If you’ve been on a plane in the last year, you know that Gogo’s Inflight Wi-Fi is the only major player when it comes to Internet connectivity in the clouds. Then, if you actually chose to shell out $10.00 for a measly two hours of internet access, you know that it was on par with the 256 kbps dial-up you were running circa 1998. Literally, a snail could travel from one end of the plane longer than it takes to load your Facebook Newsfeed. Slow speeds aside, there’s a general assumption that if you’re paying for Internet – and low performing Internet access at that, that you’re paying for a secure connection. That was until a Google Engineer realized that Gogo was using fake SSL certificates. You know what they say when you assume…
— Adrienne Porter Felt (@__apf__) January 2, 2015
This is a massive problem. Not only does this expose you and your private data to Gogo (who already have your email address, name, and credit card on file) but by removing this layer of security, Gogo is practically handing the keys to your kingdom of data to anyone else on the network with malicious intent. So why are they doing this? According to Gogo Inflight, it’s all to curb traffic from data-heavy websites but we know there are plenty other ways to go about this instead of a MiTM attack.
What is a MiTM attack? It is an instance in which an attacker (in this case, Gogo Inflight) will intercept the data sent between two different systems, allowing it to act as the middle man, get it? If your SSL certificate is returning red flags (because it’s being signed by the MiTM), your browser will warn you with some sort of pop-up or a red “x” in your search browser—though many often ignore this warning.
Luckily, this can all be avoided with a simple tool that many Internet-savvy users already have, a virtual private network. A VPN connects two computers securely and privately over the internet, even if that connection is though a public network. A VPN client on one computer connects to a VPN server on another computer and by using encryption and other security measures, no-one can see what kind of information is being exchanged.
Let’s say we were to hop on a flight today from Los Angeles to London and we use the Newshosting VPN. We’re on and our information is encrypted, but the ISP (in this instance, Gogo) can still see how much data we’re using. This would not be an instance in which the VPN is helpful to access geoblocked streaming content, or any streaming content really. Remember, VPN’s can be tricky when you’re 50,000 ft above and to reiterate, the speed of Inflight Internet is reminiscent of a snail’s speed. But that shouldn’t deter you from checking your emails, reading the news, social networking, and the 1000000 other things you do online.