The availability and use of WiFi onboard commercial aircraft
is rapidly increasing, but network-security experts question whether consumers
are adequately being made aware of the potential security dangers connectivity
presents.
At the end of 2015, U.S. airlines offered at least spotty connections
on flights representing 78% of their available seat miles, according to an
annual report produced by the flight-amenities merchandising platform
Routehappy. That represented a major jump from 2013, when Routehappy, using a
slightly different metric, found that WiFi was either available or in rollout
on just 47% of U.S. flights.
But experts said that while more connectivity is surely a
good thing for flyers, especially for business travelers, it's important they
be on guard when using airplane WiFi.
"The easiest way to look at this is that it is a public
network, and public networks in general are not secure at the level of a
sophisticated hacker," said Richard Blech, CEO of the cyberdefense firm
Secure Channels. "If there is someone on the aircraft that wants to get
into the network, they are going to get into the network."
Opinions vary as to whether aircraft WiFi is less secure
than the typical public WiFi network. Blech said it is, noting that onboard an
airplane, users of computers and devices are especially vulnerable to being
spied on the old-fashioned way: people looking over someone's shoulder.
But Blech also said that because flights concentrate people
tightly in a confined space for a fixed amount of time, their WiFi networks are
inherently easier to target than the network of a typical venue on the ground.
"You've got three to five hours locked in, and everyone's
stationary," Blech said. "That's a world of time for a hacker."
In contrast, John McGloughlin, CEO of tactical security
services firm GuardSight, said the risks of using WiFi on a plane are similar
to the risks on other public networks. Hackers, he said, will likely find it
more time-effective to target venues that don't require boarding an airplane.
"Think about the target audience on an aircraft,"
he said. "What do you get, 130 to 300 people? Think about the number of
targets in the world."
Still McGloughlin, who said GuardSight has done business
with avionics companies, said he was not suggesting that signing on during
flights shouldn't be done with caution, since, like most public WiFi providers,
airlines probably aren't employing a number of useful measures that would
secure their networks against intrusion.
Experts said there are a number of simple steps airline
passengers should take to stay safer while online.
• Be mindful of prying eyes. Shield the screen or dim the
light on your device or computer if possible.
• Don't access or transmit sensitive information, such as
bank records, if you can avoid it.
"Common sense," Blech said. "You're in a
public spot. What can't wait a couple hours?"
• Run system updates regularly to patch vulnerabilities.
• Be aware of potential spoof networks used by hackers to
gain access to your device. If a network looks like its name is a little off
(perhaps there is a misspelling) don't sign on. Better yet, ask a flight
attendant what the plane's network is called.
• Give yourself extra protection by connecting through a
virtual private network (VPN), which ensures that the information flyers are
sending is encrypted. Signing up for a VPN service is affordable and easy to
do, though it will slow down a connection.
"People tend to forget that they should employ all the
precautions that they would when they are on the ground," said Jodi Myers,
marketing chief for NordVPN.