Gogo Bug Bounty Program To Secure In-Flight Wi-Fi

The prevalence of in-flight Wi-Fi has grown significantly over the last 12 months, improving the travel experience for millions of flyers around the world. However, it has also possibly introduced a new set of security risks for airlines.

The likelihood of a cyberattack has been disputed but in an attempt to stay one step ahead of the hackers, in-flight internet and entertainment provider Gogo has launched a bug bounty program for both its ground-based public website and its airborne systems.

Researchers will need to be on the look out for security vulnerabilities in the systems – which are used by customers to browse the web, view on-demand video content and watch live TV – with a focus on “ensuring the credit card transaction page is secure.”

Securing the skies

Gogo says its goal for the program is to ensure that “customers and employees are using a secure platform that’s free of security vulnerabilities,” whilst also emphasising the importance of “being pro-active rather than re-active to emerging security issues.”

The company continues: “We appreciate all security concerns brought forth and are constantly striving to keep on top of the latest threats. Every day new security issues and attack vectors are created. Gogo strives to keep abreast on the latest state-of-the-art security developments by working with security researchers and companies. We appreciate the community’s efforts in creating a more secure environment.”

Researchers will have to be physically on a Gogo-equipped aircraft in order to test the airborne systems as the company wants the testing to be as “real world” as possible, so no elevated credentials or data will be provided.

The ‘targets’ are https://.gogoair.com/ (ground-based) and https://.gogoinflight.com/ (airborne) and remediation steps are asked to be included in any bug report.

In May 2016 Gogo signed a deal with British Airways to provide in-flight Wi-Fi for long-haul flights, adding to its existing agreements with Delta and Virgin Atlantic. With the rollout expected to be completed in 2019, Silicon took to the skies to get an early look at the network’s capabilities.

Think you know your transport technology? Try our quiz!