OPINION Room at the VPN?Cybercriminals are prowling the skies 30,000ft aloft prying into your WiFi on the sly. How to get yourself a cyber chastity belt.
JUMP TO Current column SOMETIMES it seems the only private space you can find is 30,000ft aloft, albeit with your neighbour’s elbow jammed into your midriff. Still, it’s far from irate bosses, bossy spouses, interminable test-your-patience teen angst, prying NSA eyes, and snooping Yahoo managers eager to serve up your e-mails to anyone in a uniform. You disengage that foreign elbow, lean back politely after the meal service is over, and whip out your iPhone7. Time for some private ‘me’ time and a quick hook-up to onboard WiFi, which is now ubiquitous from Virgin to Vietnam Airlines. And that’s when it all starts to unravel. You could have experimented with frying eggs on your Samsung Galaxy Note 7, but you did the honourable thing and left it at home, under your mother-in-law’s pillow, so… Back to WiFi. It may be grindingly slow in US skies where Gogo Inflight scans for and hops from signal tower to signal tower (the newer ‘2Ku’ satellite system on some aircraft promises faster speeds) or relatively snappy in Asian skies where satellite connections are already the norm, but it is far from private. It is egregiously unsecure, and easy to hack. By almost anyone. Send us your Feedback / Letter to the Editor So just because you’re flying on blue-chip United, Delta, British Airways, Lufthansa, Emirates, SIA, or Cathay Pacific, does not mean the information on your laptop or mobile phone is safe, especially when you start transmitting and receiving private data. {A MiTM (man in the middle) attack is when someone sets up shop between you and your browsing site to capture and sift through your data transmissions... The security minded should know that inflight WiFi is notorious for the loopholes offered to would-be hackers, apart from the obvious drawback of laptop screens that are in plain view of any passenger en route to the toilet or seated across the aisle. In early 2015 talk was rife of ‘fake SSL’ Google certificates being served by Gogo – apparently to curb heavy bandwidth hoggers like YouTube. SSL (secure socket layer) is a method of encryption. This, perhaps inadvertently, created a scenario that could be construed as an MiTM (man in the middle) attack where someone sets up shop between you and your browsing site to capture and sift through all your data transmissions. Of course this was not Gogo’s intention and it later decided to employ other techniques to manage bandwidth issues. Man in the Middle attacks are common on the ground at coffee shops and public hotspots where someone can flip open his laptop, find the WiFi signal, and then proceed to spoof the provider, setting himself up as the legitimate connection. Once anyone logs onto this unsecure connection the man in the middle checks and scans all the data passing through, or simply ‘sniffs’ the data and stores it to go through later. You could suffer an injection of malware and have your laptop turn into a Walking Dead zombie that may be summoned at any time by its new master to launch a DDoS (distributed denial of service) attack on some unsuspecting site that gets brought down when a tsunami of computers attempt to access it at the same time. Everyday Internet-enabled 'intelligent' household items like webcams, baby monitors, garage doors and refrigerators can also be enslaved by malicious code as the late October 2016 attack on Twitter, Spotify and Reddit demonstrated. Aloft, you can be compromised in an instant. But surely this is impossible inflight where security precautions prevent carrying on even a humble nail clipper? Not at all. It’s as easy in the skies as it is on the ground. Perhaps easier. Inflight WiFi systems may inject java script code into your laptop or mobile device to make the operation smoother. This creates a vulnerability. It’s a problem for air travellers as well as airlines as these vulnerabilities can be exploited to get into aircraft systems (to control the engines, say) as has been demonstrated by experts. {A more aggressive and foolproof solution is to use a VPN (virtual private network) that sends all your stuff through a safe encrypted tunnel... Novices can use simple hacking tools like WiFi Pineapple that is available for purchase. The device is small and easy to carry around. WiFi Pineapple refers to its business as “WiFi auditing”. Its ultra-portable Nano device can “command the WiFi landscape” and even “acquire clients with a comprehensive suite of WiFi man-in-the-middle tools specializing in targeted asset collection.” It’s quite clearly spelled out. The Nano retails at just US$99.99. Forget Vladimir and the Russians. Examine your neighbours and John Smith. Fortunately it is possible to shield yourself from in-flight hacks and malicious attacks. Common sense solutions include not visiting sensitive sites (like your offshore bank account in the Bahamas), not using your credit card for online payments aloft, and ensuring your firewall is solid. A more aggressive and foolproof solution is to use a VPN (virtual private network) that sends all your communications through a safe encrypted tunnel. It also disguises your identity. One popular and free but slowish VPN is TOR, a freethinker’s refuge that bounces your communication through a network of computers (run by volunteers around the world) to ensure your location and rants remain utterly anonymous. Other free VPNs like Hotspot Shield and CyberGhost will do an adequate job, while paid services like PureVPN and HIDEmyASS that charge around US$6-$8 per month for a year, claim to have a mass of servers around the world at the ready to mask your moves. HIDEmyASS has over 57,000 servers in North America, 46,000 in Europe, and over 10,000 in Asia. That’s a lot of locations and identities to pick from. NordVPN uses the TOR network and claims to be “safer than if you were actually at the bank.” It offers a “revolutionary 2048-bit SSL encryption even a supercomputer can’t crack.” This double data encryption VPN service charges US$5.75 per month for an annual subscription. And it does not log your activity on the Web. This last feature – as well as a kill switch that shuts down your connection if the VPN is interrupted – ensures privacy and passwords are fully protected. Some VPNs do log browsing details so check. Armed thus, not only are you safe from prying eyes aloft but you can access VoIP call services and social media in countries that enjoy censoring stuff. That just leaves Yahoo and its fawning preoccupation with uniforms. Send us your Feedback / Letter to the Editor Previous Columns2016 How big can be beautifulWhy it's brand on the run Premeditation and physics Samsonite in a snit Bogged down by blogsRight brain has the right stuffWho's the fairest of them all?How have you been lately?Got a Black Magic Woman The rebranding of Asia
2015 Smoke gets in your eyesThe devil beaters of Hong KongThe lure of InstafameYes, still number oneStill tripping up onlineBetter late than neverCan you read bar codes?Domo arigato misuta robotoFast and furious - 2Terminal Man – the true storyHow bad ads kill good onesA matter of time
2014 Are you kidding me?Time to face the factsThe decline of reclineArt of hitchhikingShot out of the skyLies and statisticsBottoms up for goldShanghai surpriseNow, fake festivalsWhy ghetto is goodFrequently flummoxed flyersLaughing to the exits
2013 A matter of prideSpeak and it shall be understoodLet's go phishingAsia's best travel brandsBad scrambled eggsHow to pick a happy flightThe Wild Waist aloftClicks come a clatteringBrand on the runThe unfair fares affairSafe on cloud nine?Man-eaters of Mumbai
2012 The fine art of goodbyeStay fit or fake itMore than wordsWhy hotels and pigs can’t flyTo B or not to B737Are you being hacked?Snap-happy hounds bewareDelhi daze in springtimeLet's celebrate with KittyHide your prying eyesPilot project for beginnersGreen flights of fancy?
2011 The art of arriving lateWhen life drives you pottyAirports, awards, and alarmA fright for sore eyesDry skin wet eyesBack to the Tunnel of LoveWhy fearless flyers won't flee feesMore wind in the hairTravel tremors after JapanThe case of the intact bagsEnd of the OTA-man empire?A picture says a thousand words
2010 Only Engrish spoken hereVoices in the skyA tale of three airportsWhat's in a brandA big bite of a bad AppleNow haste to the hustingsJust 400 homicides and all's wellNo sex please, we're BritishSome minor details aloftHighway to the heavensYou look radiant darlingGood info a needle in a haystack
2009 Please watch that safety drillA classic cycle folderolUtterly eggcentric behaviourThe price is rightFlashing in public is a crime[Offset] my kingdom for a horseYour cash or I'll sneezeThe greening of the worldDo broccoli need passports?Could I see your profile?Great Scott! Empty seatsTravel in an age of terror
2008 There is no free lunchAnother Night in BangkokBeatings on the beachTravelling with Teenage KidsWhither Wi-Fi at 30,000ft?Are you locked in the toilet?Charge of the Flight BrigadeAcross the UniverseBaby it's cold outsideWhy I'm dying to travelA key questionGorillas in the mist
2007 Confounding customsWhen blackmail worksBy taxi through AsiaA really cheap dateMake a meal of itTales of two teethPutting curbs on carbsDial R for rip-offThe New Math aloftWhy boutique is bestAre you terminally mad?Heavy question, ladies
2006 The secret of good sleepJust bring Pluto backA fluid situation aloftWhy Friday's the bestNothing but the truthGone in 60 secondsJust use your imaginationFree flights for allIs your travel in vein?Pet peeves and solutionsViral travellers welcomeYes it's safe to step out
2005 A passage to IndiaIt is a "brand" new AsiaThe show must go onCriminally good holidaysThe accidental touristIt's a free rideSleep tips for the roadI'll follow the sunA good pillow fightA bridge too far?World's safest spotsThe need for speed
2004 Small is beautiful, sometimesBumming around AsiaSamsonite and DelilahJust one good bookSpace, the final frontierExtreme Travel for Real MenJust grin and bare itUnfazed by phraseHoney, I Shrunk My BrainMiss World to the RescueWhen things go bumpTo catch a croc, in Hongkong
2003
NOTE: Telephone and fax numbers, e-mails, website addresses, rates and other details may change or get dated. Please check with your dealer/agent/service-provider or directly with the parties concerned. SmartTravel Asia accepts no responsibility for any inadvertent inaccuracies in this article. Links to websites are provided for the viewer's convenience. SmartTravel Asia accepts no responsibility for content on linked websites or any viruses or malicious programs that may reside therein. Linked website content is neither vetted nor endorsed by SmartTravelAsia. Please read our Terms & Conditions. |