Staying Secure at 30,000 Feet – Part One
How do you protect the credentials on your device, while using Wi-Fi on an airplane or even while riding the train? As airplanes and trains are now being equipped with Wi-Fi access, the concern of your device being secure has grown. Even if your plane isn’t Wi-Fi enabled, there’s a good chance you will be tempted to sign into the airport Wi-Fi prior to your flight.
For business travelers, Wi-Fi in airports and planes is a necessity to get work done while spending hours traveling. The downside is Wi-Fi security has lagged massively and should raise red flags if you’re dealing with sensitive business data.
Two-factor authentication (2FA) isn’t enough to protect your username and passwords if you travel often. Making sure your business or enterprise uses modern multi-factor (MFA) and adaptive authentication is even more important. Risk-based analysis of your authentication works behind the scenes to protect user’s credentials and important company information and data.
The risk-based analysis includes a geo-velocity check to analyze travel events (e.g. access request occurred at 1:00 PM in Seattle and that same user tries to log in two hours later from Philadelphia, something is obviously wrong. SecureAuth will either deny the request, require multi-factor authentication, or redirect to a safe zone.
Not every available Wi-Fi connection is legitimate. Bad actors have set-up Wi-Fi access points with legitimate looking names to trick people into joining them (e.g. “Airport_Wi-Fi” or “InFlightWiFiService”). Once you’re on their Wi-Fi hotspot, everything you do will be monitored and mined.
Needless to say, if you’re not sure of the exact name of the Wi-Fi network to connect to, don’t connect! Gate agents, airline customer service, cabin crew or train porters, airport concierge desks, and other official information sources should know the legitimate Wi-Fi network to connect to.
What are some security concerns about connecting to Wi-Fi on the airplane or airport?
First, the Wi-Fi on an airplane is shared with all of your fellow passengers, and it’s not secured with a password. You connect to the hotspot, hand over your credit card information to a captive log-on page to begin the process (that pop-up webpage you see when you join a public Wi-Fi network). Captive Login Agents are not security features, they’re only designed to allow you to pay for your connection. You’re immediately interconnected to dozens if not hundreds of other people. Make no mistake, you share your plane or train with people who enjoy hacking as a sport, so someone is probably watching.
When you connect to the Wi-Fi, those same people are able to keep an eye on site logins, data being transferred, and lots of other details about what you’re doing. Not that long ago, a tool called FireSheep became famous for allowing people to sniff logins to many popular websites like Facebook while the user and the attacker were both on the same coffee shop wifi network. Imagine that, multiplied by the 100-300 passengers on the average wide-body jet.
How are some ways to secure and protect your data and credentials while flying? Check out part two of this two-part blog!