Gogo Wi-Fi Is Using Man-in-the-Middle Malware Tactics on Its Own Users

Illustration for article titled Gogo Wi-Fi Is Using Man-in-the-Middle Malware Tactics on Its Own Users

Gogo's inflight Wi-Fi service is pretty much your only option when it comes to surfing the internet in the skies above. Which means that they are free to give you shitty service at even shittier prices all they want. And now, according to one Google engineer, they're also playing fast and loose with your online security. The question is—why?


In traditional man-in-the-middle (MITM) attacks, the attacker will intercept the data being sent between two different systems, allowing it to act as the middle man (duh). If the certificate for the site you're trying to reach doesn't add up (because it's being signed by the MITM), your browser will usually warn you—though many often ignore this warning. Fortunately, Google engineer Adrienne Porter Felt did not.

After connecting to Gogo's inflight wireless, Felt noticed a little red "x" in her address bar, indicating something wasn't right. As you can see from the tweet above, Gogo itself was signing the certificate—not Google. This is a huge problem.

First and foremost, by misleading customers in this way, Gogo is doing away with a hugely necessary layer of security, and in doing so, opens the same option to anyone else on the network with malicious intent. The fact that Gogo has access to all your data is bad already, but it's impossible to know who else might be making use of the now gaping security holes. But what's more, according to Tech Dirt:

[Gogo] loves to datamine and it definitely makes an effort to "shape" traffic by curtailing use of data-heavy sites. It also, as Steven Johns at Neowin points out, is an enthusiastic participant in law enforcement and investigative activities, going above and beyond what's actually required of service providers.

So while Gogo might use its willingness to datamine in order to cooperate with government officials and "third parties" as the reason for its questionable tactics, that's still no reason to totally throw customer security out the window.

People on Twitter have also speculated that Gogo might be doing this as a means of throttling data to limit traffic on its networks, but of course, there are other, less dangerous ways of doing that, as well.


We've reached out to Gogo for comment, and will update as soon as we hear back. For now, though, if you're flying, probably best to stay offline. Who knows who might be peeking in. [Neowin, Techdirt]


Update 2:30pm:

Gogo released the following statement:

Gogo takes our customer's privacy very seriously and we are committed to bringing the best internet experience to the sky. Right now, Gogo is working on many ways to bring more bandwidth to an aircraft. Until then, we have stated that we don't support various streaming video sites and utilize several techniques to limit/block video streaming. One of the recent off-the-shelf solutions that we use proxies secure video traffic to block it. Whatever technique we use to shape bandwidth, It impacts only some secure video streaming sites and does not affect general secure internet traffic. These techniques are used to assure that everyone who wants to access the Internet on a Gogo equipped plane will have a consistent browsing experience.

We can assure customers that no user information is being collected when any of these techniques are being used. They are simply ways of making sure all passengers who want to access the Internet in flight have a good experience.


In other words, we know this sure looks shady but it's not, PROMISE.


Hotels and Gogo need to rethink their wireless strategy and use an Identity engine for auth - NOT intercept and filter users traffic. I've been saying for YEARS that Hotel's (and more recently gogo) are anything but trustworthy networks.

Hell, I trust my ATT and Verizon hotspots a helluva lot more than any of those shady networks and thats saying something.