Whether you’re traveling for business or for pleasure, you might want to think twice about logging on to an airplane Wi-Fi network.
Last month, a USA Today columnist claimed that he was hacked while on an American Airlines flight using its Gogo in-flight Internet connection. When the flight landed, the alleged hacker, also on the flight, alerted him that he was able to hack into his computer via Wi-Fi to read his email.
Despite some logical inconsistencies in the report, such as the hacker confessing his crime upon arrival, the fact remains that while airplane Wi-Fi hacking is rare, it’s technically easy to execute, says Tyler Shields, vice president at Signal Sciences, a security-monitoring software company.
“It’s similar to the way one would attack someone using coffee shop Wi-Fi,” he says. “The main difference is that on an airplane, there isn’t any other option for Internet. If you want to get on the Internet, you have to use the airplane Wi-Fi to do it. At a coffee shop, you can still use your mobile device to tether your computer to the Internet more securely.”
Hackers and service providers alike could monitor your in-flight online activity, says Jeremiah Grossman, founder of White Hat Security.
“Because Wi-Fi broadcasts Internet traffic through airwaves, anyone can sniff—or see—what you’re doing online, if it’s not encrypted,” Grossman says.
This includes service providers, which “could instruct your browser to make Web requests that you didn’t intend, and they can layer in trackers,” he says. “Law enforcement officers might ask who was on a particular Wi-Fi network at a particular location at a given time, or if a specific person they’re looking for was connected, how long they were connected, and any log information about what they did online.”
Although airplane Wi-Fi hacks may not be an everyday occurrence, travelers would be wise to take some protective steps before hunting for cat GIFs above Cleveland. Here are four steps you can take to ensure your online safety when in flight.
Step 1: Direct your attention to the (encryption) safety features
Before logging on to an airplane’s Wi-Fi, visit the provider’s website, and read it thoroughly, says Bill Menezes, principal research analyst for unified communications at Gartner.
“You want to educate yourself on whatever details the airline provides on its website or the Wi-Fi’s splash page, when you sign in or register to pay for it,” he says. “Usually, this will be its ‘terms and conditions’ page.”
On that page, look for details about its level of encryption. WPA2, while supported by few networks because of its incompatibility with some older devices, is the most secure type, Menezes says. Most in-flight Wi-Fi providers supply a mix of WPA2 and WPA encryption, which is inclusive of more devices and reduces the risk of someone monitoring your online activity.
If there’s no indication of encryption, use common sense about the sites you visit–or forgo Wi-Fi entirely, Grossman says. “Just refrain from doing anything that you really care about. Casually reading the news is fine, but think twice about your other activity.”
Step 2: Buckle your seat belt (with defensive software)
Airline passengers should install some type of mobile threat defense or protection on the smartphone, laptop, or tablet they intend to use in flight, Menezes says. These apps detect and stop Internet traffic patterns that indicate potential threats.
Reputable companies that provide these apps and software include Kaspersky Lab, Lookout, McAfee, Sophos, Symantec, and Avast (sponsor of The Parallax), he says. “Most, if not all, provide personal or consumer versions, which might not have everything an enterprise version provides, but it’s a good starting place.”
Ad blockers and traffic blockers are also worth installing, Grossman says, as an extra level of security to prevent against infectious advertisements and malware that ads may distribute, and invisible trackers. Reputable providers include uBlock Origin and Disconnect, he says.
Step 3: Sit back and relax (with a VPN)
Virtual private networks, or VPNs, create a secure tunnel from your device over the public Internet to private networks at a remote location. While they use encryption to ensure that your communications and activity are coded against snooping, they have their limits.
Some VPNs, particularly those installed on business-issued devices, encrypt only traffic or email going to the company, Grossman says. They don’t secure your personal communications or other online activity. And some VPNs aren’t reliably supported by in-flight Wi-Fi, which is “still in its infancy,” Menezes says.
“Understand that if you’re in a situation where you really need a VPN to feel secure,” he says, “it may not work, so it might be best to lay off the network.”
Step 4: Avoid risky maneuvers (when online)
The best rule of thumb to stay safe while connected to airplane Wi-Fi, Menezes and Shields say, is to avoid downloading sensitive data, sending sensitive emails, and browsing sensitive information.
If you want to work on your tax return during a flight, for example, download your materials on a secure thumb drive before you board rather than accessing it over the Internet, Menezes says. “It’s best to assume that any public unsecured network is a threat to your privacy and security of whatever device you’re using. Just be smart about it.”
In-flight hackings, while rarely reported today, are likely to become a more common danger “as more attackers realize the types of people that are frequently on airplanes and using the Wi-Fi tend to be executives, or those with more disposable income,” Shields says. “This should be a legitimate concern for travelers.”