POSTED BY S. Grant Bowen

We have all done it. You walk into your local café, grab a cup of coffee, set up your laptop or tablet and log onto its WiFi network. What people might not know is how horribly unsecure these networks are. Even though the shops probably require you to enter login information or assent to certain terms of usage, anybody in that shop, or anybody within range of the WiFi extending outside of that café can access the network, and your computer. Nearly any member of the public could potentially access most pieces of information that you commonly access.         Meanwhile, an astute hacker can quickly access credit card information, email inboxes that provide thousands of sensitive points of data, or sensitive corporate and business information.

What, then, is a common WiFi network user to do? Encryption for these public networks is nonexistent.  The authentication systems used are generally not secure or limiting as to who may join the network. Generally, only the use of a personal VPN (virtual public network) is needed for protection. But, unless a company gives access, the use of such VPNs may only be limited to personal computing reasons.

While public WiFi networks are not a new risk to café goers, almost all major airlines have recently adopted similarly structured WiFi networks. Additionally these airlines are now working on providing Internet access while flying over uninhabited areas (deserts, low population density land masses, and oceans). This presents two major security threats to in-flight WiFi users: how to stay secure while using a device connected to in-flight WiFi, and how airlines secure their parent networks from outside threats.

Primarily, in-flight WiFi networks present very similar security issues as the aforementioned cafés do. There is generally little or no encryption, allowing hackers to steal login information for Facebook, Twitter, Amazon, and most email systems. Additionally, authentication is similarly unsecure. While this may not present as great of a threat as on ground, because most in-flight WiFi systems charge for use, it allows anyone who can “spoof” a MAC address (easily discoverable on YouTube) to “share” (read: steal) the rightful WiFi purchaser’s MAC address and utilize the service for free. Again, though, users can easily remedy these security threats by making sure not to conduct highly sensitive computing (online banking, important corporate work, etc.), and utilizing a VPN.

Various security experts now claim the biggest concern for in-flight WiFi networks is their risk to be hack from outside the plane. The communications systems that beam in Internet service are satellite based, and therefore, susceptible to certain vulnerabilities that could give a hacker access to functions including a plane’s navigation and safety systems. This could at least allow hackers to take control of the plane’s WiFi and communications systems, and at worst allow them to take control of new airplane fly-by-wire avionics equipment.

However, aviation experts argue that the encrypted, encoded avionics information is simply a “jumble of data” of value only to manufacturers of each particular component. Additionally the manufacturers of the communications satellites required to send WiFi signals claim their systems cannot be hacked so easily.  Of course, Home Depot, Ebay, and Adobe, subjects of some of the largest sensitive information hacks of all time, would argue they didn’t believe their systems could be hacked in any conceivable way at the time. When it comes to hacking, where there is a will there’s a way.