[plastiquebeech]

Not surprising, airplane wifi has always been ridiculously insecure.

Back in the day, when it was first rolling out, you could (theoretically ofc) join the plane's network and scan for MAC addresses, then clone someone else's for free access.

I think the authentication is a bit more sophisticated these days, but it's clear that these providers treat security as an afterthought. At least the one in the article had a bug bounty program and responded quickly, I guess.

Unrelated, I think it's funny that the AI artist put a little picture of a house on the airplane's interior wall in the article's header image. Maybe plane trips would be more bearable if the cabins didn't look like a utopian abbatoir's waiting room.

[lxgr]

> Back in the day, when it was first rolling out, you could (theoretically ofc) join the plane's network and scan for MAC addresses, then clone someone else's for free access.

Given that the MAC address is the only thing the access point has to tie your packets to a (paid) session in an unencrypted network, I'd expect this to still work today, or am I missing anything?

OWE [1] might help in this scenario (if it‘s possible to reliably bind that to a login session somehow), but that's pretty new, and given how long upgrade cycles on airplane hardware are, I wouldn't count on seeing that within the next couple of years.

[1] https://en.wikipedia.org/wiki/Opportunistic_Wireless_Encrypt...