt Baumgartner, to see what he thought about the danger’s of onboard Wi-Fi.
He had the following to say:
A variety of possible security challenges present themselves with Wi-Fi itself. There are many current attack techniques for Wi-Fi access points and in turn all of the devices connecting to them, so simply connecting to Wi-Fi in the air can expose your communications to badly motivated passengers that are situated close to you.
And knowing that not all of these devices can be immediately upgraded by the airlines as inevitable vulnerabilities are discovered, there may be extended periods of time with vulnerable software and devices maintained on planes. It’s not always easy for airlines to quickly upgrade software and hardware as needed on planes in between flights.
And just as with the USB jacks on some airlines, some of these networks may not be designed with proper separation of resources, enabling disruptions for the entertainment systems, in what the attendants are communicating, or more.
I think we can all agree that the in-flight prohibitions on electronic devices are at least little bit ridiculous, annoying, and inconvenient. In general however, wireless- and Bluetooth-based attacks are significantly easier to perform when an attacker is close to his target.
More concerning perhaps is that there are a lot of smart people out there. I’m talking about the researchers we cover here and other people cover on sites similar to this one every day. The guys that present at Black Hat and other prominent security conferences. These guys can hack cars. They hack embedded medical devices. I’ve written at least one report about hacking commercial airplanes.
All of these attacks are remote, but only from a close distance, like, I don’t know, from the first class cabin to the cockpit (as if flying through the air weren’t terrifying enough!). But seriously, passengers have been allowed to use onboard Wi-Fi for years. It’s probably smartest to focus on concerning yourself with preventing malware infections and other attacks, because those are what you are most likely to face as airlines become more electronics-friendly.