To Preserve Bandwidth, Gogo Inflight Executes a Man-in-the-Middle Attack

Early last week, Gogo Inflight, a provider of in-flight Internet access for airlines, caught a lot of headlines for a practice that can only be summarized in one word: bad. The company is accused of, and admits to, tampering with the communications of its customers and web servers across the world. Gogo claims it did this in order to maintain a suitable service for all passengers. Regardless of its intentions, however, Gogo is guilty of using a method popular among hackers: the man-in-the-middle (MITM) attack.

A MITM attack is exactly as it sounds: an entity either intercepts, eavesdrops or modifies a message sent between two people or two connections. It’s as if an eavesdropper broke the seal on a letter and changed its contents before passing it on.

If the Internet were a letter, its wax seal would be the Hypertext Transfer Protocol Secure (HTTPS) standard. A mixture of two protocols, HTTPS is widely deployed to authenticate communications between a user (you) and a website’s server with the complex use of certificates and encryption. When it’s working, you will see a closed lock with “HTTPS” present on the left side of the URL bar—the space used to a type in a website’s address. When something’s wrong, like traffic being rerouted through an unknown server, the lock is replaced with a red “x.”

That red “x” is how Gogo got caught using a MITM attack. Gogo issued a bogus certificate—the equivalent of a fake ID—in an effort to trick users into thinking they were directly communicating with Google. Instead, Gogo was monitoring these communications and since HTTPS couldn’t verify it was directly communicating with Google (because it was going through Gogo’s servers first) a red “x” appeared.

Unfortunately for Gogo, Adrienne Porter Felt, a security engineer for Google, noticed the “x” and investigated. The rest, as they say, is history.

So why did Gogo try to pose as, or at the very least intercept communications to, Google? The answer, according to the company, is because they wanted to block user access to YouTube, a video streaming site that can hog a good deal of valuable bandwidth that allows passengers to send and receive data on a flight.

In its statement responding to the brouhaha, Gogo said it “utilizes several techniques to limit/block video streaming,” in its services. Apparently that includes MITM attacks. The company goes on to state that it takes “customers privacy very seriously,” and that they “assure customers that no user information is being collected when any of these techniques are being used.”

We will have to take them at their word. After all, they’re a large company that would very much like to remain in business and avoid being sued into oblivion.

But hackers often use MITM attacks to steal sensitive information like credit card and Social Security numbers. The technique can also be used to tamper with and modify communications between two parties and to inject malicious software on an unsuspecting user’s computer. In other words, it’s a bad technique to deploy with the intention of simply blocking access to a video-streaming site.

While Gogo is most certainly not executing on any of the above criminal activities, it is still using a troublesome technique that poses security risks for their customers. By breaking HTTPS, Gogo drastically increases the opportunity for hackers to intercept and record communications.

So what can you do to protect yourself online while in the air? Well, there are a few options:

  • Be cautious when using public Wi-Fi. The best way to avoid giving up your data unknowingly is to only use networks you trust, and taking precautions when you use them. Be sure to follow Wi-Fi providers’ instructions carefully so you are sure you are connecting to the correct network, and not that of a malicious party pretending to be the establishment’s network. Use a virtual private network (VPN) to encrypt your communications, and if VPN isn’t available, be sure to avoid conducting any sensitive transactions like banking, online stock trading, or online shopping.
  • Look for HTTPS. One way to detect a possible attack or data interception is to look for a stated HTTPS connection in your URL bar. If you’re securely connected, you should see a lock next to the letters “HTTPS.” If you’re not securely connected, you’ll see an “x,” usually red in the same place.
  • Use comprehensive security. Guard your smartphone, tablet, PC and Mac with McAfee LiveSafe™ service, designed to protect your data and devices from prying eyes.  If you already have protection on your computer, download McAfee Mobile Security on your Android or iOS device for free.

And, of course, stay on top of the latest consumer and mobile security threats by following myself and @McAfee_Home  on Twitter and Like us on Facebook.

GaryNasdaq_NCSA_Conference_panel small

Leave a Comment

one × one =