Professional Pilot, May 2018

Guard company privacy by understanding the pitfalls exploited by cyber technology Allowing devices to automatically connect to public WiFi networks increases the chances of a cyber attack that could compromise sensitive information stored in them T oday is just another typical day trip Land at the destination and sit at the FBO for a few hours while the boss and the rest of the management team engage in meetings According to the agenda theres enough time to grab the crew car and see some local sights but theres always a chance the executives will want to leave early As a result the only viable option is mimic the behavior of the other crews in the pilots lounge stake out a spot and try to mitigate the boredom until departure time Its the usual scene A few pilots are ensconced in recliners snoring away while others read the free newspaper and chat with the staff And theres always one whos belief system is diametrically opposed to whatever national news station happens to be on the only television It seems the only respite from the environment is to venture to the place thats become a panacea for the mundane trappings of everyday life the internet 76 PROFESSIONAL PILOT May 2018 Connected to a pineapple A few taps of the smartphone or tablet reveal the names of all the publicly visible WiFi networks in range The industry term for the common name of a network is called a Service Set Identifi er SSID A couple of SSIDs down the list is the name of the FBO followed by the word pilot lounge You connect to the signal but unfortunately instead of connecting to the FBO WiFi network youve connected to a pineapple the slang coined by hackers to describe a fake Wireless Access Point WAP engineered to look like the real one being sought Anything being transmitted passenger names personal data passwords etc is now intercepted and exploited Ironically pineapples were designed to probe Wi Fi networks for vulnerabilities Because of this they can interact with hundreds of devices simultaneously To avoid detection they can be concealed outside of a building and still remain within radio range while on battery power The true intent was eventually subverted and the device is now used as part of a man in the middle attack or one in which the device gets between the legitimate WiFi source and the user If the owner of a Personal Electronic Device PED allows it to automatically connect to public WiFi networks in the background without authorization its an open invitation for a pineapple scam Commonly accessed networks are stored in the PED and categorized as recognized unless the owner overrides the default Pineapples can scan all the SSIDs in the area and rebroadcast a counterfeit version using the identical SSID Because of this capability allowing a device to automatically connect to an often used WiFi signal at a frequently visited FBO or a network at ones own hangar for that matter is no guarantee that the link is not compromised RCs Airborne Data Router Lupita Wilson a marketing manager at ARINCDirect points out why connecting to WiFi through the Rockwell Collins Airborne Data Router ADR on the aircraft is secure Because the WiFi signal is largely constrained to the fuselage an attack using a pineapple in the air or on the ground is more the stuff of a Tom Clancy novel rather than reality Further data between a PED and the ADR is encrypted Nonetheless a potential vulnerability lies in the transition zone when passengers or crew members are walking between the aircraft and the FBO or corporate hangar One trait of a smart router is that it seamlessly switches back and forth between satellite and cellular sources as the aircraft transitions through phases of fl ight Once outside the aircraft if a PED detects a WiFi network whether pineapple or legitimate the device must decide whether to continue to use cellular data or revert to the WiFi network If WiFi is enabled on a PED and set to automatically connect it will join the unencrypted network In that sit FLIGHT DEPT DATA SECURITY Its also a good idea to always be more than a little suspicious By Shannon Forrest President Turbine Mentor ATP CFII Challenger 604 605 Gulfstream IV MU2B