Board almost any flight these days, and the airline will offer Wi-Fi service. That can be a big help if you want to get some work done or have a broader range of entertainment options during your flight. But is airline Wi-Fi secure?
Experts say the risk of being hacked while using Wi-Fi on a plane or in an airline terminal is similar to that of any other unsecured public Wi-Fi—but in some cases with a level of vulnerability unique to fliers. Fortunately, they also say there are ways to limit your exposure.
One problem with Wi-Fi in the sky is that you can’t always rely on a virtual private network, or VPN, to function smoothly or at all with the Wi-Fi service on your flight. A VPN can protect you by routing a device’s internet connection through a secure server, thus encrypting your traffic and shielding your device’s unique IP address.
So that’s one layer of protection you can usually use in, say, a coffee shop, that might not be available in the air. And without that protection, a hacker sharing the airline’s Wi-Fi with you might be able to eavesdrop on any data flowing between you and the network and gain access to your devices, leaving you vulnerable to all sorts of trouble.
Among other things, hackers can access your personal information like account numbers, passwords and contacts, says Arjun Bhatnagar , chief executive of Cloaked, a consumer privacy and security company. “They can log into your personal accounts and spread malware to your friends and family,” he says.
Protect yourself
One step you can take to partially protect yourself is to visit only websites that start with “https,” which means they are encrypted, Bhatnagar says. That way, a hacker could only see what sites you visit, not anything you do there, such as logging in with a password or entering a credit-card number.
But you could still be in trouble if an attacker manages to trick you into downloading a type of malware called a key logger, which records anything you type. That allows a hacker to capture information users are exchanging with secure websites, including sensitive data such as passwords or a Social Security number that’s required to open an encrypted file. The best way to avoid this is to not follow any links or download anything from sources you’re not certain of, especially unsolicited AirDrops, which are so prevalent among Apple users during the boarding process.
Another threat to be aware of is fake Wi-Fi networks. A hacker can create a fake network with a name that is very similar to, or even the same as, the airline’s. Users who connect to the fake network give the hacker access to all the personal data that flows between them and the network.
If you see multiple Wi-Fi networks with the same or similar names, ask the airline steward to identify the proper network for you before you sign on. To be extra cautious, configure your devices to “forget” public Wi-Fi network connections that don’t require a password. “If you ‘forget’ a network that you’ve previously connected to, your device won’t automatically connect to Wi-Fi networks with the same name when it finds them in the future,” says Anand Oswal , senior vice president and general manager of network security at global cybersecurity firm Palo Alto Networks .
That protection extends beyond your flights, Oswal says. For instance, if you connect to a legitimate airline Wi-Fi network on a flight and don’t set the device you used on the plane to forget that network, your device could automatically connect to a fake network with the same name set up by a hacker at your hotel or another public site, he says.
Do the basics
The bottom line is that if you take the precautions you would when using any public Wi-Fi network, the risk of being hacked while logged into a plane’s Wi-Fi is pretty low. “I would not say airplane Wi-Fi is terribly risky,” says Amir Tarighat , CEO of the cybersecurity firm Agency. “Make sure you have proper security tools on your device, update your software all the time, and use multifactor authentication for sensitive websites like your bank, and you won’t have much to worry about.”
Security tools from trusted companies include antivirus and malware-protection software and apps that encrypt your sensitive data as it moves from one end point to another. On an airplane, experts also say to consider using a privacy screen to fend off potential snoopers in the seats behind you, and consider waiting to access financial accounts until you can do so on a private network.
Experts also warn travelers not to let their guard down in the airline terminal, where public Wi-Fi networks are just as dangerous as they are anywhere else. And there’s an extra potential danger here: Hackers can install malware into public charging stations that allows them to steal data from your device as it’s charging. The FBI’s Denver bureau released a warning about this issue in April .
Cloaked’s Bhatnagar says travelers should use their own cords and plugs and charge their devices in a traditional outlet while traveling.
Heidi Mitchell is a writer in Chicago and London. She can be reached at reports@wsj.com .
