Gogo uses rogue SSL certificates to block customers access to streaming video

I’m not a fan of in-flight Wi-Fi. I like the concept, but it costs too much for what you get. Now that I know that Gogo is also using rogue SSL certificates in a sort of man-in-the-middle attack to block access to certain sites, I am even less likely to spend any money on the service.

I wrote about the shady Gogo behavior in this blog post:

Gogo—a provider of in-flight Wi-Fi service on commercial airlines—admitted publicly that it is using fake SSL certificates for a man-in-the-middle attack that enables it to block customer access to certain sites. The admission is cause for concern on a couple levels, and undermines the public trust in SSL certificates at all.

The issue was initially made public thanks to a Google engineer who had issues playing a Youtube video while using the Gogo in-flight Wi-Fi. She noticed that the SSL certificate being used was not the legitimate SSL certificate for Youtube, but was instead a rogue certificate issued to Gogo.

Gogo CTO Anand Chari issued a statement explaining, “Gogo takes our customer’s privacy very seriously and we are committed to bringing the best internet experience to the sky. Right now, Gogo is working on many ways to bring more bandwidth to an aircraft. Until then, we have stated that we don’t support various streaming video sites and utilize several techniques to limit/block video streaming. One of the recent off-the-shelf solutions that we use proxies secure video traffic to block it. Whatever technique we use to shape bandwidth, it impacts only some secure video streaming sites and does not affect general secure internet traffic. These techniques are used to assure that everyone who wants to access the Internet on a Gogo equipped plane will have a consistent browsing experience.”

Chari goes on to stress that no customer information is being intercepted or collected, and that the man-in-the-middle attack is used strictly to allow Gogo to prevent customers from consuming excessive bandwidth by visiting streaming video sites in flight.

Check out the full story on CSOOnline: Gogo abuses certificate trust to limit access for in-flight Wi-Fi customers.

• About
• Latest Posts

Tony Bradley

Editor-in-Chief at TechSpective

I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Twitter, Facebook, Instagram and LinkedIn.

Latest posts by Tony Bradley (see all)

• Unpacking the Marketing Challenges of Small Businesses in 2024 - April 23, 2024
• Navigating the Rising Tide of Phishing and BEC Threats - April 23, 2024
• Streamline Security with AI and Dynamic Detection Analysis - April 22, 2024