Fun With Wi-fi Monitoring Above 10000 ft

This was my first time flying on the airplane with Wi-fi service. The service was quite expensive so I did not purchase it.

Instead, I’ve decided to see what I will get if I do some magic using Wireshark. I’ve configured the wi-fi device into monitor mode. (in this mode, I am not connected to any wi-fi access points, and this only reads open communications, to prevent infringing both legal and usage term issues.)

What this provides are communications information between access point and device, and device information. Which means, as long as the devices are turned on with Wi-fi enabled, I would see something about it.

This essentially provided popularity votes on the plane:

  • iOS devices: 46
  • HTC: 1
  • Motorola, Microsoft, Nokia, Asus: 1 each
  • LiteOn: 1 (this seems to be mobile wireless access point, I don’t think it’d be useful inflight…)

Probably a lot of phones were turned off or were in an airplane mode, unless he/she was using the service, so this probably discounts any phone device pretty heavily. But 46 iOS devices… wow.

Something I’ve noticed about security:

  • One should use VPN or SSL while on the public non-secure networks. This is quite obvious.
  • Devices polls for previously connected access points, which means a device actually sends out SSID in plain text. This means, a device is essentially leaking SSID information, some of which I observed was internal networks of some of well known companies, as well as hotel and airport networks. This potentially can be used for social engineering attacks. Companies should use SSID that has no relationship with a company name.
  • Some people use their name as their system name, in which in conjunction with the above, someone can get pretty good idea about where he/she works for, and where he/she has been.