For many travelers, the quality of airplane WiFi is now more critical than the quality of the food. But before you connect again, be mindful of a serious warning that has just been issued. Those WiFi connections may be more dangerous than you think.

Most of us are now aware of the risks in connecting to public WiFi hotspots, especially when the provider of the service is unknown to us. VPN usage is soaring—as millions of users take precautions to protect their always-on fix.

Airplane WiFi use is also soaring, so to speak. And connecting at 30,000 feet seems safer and more secure, and most of us don’t worry about VPN connections or other security risks when we’re closeted midair. But maybe we should.

The Australian Federal Police has just charged a man with creating “free WiFi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them.” The catch this time—those free WiFi access points were on an airplane, while it was midair.

According to AFP, when people tried to connect their devices, “they were taken to a fake webpage requiring them to sign in using their email or social media logins. Those details were then allegedly saved to the man’s devices. The email and password details harvested could be used to access more personal information, including a victim’s online communications, stored images and videos or bank details.”

This type of “evil twin” WiFi attack works by creating a hotspot with a name that will trick users into connecting. On the ground this could be the name of a hotel, coffee shop or store, midair it could easily incorporate the airline’s name.

There are some easy ways to stay safe from such an attack midair. If you’re not familiar with the airline’s WiFi identifier and there are multiple options then just ask. And there are usually details provided of the URL that will take your details or payment. You should never enter personal details into a webpage—such as social media credentials or payment information—unless you’re very sure it’s legitimate.

It is also advisable to use a VPN on any public WiFi connection, even midair. And you should never have your iPhone or Android set to auto-connect to public hotspots or even to remember and auto-join hotspots you’ve used before. You can see all these options in the WiFi settings on your device.

AFP’s advice goes even further: “When using a public network, disable file sharing, don’t do anything sensitive—such as banking—while connected to it and once you finish using it, change your device settings to ‘forget network’.”

But realistically, most users want to access the same online services midair as on the ground, and if you stick to the rules you’ll be fine.

  • Use a VPN.
  • Assure yourself of the WiFi name and login page.
  • Don’t share or enter login details for any other service.
  • Use Apple or Google Pay or PayPal rather than entering credit card details.
  • Don’t auto-join or auto-connect to hotspots, even those you’ve used before.

If you do now recall any suspicious hotspots in the recent past—wherever that might be, then change any passwords you used directly with the service or while connected.

Share.
Exit mobile version