Starting on 24th October, Southwest Airlines will offer free in-flight wi-fi across its fleet. With this move, all six of the largest US airlines will either have or be close to having complimentary in-flight wi-fi services.
European airlines are also quickly adopting the technology, with Air France recently announcing free high-speed in-flight wi-fi services, and British airways offering free wi-fi for messaging apps.
While free internet access elevates the flight experience, cybersecurity experts warn that it is also an opportunity for hackers.
“In-flight wi-fi used to occasionally be a target for cyberattacks, but with the service now becoming complimentary, security incidents will become more frequent,” says Matas Cenys, head of product at Saily, a travel eSIM app company. “Hackers use old tactics in an environment where travellers expect to be safe. So, their old tricks work again, even when they wouldn’t elsewhere.”
How hackers trick travellers with fake Wi-Fi
To execute a type of cyberattack called an ‘evil twin’ attack, a hacker boards the plane together and sits down. They then connect to the airline wi-fi, enable a hotspot feature on their mobile device, tablet or a travel router, and name the hotspot to sound convincing – something like ‘Free_Airline_WiFi’. Many passengers will then either connect to the fake network themselves, or their devices will automatically choose the strongest or known wi-fi, if they have used the airline’s wi-fi before.
After some technical background effort, the attacker can see all unencrypted traffic coming from the connected devices, including passwords and personal information. They can also steal session cookies that allow the hacker to log into the user’s accounts without knowing their password.
Attackers may also try to prompt the passengers to use fake log-in screens that request personal information, or ask them to pay a fee for using the internet and steal sensitive financial details. A pop-up asking for credit card information to unlock ‘premium access’ or a ‘seat upgrade’ should also be taken with a grain of salt.
“Hackers can also spread malware through the connection, for example, by offering a ‘required’ app or plug-in to access the wi-fi. The same trick can be used via AirDrop. If your device notifies you that you’re receiving some file from an unknown person, tread carefully – even if it looks like an innocent photo of their dog you’ve seen in countless social media posts,” says Cenys.
“If connected to a malicious network, the internet will be extra slow. Airplane passengers might expect a small drop in internet speed while flying, but a super-slow connection could be a red flag.”
Tips on how to avoid falling for this scam
Besides noting the internet speed, there are some good practices passengers can use to make sure they are safe when using cabin wi-fi:
- Ask the airplane crew which wi-fi is the official one to use, especially if you see a few options. A short conversation can save you a lot of trouble.
- Choose HTTPS only sites. When visiting websites, look for a padlock icon next to the URL.
- Consider using a VPN while on public networks, and leave sensitive tasks (like using financial services) for mobile data. If you’re concerned about using mobile data when abroad, look into roaming alternatives, such as travel eSIMs.
- Treat your personal information with care. Being bored during a flight is understandable, but it’s not enough of a reason to give out your most sensitive information to strangers on the internet.
- Disable file sharing, AirDrop, and network discovery while on public networks.
About Saily
Saily is a secure travel eSIM app that helps people to manage mobile and internet connections from anywhere in the world., with coverage in 200+ destinations. Saily was created by the experts behind the NordVPN advanced security and privacy app.
