{"id":40604,"date":"2015-01-12T15:17:30","date_gmt":"2015-01-12T23:17:30","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=40604"},"modified":"2025-08-17T20:04:31","modified_gmt":"2025-08-18T03:04:31","slug":"gogo-hacking-customers","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/internet-security\/gogo-hacking-customers\/","title":{"rendered":"To Preserve Bandwidth, Gogo Inflight Executes a Man-in-the-Middle Attack"},"content":{"rendered":"

Early last week, Gogo Inflight, a provider of in-flight Internet access for airlines, caught a lot of headlines for a practice that can only be summarized in one word:\u00a0bad. The company is accused of, and admits to, tampering with the communications of its customers and web servers across the world. Gogo claims it did this in order to maintain a suitable service for all passengers. Regardless of its intentions, however, Gogo is guilty of using a method popular among hackers: the\u00a0man-in-the-middle<\/a>\u00a0(MITM) attack.<\/p>\n

A MITM attack is exactly as it sounds: an entity either intercepts, eavesdrops or modifies a message sent between two people or two connections. It\u2019s as if an eavesdropper broke the seal on a letter and changed its contents before passing it on.<\/p>\n

If the Internet were a letter, its wax seal would be the Hypertext Transfer Protocol Secure (HTTPS) standard. A mixture of two protocols, HTTPS is widely deployed to authenticate communications between a user (you) and a website\u2019s server with the complex use of certificates and encryption. When it\u2019s working, you will see a closed lock with \u201cHTTPS\u201d present on the left side of the URL bar\u2014the space used to a type in a website\u2019s address. When something\u2019s wrong, like traffic being rerouted through an unknown server, the lock is replaced with a red \u201cx.\u201d<\/p>\n

That red \u201cx\u201d is how Gogo got caught using a MITM attack. Gogo issued a bogus certificate\u2014the equivalent of a fake ID\u2014in an effort to trick users into thinking they were directly communicating with Google. Instead, Gogo was monitoring these communications and since HTTPS couldn\u2019t verify it was directly communicating with Google (because it was going through Gogo\u2019s servers first) a red \u201cx\u201d appeared.<\/p>\n

Unfortunately for Gogo, Adrienne Porter Felt, a security engineer for Google, noticed the \u201cx\u201d and investigated. The rest, as they say, is\u00a0history<\/a>.<\/p>\n

So why did Gogo try to pose as, or at the very least intercept communications to, Google? The answer,\u00a0according to the company, is because they wanted to block user access to YouTube, a video streaming site that can hog a good deal of valuable bandwidth that allows passengers to send and receive data on a flight.<\/p>\n

In its statement responding to the brouhaha, Gogo said it \u201cutilizes several techniques to limit\/block video streaming,\u201d in its services. Apparently that includes MITM attacks. The company goes on to state that it takes \u201ccustomers privacy very seriously,\u201d and that they \u201cassure customers that no user information is being collected when any of these techniques are being used.\u201d<\/p>\n

We will have to take them at their word. After all, they\u2019re a large company that would very much like to remain in business and avoid being sued into oblivion.<\/p>\n

But hackers often use MITM attacks to steal sensitive information like credit card and Social Security numbers. The technique can also be used to tamper with and modify communications between two parties and to inject malicious software on an unsuspecting user\u2019s computer. In other words, it\u2019s a bad technique to deploy with the intention of simply blocking access to a video-streaming site.<\/p>\n

While Gogo is most certainly not executing on any of the above criminal activities, it is still using a troublesome technique that poses security risks for their customers. By breaking HTTPS, Gogo drastically increases the opportunity for hackers to intercept and record communications.<\/p>\n

How to Protect Yourself Online<\/h2>\n

So what can you do to protect yourself online while in the air? Well, there are a few options:<\/p>\n