Be careful before you click and connect
For many travelers, the quality of their in-flight WiFi has become more important than the quality of their food. But before you connect again, heed the critical warning just issued: Those WiFi connections may be more dangerous than you think.
By now, most people are aware of the risks involved in connecting to public Wi-Fi hotspots, especially if the provider is unknown. To ensure an always-on secure connection, millions of users are taking precautions, leading to a surge in VPN usage.
Airplane WiFi usage is also booming. Connecting at 30,000 feet seems safer and more secure, so few people worry about VPN connections and other security risks while stuck in the air. But maybe they should.
The Australian Federal Police have charged a man with “creating a free Wi-Fi hotspot that mimicked a legitimate network and then stole personal data from unsuspecting victims who accidentally connected to it.” The problem this time was that the free Wi-Fi hotspot was on an airplane, and while it was in flight.
According to AFP, when people tried to connect their devices, “they were directed to a fake webpage asking them to sign in using their email or social media login details. These details were then allegedly saved on the man’s device. The collected email and password details could then be used to access more personal information, including the victim’s online communications, stored images and videos, and bank account details.”
This type of “Evil Twin” WiFi attack works by creating a named hotspot to trick users into connecting. On the ground, this could be the name of a hotel, coffee shop, or store, while in the air it could just as easily incorporate the name of an airline.
There are some simple ways to protect yourself from such attacks while in the air: Ask about your airline’s WiFi identifier if you are not familiar with it and there are multiple options. You will usually be provided with details of a URL where you enter your details and payment information. Never enter personal information such as social media credentials or payment information into a web page unless you are sure it is legitimate.
We also recommend using a VPN on any public WiFi connection, even if it’s in the air. Also, don’t set your iPhone or Android to auto-connect to public hotspots or to remember and auto-connect to previously used hotspots. You can find all of these options in your device’s WiFi settings.
AFP’s advice goes further: “When using public networks, disable file sharing, avoid conducting sensitive operations such as banking while connected, and change your device settings to ‘forget the network’ after use.”
But realistically, most users want to access the same online services in the air as they do on the ground, and as long as they follow the rules, there’s no problem.
- Use a VPN.
- Please check your WiFi name and login page.
- Do not share or enter your login details for other services.
- Instead of entering your credit card details, use Apple Pay, Google Pay, or PayPal.
- Do not auto-join or auto-connect to hotspots, even if you have used them before.
If you recall any suspicious hotspots recently, wherever they may be, change any passwords you used directly with the service or while connected.
