TY - GEN
T1 - Cloud Nine Connectivity
T2 - 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2025
AU - Ishtiaq, Abdullah Al
AU - Anwar, Raja Hasnain
AU - Chandio, Yasra
AU - Anwar, Fatima Muhammad
AU - Hussain, Syed Rafiul
AU - Raza, Muhammad Taqi
N1 - Publisher Copyright:
© 2025 ACM.
PY - 2025/6/30
Y1 - 2025/6/30
N2 - In-flight Wi-Fi provides high-speed Internet connectivity to travelers at 30,000 feet at premium fees. In this paper, we present the first systematic study of the architecture and security policies of in-flight Wi-Fi paywall systems using network tomography analysis. We discover that attackers can exploit the inherent architectural shortcomings of airborne networks to create covert channels and conceal data packets within certain ''always-Allowed'' traffic for free Internet access. Moreover, broken device authentication policies in these systems allow unlimited complimentary Internet connectivity. Finally, insecure ARP policies allow attackers to steal paid users' bandwidth to access the free Internet even faster. We validate these issues in practice over two major in-flight Wi-Fi providers using common protocols, e.g., UDP, DNS, etc. We also find that the root causes of these issues stem from different design choices in the architectures of these systems and propose countermeasures to address these flaws and prevent similar attacks.
AB - In-flight Wi-Fi provides high-speed Internet connectivity to travelers at 30,000 feet at premium fees. In this paper, we present the first systematic study of the architecture and security policies of in-flight Wi-Fi paywall systems using network tomography analysis. We discover that attackers can exploit the inherent architectural shortcomings of airborne networks to create covert channels and conceal data packets within certain ''always-Allowed'' traffic for free Internet access. Moreover, broken device authentication policies in these systems allow unlimited complimentary Internet connectivity. Finally, insecure ARP policies allow attackers to steal paid users' bandwidth to access the free Internet even faster. We validate these issues in practice over two major in-flight Wi-Fi providers using common protocols, e.g., UDP, DNS, etc. We also find that the root causes of these issues stem from different design choices in the architectures of these systems and propose countermeasures to address these flaws and prevent similar attacks.
UR - https://www.scopus.com/pages/publications/105012101984
UR - https://www.scopus.com/pages/publications/105012101984#tab=citedBy
U2 - 10.1145/3734477.3734713
DO - 10.1145/3734477.3734713
M3 - Conference contribution
AN - SCOPUS:105012101984
T3 - WiSec 2025 - Proceedings of the 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks
SP - 76
EP - 87
BT - WiSec 2025 - Proceedings of the 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks
PB - Association for Computing Machinery, Inc
Y2 - 30 June 2025 through 3 July 2025
ER -