Tuesday, April 15, 2008

Taking wireless internet to new heights (like, say 35,000ft)

Let's face it, you love staying connected. You browse the Internet to keep track of your blog and RSS feeds on your cell phone, your laptop, and some of us do it on our fridge - but the one thing that keeps this possible is Internet access. You can get connected to the magical world of the Internet at an airport (in the terminal, underground, wherever), on the road (via 3G wireless technology), and in your house - but until now you couldn't get Internet in an airplane crusising at 30,000 feet... Someone had to do it, so now you will soon be able to surf the Internet while sitting next to the screaming baby and the guy who just can't stop talking to you - that's right - you will by the end of 2008, be able to surf the Internet in-flight! Check this brochure from AirCell out. More details on the service here, but let's ponder this for a moment. OK, simple reality check, in order for this all to work, the plane has to have communications with the ground at broadband speeds, and then has to distribute that access to the in-flight passengers. There are a lot of working parts here so I'll dissect them one by one.

AirCell is using EV-DO (Rev A) technology (just like your cell phone, the newer ones anyway) which peaks at about 3.1Mbps... not too shabby! They're going to cover the "United States coast to coast, border to border", with about 100 ground-base stations, and hand-off between base-stations will be "seamless"... They're also running some sort of encryption between air and ground links but don't state what strength, etc. AirCell states in their tech primer data sheet that the security of the links will equate to other "hotspots" (I'll address this in a minute...).

First, let's address the whole network. From what my brain was able to comprehend there are two systems at work here, both built by AirCell. The main network is the AirCell Axxess network which is the in-cabin system and provides the link to the ground. The Axxess system operates some of the gadgets in the cockpit, as well as some of the comm system (their data sheet mentioned a PBX!?) and other such things - I'm not an expert in avionics so I won't pretend to understand this in full. The AirCell broadband system is what will link through that Axxess system and into the EV-DO ground-to-air system that will provide broadband quality Internet access over 802.11 b/g wireless to the laptop or PDA device.

While I may have some of the finer details wrong (someone from AirCell or the airline industry correct me please?) I have several security concerns here. First off - connecting the cockpit and the users in the back can't possibly be safe. I can't imagine someone purposely "hacking into" a plane's systems to cause themselves and their fellow passengers harm (but I won't put it past people...) I can possibly see a ground-to-plane type hack coming along and wreaking havok. Everything on that plane will be network-addressable, it has to be if you're using IP-based communications... now factor that the AirCell network will likely be as imperfect as every other network out there. This could lead to a recipe for disaster. Now - I'm not all doom and gloom so I think this could also be a wonderful tool as well, on those 5-hour cross-country flights. Of course, here's the kicker, we still won't have a way to keep our laptops from dying out (faster now that we're using WiFi) because they don't give us outlets to plug into for juice!

Here's another way to think about it. If you're read Billy Hoffman's new book on Ajax security (and if you haven't, you should) you know of the example of the hacker-chick in the coffee house being completely anonymous. Now imagine you've got a thousand of these in-the-air wireless hotspots where everyone is anonymous and internet access is cheap. Sure, you have to register and pay (likely with a credit card) but how easy is it to fake that information?

I just hope that these systems have been tested, re-tested, and tested again by some of the bright minds in security these days... otherwise - look out!

As a side note, the AirCell DIU (which I think is a separate air-to-ground communication path for the cockpit) has a "password protected web-based configuration tool"... yikes? Who wants to bet you can XSS or SQL Inject your way to pwning this thing? What sorts of chaos would that cause? Who's tested it?... ... I haven't found that info yet.

AirCell folks - I'd love to have a discussion on the security aspects of your technology... write/call if you get a chance!

No comments:

Google+