Full Disclosure mailing list archives
[NETRAGARD SECURITY ADVISORY] [AirCell GoGo Inflight Internet -- No Encryption ][NETRAGARD-2009042]
From: Netragard Advisories <advisories () netragard com>
Date: Wed, 6 May 2009 21:02:24 -0400
********************** Netragard, L.L.C Advisory* ********************** Penetration Testing - Vulnerability Assessments - Web Application Security
SNOsoft Research Team
------------------------------------------------------------------------------------------------------
http://www.netragard.com -- "The Specialist in Anti-Hacking"
[POSTING NOTICE]
------------------------------------------------------------------------------------------------------
If you intend to post this advisory on your web page please create a
clickable link back to the original Netragard advisory as the contents
of the advisory may be updated. The advisory can be found on the
Netragard website at http://www.netragard.com/
For more information about Netragard visit http://www.netragard.com
[Advisory Information]
------------------------------------------------------------------------------------------------------
Contact : Adriel T. Desautels
Advisory ID : NETRAGARD-20090427
Product Name : GoGo Inflight Internet
Product Version : Unknown
Vendor Name : Aircell LLC.
Type of Vulnerability : No link layer security option
Impact : Varies
Vendor Notified : 20090427
[Product Description]
------------------------------------------------------------------------------------------------------
"As a service of Aircell LLC, Gogo provides all passengers access to the
Internet, email, text messaging and corporate VPNs from the comfort of
their seats while airborne. Aircell has been authorized by the FAA and
FCC to use cellular frequencies for inflight broadband communications,
leading a Wi-Fi revolution 35,000 feet above the ground. Think of it as
a mobile hotspot, equipped with twin turbines and 50,000 lbs of thrust.
Partnering with a variety of carriers, Gogo provides coast-to-coast,
border-to-border connectivity for all passengers. Launching with
American
Airlines in 2008, Gogo will continue to expand, giving everyone the ability to stay in touch, in flight®." Taken From: http://www.gogoinflight.com/jahia/Jahia/site/gogo/companyInfo [Technical Summary] ------------------------------------------------------------------------------------------------------ The GoGo Inflight Internet service does not encrypt wireless connections between GoGo Inflight Internet users ("Users") and the GoGo InflightInternet Wireless Access Points ("WAP"). As a result any Users connection can be intercepted by another user and the data that they transmit can be
stolen or their respective connections can be hijacked. [Impact] ------------------------------------------------------------------------------------------------------ [Impact varies from installation to installation] - Theft of customer data - Access to business networks - Infection of Users computer systems - Theft of personal information - Theft of Social Security Numbers - Theft of Credit Card numbers - Manipulation of in-transit data - etc. [Proof Of Concept] ------------------------------------------------------------------------------------------------------Connect to GoGo Inflight Internet on your next flight and you will see that the connection between your device and the WAP is not encrypted. Connecting
does not require paying for the service, it only requires establishing a connection to the WAP. Important Notes: ------------------------------------------------------------------------------------------------------Because this vulnerability exists at the link layer it is possible for an attacker to defeat or subvert a users SSL based connection. This subversion would enable the attacker to capture credit card information or any other
information submitted over the web. It may also be possible to subvert, defeat or hijack VPN connections as the attacker can interfere with the entire connection process. [Vendor Status and Chronology] ------------------------------------------------------------------------------------------------------ Current Vendor Status: Unable to establish communications with vendor. Chronology: 09/04/2009 07:11:57 PM EST - Vulnerability Discovered 09/27/2009 14:15:53 PM EST - Vendor Notified 04/28/2009 09:18:17 AM EST - Requested vendor feedback via email 04/28/2009 09:19:17 AM EST - Email Read Receipt Received 04/30/2009 11:40:25 AM EST - No response from vendor 04/30/2009 11:41:25 AM EST - Requested vendor feedback via email 04/30/2009 11:46:58 AM EST - Email Read Receipt Received 05/04/2009 09:00:00 AM EST - Began advisory release process No vendor response. [Solution] ------------------------------------------------------------------------------------------------------ Implement WPA2 at the link layer. [Disclaimer]--------------------------------http:// www.netragard.com---------------------------------
Netragard, L.L.C. assumes no liability for the use of the information provided in this advisory. This advisory was released in an effort to help the I.T. community protect themselves against a potentially dangerous security hole. This advisory is not an attempt to solicit business.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [NETRAGARD SECURITY ADVISORY] [AirCell GoGo Inflight Internet -- No Encryption ][NETRAGARD-2009042] Netragard Advisories (May 06)