NEW YORK (MainStreet) — Hacking is becoming more commonplace, and your data is not safer 30,000 miles up on in the air.
While surfing, shopping or sending emails aboard a flight is becoming more popular and is convenient as more airlines are adding Wi-Fi, your connection is just as insecure as hanging out in your local coffee shop.
Here are some common tips to avoid being hacked at the airport or during your flight.
If you are going to connect to a free wireless network, check to see if it is a secure, trusted hotspot operated by a known organization such a JetBlue, said Sergio Galindo, a general manager of GFI Software, a Durham, N.C. developer of IT solutions for small and medium-sized businesses.
Remain skeptical of suspicious-looking network names such as “Free Wi-Fi” or “AmAir2,” he said. Avoid logging into sensitive sites or engaging in mobile banking while on a free Wi-Fi network.
If you have to log-in through a website, make sure the site is secure and looks legitimate such as the fact that that everything is spelled correctly in the URL.
Paying for wireless connectivity does not mean it's secure. Other so-called “secure” Wi-Fi networks can still pose risks because they are difficult to manage. At some airports or airlines, those networks may not be managed at all, Galindo said.
“IT admins at airports often don’t have the time or resources to constantly monitor for intruders or interlopers,” he said. “It’s important to stay vigilant and follow data security best practices at all times.”
Since airline Wi-Fi networks are similar to public Wi-Fi networks because they are designed with the lowest possible interference against getting users connected, the amount of security on these networks will be “nearly non-existent,” said Mark Parker, a senior product manager at iSheriff, a Redwood Shores, Calif. cloud security provider.
“Users should assume that they are on a network that could potentially be shared by everyone else on the plane,” he said. “This means that there is nothing between your device and the device of that shady looking character over in seat 22D.”
Mobile Devices Can Be Hacked Too
It’s not only your laptop that hackers can worm their way into. Don’t forget about your smartphone and tablet. If you want to avoid the possibility of hacking altogether, turn off the Bluetooth and Wi-Fi on your mobile device and only use the LTE/4G/3G data connection from mobile device, said Jason Hart, a vice president at Gemalto, a Belcamp, Md. digital security company.
“It is easy for hackers to spoof Wi-Fi networks and fool your mobile device into connecting to it,” he said. “They do this by setting up spoof networks using commonly used Wi-Fi network names and your mobile device will automatically connect to a Wi-Fi network if it recognizes the name.”
When you are using your laptop, only turn on Wi-Fi when you are connecting to a known Wi-Fi network and always turn on the Virtual Private Network (VPN) connection which routes your online activities through a private and secure network even when using Wi-Fi.
Make sure you disable all sharing services like iCloud on a laptop or mobile device. This is crucial, because not doing this means “you’re opening yourself up to more data and content that can be stolen,” Hart said.
Use two-factor authentication on everything that requires a password, including social media, because that’s “just good security hygiene,” he said.
Breaching most networks or systems is something that can be done easily, said Dave Bennett, CTO of IONU, a data security company based in Longmont, Colo. While having more access to Wi-Fi sounds like a good thing for consumers, in reality it is just opening more people up to additional data loss because public networks are “hideously unsecure,” he said.
“They can easily be snooped [allowing] them to get access to your data,” Bennett said. “It is common for trains, airplanes, airports and hotels to provide wireless access, and these are ripe for being compromised and becoming a common means of data leakage and loss.”
Instead of assuming that you won’t get hacked because you have software installed on your laptop, a better strategy is to “always assume that the network is compromised because it almost always is,” he said.
Travelers on a plane are even more vulnerable, because they are more likely to be have their Wi-Fi turned on for hours and do not suspect any intrusion attempts.
Since airlines appear to be switching to having fliers use their personal computers and wireless devices to deliver in-flight entertainment, this only opens up another connection which can be compromised and give hackers access to people’s data.
If your data is properly protected and backed-up, you are less vulnerable to data loss.
“Most people don’t protect their data or take some easy precautions before traveling,” he said. “They are just tempting fate.”
Even someone on your flight could be attempting to hack into your data, Bennett said.
“Frankly, there are so many different ways in which you can attack someone’s computer if you know they are sitting a few seats away,” he said.
Commercially available products can allow a moderately computer savvy person to act as a “man in the middle” of a wireless network, Bennett said. Some of these devices are battery operated and small enough to be carried on board easily and allow the person to monitor, “snoop” and modify traffic flowing through the device such as such as e-mail, instant messages and browser sessions.
“Even someone who's security conscious can be easily burned by something like the Pineapple device,” he said. “Once a hacker on the plane finds a way onto your computer, they can implant malware such as Poison Ivy, with which they can take control of your computer, log your keystrokes to learn all of your passwords and provide a backdoor into your computer and access to your data.”
Travelers should take the same precautions you would with every other public network you use, “you’ll just be doing it in a much less comfortable seat at 35,000 feet,” said Parker.
Limit the amount of personal information you have on your portable devices, said Steve Weisman, a Boston lawyer and a lecturer of law, taxation and financial planning at Bentley University in Waltham, Mass. Use the cloud and opt for dual factor authentication which seeks two forms of identification such as a password and an SMS notification to access it.
“What you don't have can't be stolen,” he said. “Remember, even paranoids have enemies.”
--Written by Ellen Chang for MainStreet