I refuse to believe that anything important for flying the plane is actually hooked up to the system providing Netflix to passengers.
People do get nervous, and in theory you could probably break some kind of informational system utility if you kernel panic the box that booms up to the satellite receiver, but unless you're trying to get root on the plane's routers I don't believe there's a need to feel brave.
The braver part is publishing the results of this stuff online under your own name.
yeah, you're not interfering with anything flying the plane through the IFE system, and it won't be the same bandwidth they use for comms either (there might be some semi-sensitive passenger information stored on the in-flight server, but entirely different techniques would be needed to bypass whatever security that's wrapped in).
But "hacking" on an aircraft isn't going to be looked on particularly sympathetically by courts
I wouldn’t expect that either given the little that I know about the rigorous software requirements for aviation.
But I assume that neither of us has anywhere near enough expertise to “refuse” to believe that any computer/software system could be used in dangerously absurd ways even accidentally.
If you move to an empty seat to prevent WiFi signal strength triangulation, and assuming the cabin has no cameras, you didn't auth to the network with identifiable information, actually encrypt your Xray proxy connection (which OP didn't), and you have MAC randomization on, there's next to no way the airliner would be able (or even care) to identify that you did what was described in the article. Sure, they could use DPI and behavioral analysis to detect you were misusing the network, but if they're doing that, they would just block this sort of "backdoor" from the get-go.
I'll echo the article's disclaimer:
This reply is intended solely for educational and research purposes. I affirm the strict adherence to all relevant regulations and service terms.
I highly doubt any airline staff are on your flight (or even remotely) counter-hacking one in a billion passengers messing around with the in-flight WiFi. That $30.75 they're not getting doesn't justify anyone looking into it.
Plus, the free tier is usually set to a very low QoS such that chat is pretty much the only thing you'd bother doing. Short videos will download in a reasonable amount of time but on average, the actual data rate is small. There's only so much bandwidth available and they want to make the $30 somewhat of a value for those needing full Internet access. One person absolutely saturating the limited bandwidth allowed for the free tier is not going to make much of a difference for everyone else but it could be an issue if everyone was doing it (like if a VPN was all that was required to bypass the restrictions).
I once merely mentioned the words “Heart Attack” on a plane and was kicked off by the flight attendants. No context, they just heard the words and forced me off.
There are things that trigger them because of laws and regulations like mentioning “bomb” (even if you’re describing something fantastic).
So messing with the gogo flight entertainment is up there with flirting with terrorism charges.
I'm pretty "curious" when it comes to public networks. I'll scan coffee shops, stadiums, hotels, bus hotspots, anything I can connect to. Some networks are set up well, others not so much.
I would never in a thousand years run a sweep on an airplane network. That's massively risky, to the point you might never be allowed on a jet again. Anything to do with aviation I am on my absolute best behaviour.
The router is 100% separated from the rest of the plane, and has a fuse on the power. You can't really mess anything up and the only chance of you getting caught is if you somehow manage to ddos the network.
The fun thing to do on the plane is clone the wifi and add an option to log in with google or meta or apple credentials....
Without commenting on the appropriateness of what they did, the author doesn't say they did anything like a sweep. It looks like they were manually poking a few things with dig and ping, not firing up nmap.
Circumventing security on a network, on a plane, is definitely up there regardless if you sweeped or not. IANAL but that could put you in DHS crosshairs.
The exaltation displayed in this discussion thread is something everyone should ponder about. Some stupidity specific to certain era and place on Earth, just another tumour of uncontrolled bureaucracy which always grows, is discussed as some eternal property of God-given Universe.
Hijacked plane is a popular media spectacle with lots of ties to other images and scenes. Millions are ready to discuss it, or listen to the thrilling stories. “This is important for security!” is a shazam in that context. At the same time, much closer and routine dangers directly affecting many people (power plants, refineries, railroads and so on) are kept in check by underpaid workers who can't even make companies fix sensors or replace something until it is rusted through. Effectively, “this is not important for anything”, nor public is interested in TV shows about working pipeline that is not getting blown up. Those who want money and power naturally stick to impressions that work for the crowd they are given.
Propaganda is most successful when people do the required thing on their own, agree that it's absolutely impossible to evade, and even encourage each other. Something in this day and age makes people themselves adore certain forms of propaganda, and even demand to be told specific lies. Among other things, images of stupid social machines crushing someone (“they'll put you on the list”, etc.) seem to weirdly stimulate the crowd.
Even in so-called globalised world there are examples that crack the habituation. In country A, any big gathering of people needs to be formally approved, supplied with hordes of policemen (thankfully, not tanks), fences (thankfully, not barbed wire), entrance searches (thankfully, without stripping). When you ask anyone about that, they promptly respond with “What if terrorists/enemies decide to attack the crowd?” or “What if they start to riot?” (notice that “they”), etc. Even most obvious security theatre acts are automatically accepted with promotion to “psychological stuff that helps to detect those people in the crowd”. In country B, no less “civilised”, the same event is handled by some private company that is mostly worried about portable toilets or electric generators, and people come freely to the venue if they like it (just buy the ticket).
The odds of something wrong happening are roughly the same, but people reason about themselves and those around them very differently. That mental picture of the world shapes the thing that happens, not the alleged expert opinions or calculations.
i appreciated this comment, even though it downplays real pragmatic concerns. from a security perspective, should getting on an airplane (especially for domestic flights) really be all that different from getting on a bus? are the potential outcomes different enough to justify the differences in security measures?
I agree, this sounds a bit too stretched. Or maybe they were looking for any excuse under the sun to get someone off what could have been an overbooked flight. But just saying the two words "heart attack" would not be enough
I had ran to my connecting flight, got on as the doors were about to close up (there were a few people still coming, also running).
I sat down, huffing from the run, I asked the flight attendant for a quick sip of water. I said this:
“Excuse me, sorry to bother you but I just had to run to catch the flight, can I get a sip of water? I’m gonna have a heart attack and die of thirst.” Jokingly but still huffing from the run. The captain heard it. Said a few words to another flight attendant, and off the flight I went.
Hindsight, I shouldn’t have made the comment and should have just gone to the restroom but… lesson learned. Southwest got me on a flight 45 minutes later to get home.
Imagine if anything essential/of value/useful was exposed on the passengers WiFi, this story could have been a huge scoop. But alas, everything is heavily separated.
People do get nervous, and in theory you could probably break some kind of informational system utility if you kernel panic the box that booms up to the satellite receiver, but unless you're trying to get root on the plane's routers I don't believe there's a need to feel brave.
The braver part is publishing the results of this stuff online under your own name.