Provider wifi in aircraft injects fake SSL certificate’




Gogo, a provider of inflight Internet in the United States intercepted connections to Google with a fake SSL certificate. Probably this is done to make streaming curtailed. It is unknown whether this always happens and whether other sites are affected.

A member of the security team of Google Chrome noted injecting false certificate when she flew himself. She noted that Gogo own certificate injected with domain names ending in ‘ Therefore, users can no longer trust that they have a secure, direct connection to Google’s servers without Gogo watching.

Google employee suspects that the false certificate is injected to streaming bounds; You can stream music and movies from “But there are better ways to do this,” she wrote on Twitter.

It is not known whether Gogo also generate its own certificate inject links to other sites that much traffic through streaming, such as YouTube and Spotify. Also, it is not known whether Gogo always intercepted traffic, or for example only when the speed of the connection in question is due to streaming, of users. Gogo has not yet responded to the allegations.

It happens often that fake certificates are issued. Technically, if a certificate authority can be found who wishes to participate in: there are no technical measures to prevent the issuing of certificates for other people’s domain names. However, the impact is limited by, among other certificate pinning in Google Chrome: which browser is established in which certificate authorities may issue certificates for different domain names, including those of Google. Gives another certificate authority certificate from Google, then turn the alarm browser, what has happened in this case.


In: Technology & Gadgets Asked By: [15484 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »