Gogo Inflight Internet May Be Snooping On Its Users

Gogo Inflight Internet, the only way to access the Internet on nine major airlines such as Delta, American, U.S. Airways and Virgin Atlantic, apparently doesn’t think you need secure browsing.

Gogo, it turns out, has been intentionally issuing fake SSL certificates to its Internet users. That’s a pretty big security no-no; such certificates are basically designed to ensure that you’re connecting to a genuine site and not an imposter.

By forging these certificates, Gogo is itself acting as an imposter of sorts. When done with malicious intent, such an act is known as a man-in-the-middle attack—one in which an untrusted third party inserts itself in the middle of your communications to eavesdrop on conversations, copy messages or even interfere with traffic by blocking it or replacing real transmissions with fake ones.

See also: Meet The Internet’s Nasty New “Poodle” Attack

 The compromise was discovered by Adrienne Porter Felt, an engineer on the Google Chrome security team, when she discovered she was being served SSL certificates from Gogo while connecting to Google-owned YouTube during a flight.

Porter Felt tweeted that she believes Gogo is performing this user unfriendly behavior to block streaming video, which Gogo explicitly doesn’t support—although, as Porter Felt noted, “there are better ways to do it.”

She isn’t the only one who thinks so. As Chester Wisniewski, a security expert at Sophos, told me via email: 

Using SSL certificates for traffic shaping is at minimum unconventional and seemingly a pretty terrible idea. The ability to man in the middle someone’s traffic is a serious thing. If you don’t intend on seeing private data, don’t intercept it. I suspect there is more going on here then they are saying.

Gogo denied any ulterior motives in a statement that quoted CTO Anand Chari:

Whatever technique we use to shape bandwidth, it impacts only some secure video streaming sites and does not affect general secure internet traffic. These techniques are used to assure that everyone who wants to access the Internet on a Gogo equipped plane will have a consistent browsing experience… We can assure customers that no user information is being collected when any of these techniques are being used.

But it’s also worth considering that the FCC revealed Gogo has partnered with the government to produce “capabilities to accommodate law enforcement interests” that go above and beyond what is required by law. Gogo’s privacy policy also notes that it collects several kinds of data, like cookies and device identifiers, when customers use its service.

See also: Building A Raspberry Pi VPN Part One: How And Why To Build A Server

Christopher Soghoian, the ACLU’s principal technologist, says Gogo’s ends don’t rationalize its means. “Gogo’s desire to block streaming video sites does not justify impersonating Google to its users,” he said. “This incident serves as yet another reminder of the fact that the certificate authority system, which is an often-overlooked lynchpin of the secure web, is fragile and easy to abuse.”

Photo by Jake Setlak

via Feedbin Starred Entries for mkbriney@gmail.com by ReadWrite

Gogo Inflight Internet May Be Snooping On Its Users

Gogo Inflight Internet, the only way to access the Internet on nine major airlines such as Delta, American, U.S. Airways and Virgin Atlantic, apparently doesn’t think you need secure browsing.

Gogo, it turns out, has been intentionally issuing fake SSL certificates to its Internet users. That’s a pretty big security no-no; such certificates are basically designed to ensure that you’re connecting to a genuine site and not an imposter.

By forging these certificates, Gogo is itself acting as an imposter of sorts. When done with malicious intent, such an act is known as a man-in-the-middle attack—one in which an untrusted third party inserts itself in the middle of your communications to eavesdrop on conversations, copy messages or even interfere with traffic by blocking it or replacing real transmissions with fake ones.

See also: Meet The Internet’s Nasty New “Poodle” Attack

 The compromise was discovered by Adrienne Porter Felt, an engineer on the Google Chrome security team, when she discovered she was being served SSL certificates from Gogo while connecting to Google-owned YouTube during a flight.

Porter Felt tweeted that she believes Gogo is performing this user unfriendly behavior to block streaming video, which Gogo explicitly doesn’t support—although, as Porter Felt noted, “there are better ways to do it.”

She isn’t the only one who thinks so. As Chester Wisniewski, a security expert at Sophos, told me via email: 

Using SSL certificates for traffic shaping is at minimum unconventional and seemingly a pretty terrible idea. The ability to man in the middle someone’s traffic is a serious thing. If you don’t intend on seeing private data, don’t intercept it. I suspect there is more going on here then they are saying.

Gogo denied any ulterior motives in a statement that quoted CTO Anand Chari:

Whatever technique we use to shape bandwidth, it impacts only some secure video streaming sites and does not affect general secure internet traffic. These techniques are used to assure that everyone who wants to access the Internet on a Gogo equipped plane will have a consistent browsing experience… We can assure customers that no user information is being collected when any of these techniques are being used.

But it’s also worth considering that the FCC revealed Gogo has partnered with the government to produce “capabilities to accommodate law enforcement interests” that go above and beyond what is required by law. Gogo’s privacy policy also notes that it collects several kinds of data, like cookies and device identifiers, when customers use its service.

See also: Building A Raspberry Pi VPN Part One: How And Why To Build A Server

Christopher Soghoian, the ACLU’s principal technologist, says Gogo’s ends don’t rationalize its means. “Gogo’s desire to block streaming video sites does not justify impersonating Google to its users,” he said. “This incident serves as yet another reminder of the fact that the certificate authority system, which is an often-overlooked lynchpin of the secure web, is fragile and easy to abuse.”

Photo by Jake Setlak

via Feedbin Starred Entries for mkbriney@gmail.com by ReadWrite

Samsung On Why (And How) Your Future Smart Home Will Probably Be Theirs

At the Consumer Electronics Show on Monday, Samsung Electronics CEO B.K. Yoon talked up his company’s strategy to connect everything in your life. 

“The Internet of Things is ready to go,” he said in his keynote address. Turns out, Samsung’s latest and perhaps boldest IoT campaign is already underway. The not-so-secret ingredients: Its big TV and home appliance business, and its recent acquisition SmartThings, a developer-centric smart home company that works with more than a hundred other products.

See also: Samsung Reveals Its Master Plan To Connect Your Life

Samsung’s already started connecting those dots. Here is its master plan. 

For Samsung, It’s Go Time

Despite Samsung’s flatlining sales in mobile devices, the $211 billion global tech giant sold more than 665 million products last year spanning televisions, refrigerators, ovens, washers and other home appliances, as well as phones and tablets. 

Over the next couple of years, the lion’s share of sales will focus on one thing: “By 2017, 90% of all Samsung products will be IoT devices, and that includes all our televisions and mobile devices,” he said. “And five years from now, every single piece of Samsung hardware will be an IoT device, whether it is an air purifier or an oven.” 

That’s a big leap for the company. Until recently, many of its home products didn’t talk to each other. But over the past few months, its new SmartThings division has been on a tear to integrate modules into Samsung appliances to smarten them up and finally click them together into a cohesive system. Now, the parent company announced that its smart TVs will also be able to act as a hub to monitor or control other home appliances. 

In that way, Samsung could have an edge over Google, with its nascent Nest- (and now Revolv-) based smart home efforts, and Apple, which is still trying to raise an iPhone-controlled army of products through its fledgling HomeKit initiative

Think of it this way: Convincing people to spend money on new, somewhat esoteric items is probably much harder than getting people to explore features their existing products can do. It just sounds like common sense. 

A Galaxy Of Connected Things

Yoon pledged to keep the connected platform open. SmartThings’ openness has been a major reason it became popular among device and software makers. These days, it boasts about 10,000 developers. 

Samsung wants to keep that interest going. “This year, Samsung will invest more than one hundred million dollars in the developer community,” said Yoon, which covers accelerator programs and developer events.

As for SmartThings itself, it has been busy in its own right, said founder Alex Hawkinson. 

In addition to scrambling to integrate its technology into Samsung’s products, the former indie startup debuted a new hub that works through Internet or power outages. It has also been gearing up to roll out SmartThings Premium, a new subscription service for emergency alerts due out in April.  

See also: SmartThings Wants To Make Samsung Work Harder In Your Home

Challenges To Mastering The Internet of Things 

Samsung may be known as an Android device maker and Tizen evangelist, but SmartThings plays no favorites. It works with Android, iOS and Windows Phone, and last month, Hawkinson told me that wouldn’t change anytime soon. Compare that to, say, Apple, whose HomeKit system relies on iPhones and iPads.  

That’s yet another big advantage point, but Samsung’s success isn’t a sure thing yet. In fact, I had doubts about whether the company could pull off a smart home initiative and actually stick with it (some of which still remain). 

There are also two major challenges to overcome: making the system easier to use, and addressing security. 

See also: Intel And Samsung Join Battle Over The Internet Of Things

In my experience testing a SmartThings system, I found it comprehensive, but too complex for the average consumer. As for security—well, Samsung glossed over that on Monday. 

But it’s clear that at least SmartThings takes its connected home security seriously. I looked at its white paper last year, and described the variety of measures it used at the time: 

SmartThings reviews all of its partners’ apps and devices, to make sure they conform to its safety standards, and “handles all security testing to ensure that everything is up to their standards,” says a company spokesperson.

The company’s white paper also outlines numerous protocols—from pin codes and two-factor authentication to firewalls, data encryption and sandboxing, which keeps SmartApps from accessing local system files on its the software’s residing device. It even places its SmartThings hub in a special mode for pairing with Zigbee or Z-wave-enabled devices, to keep potentially malicious devices out.

SmartThings was then a small but rising star in a budding smart home niche of a still nascent Internet of Things movement. Now its system may have more thrown at it than ever before—which can happen when you suddenly become a crucial part of a global corporation’s bid to dominate one of the hottest areas of technology. 

But if those connected dots stay intact and relatively disruption free, Samsung could go from Galaxy maker to a master in the smart home universe. 

Photos by Adriana Lee for ReadWrite

via Feedbin Starred Entries for mkbriney@gmail.com by ReadWrite

Samsung On Why (And How) Your Future Smart Home Will Probably Be Theirs

At the Consumer Electronics Show on Monday, Samsung Electronics CEO B.K. Yoon talked up his company’s strategy to connect everything in your life. 

“The Internet of Things is ready to go,” he said in his keynote address. Turns out, Samsung’s latest and perhaps boldest IoT campaign is already underway. The not-so-secret ingredients: Its big TV and home appliance business, and its recent acquisition SmartThings, a developer-centric smart home company that works with more than a hundred other products.

See also: Samsung Reveals Its Master Plan To Connect Your Life

Samsung’s already started connecting those dots. Here is its master plan. 

For Samsung, It’s Go Time

Despite Samsung’s flatlining sales in mobile devices, the $211 billion global tech giant sold more than 665 million products last year spanning televisions, refrigerators, ovens, washers and other home appliances, as well as phones and tablets. 

Over the next couple of years, the lion’s share of sales will focus on one thing: “By 2017, 90% of all Samsung products will be IoT devices, and that includes all our televisions and mobile devices,” he said. “And five years from now, every single piece of Samsung hardware will be an IoT device, whether it is an air purifier or an oven.” 

That’s a big leap for the company. Until recently, many of its home products didn’t talk to each other. But over the past few months, its new SmartThings division has been on a tear to integrate modules into Samsung appliances to smarten them up and finally click them together into a cohesive system. Now, the parent company announced that its smart TVs will also be able to act as a hub to monitor or control other home appliances. 

In that way, Samsung could have an edge over Google, with its nascent Nest- (and now Revolv-) based smart home efforts, and Apple, which is still trying to raise an iPhone-controlled army of products through its fledgling HomeKit initiative

Think of it this way: Convincing people to spend money on new, somewhat esoteric items is probably much harder than getting people to explore features their existing products can do. It just sounds like common sense. 

A Galaxy Of Connected Things

Yoon pledged to keep the connected platform open. SmartThings’ openness has been a major reason it became popular among device and software makers. These days, it boasts about 10,000 developers. 

Samsung wants to keep that interest going. “This year, Samsung will invest more than one hundred million dollars in the developer community,” said Yoon, which covers accelerator programs and developer events.

As for SmartThings itself, it has been busy in its own right, said founder Alex Hawkinson. 

In addition to scrambling to integrate its technology into Samsung’s products, the former indie startup debuted a new hub that works through Internet or power outages. It has also been gearing up to roll out SmartThings Premium, a new subscription service for emergency alerts due out in April.  

See also: SmartThings Wants To Make Samsung Work Harder In Your Home

Challenges To Mastering The Internet of Things 

Samsung may be known as an Android device maker and Tizen evangelist, but SmartThings plays no favorites. It works with Android, iOS and Windows Phone, and last month, Hawkinson told me that wouldn’t change anytime soon. Compare that to, say, Apple, whose HomeKit system relies on iPhones and iPads.  

That’s yet another big advantage point, but Samsung’s success isn’t a sure thing yet. In fact, I had doubts about whether the company could pull off a smart home initiative and actually stick with it (some of which still remain). 

There are also two major challenges to overcome: making the system easier to use, and addressing security. 

See also: Intel And Samsung Join Battle Over The Internet Of Things

In my experience testing a SmartThings system, I found it comprehensive, but too complex for the average consumer. As for security—well, Samsung glossed over that on Monday. 

But it’s clear that at least SmartThings takes its connected home security seriously. I looked at its white paper last year, and described the variety of measures it used at the time: 

SmartThings reviews all of its partners’ apps and devices, to make sure they conform to its safety standards, and “handles all security testing to ensure that everything is up to their standards,” says a company spokesperson.

The company’s white paper also outlines numerous protocols—from pin codes and two-factor authentication to firewalls, data encryption and sandboxing, which keeps SmartApps from accessing local system files on its the software’s residing device. It even places its SmartThings hub in a special mode for pairing with Zigbee or Z-wave-enabled devices, to keep potentially malicious devices out.

SmartThings was then a small but rising star in a budding smart home niche of a still nascent Internet of Things movement. Now its system may have more thrown at it than ever before—which can happen when you suddenly become a crucial part of a global corporation’s bid to dominate one of the hottest areas of technology. 

But if those connected dots stay intact and relatively disruption free, Samsung could go from Galaxy maker to a master in the smart home universe. 

Photos by Adriana Lee for ReadWrite

via Feedbin Starred Entries for mkbriney@gmail.com by ReadWrite

Samsung On Why (And How) Your Future Smart Home Will Probably Be Theirs

At the Consumer Electronics Show on Monday, Samsung Electronics CEO B.K. Yoon talked up his company’s strategy to connect everything in your life. 

“The Internet of Things is ready to go,” he said in his keynote address. Turns out, Samsung’s latest and perhaps boldest IoT campaign is already underway. The not-so-secret ingredients: Its big TV and home appliance business, and its recent acquisition SmartThings, a developer-centric smart home company that works with more than a hundred other products.

See also: Samsung Reveals Its Master Plan To Connect Your Life

Samsung’s already started connecting those dots. Here is its master plan. 

For Samsung, It’s Go Time

Despite Samsung’s flatlining sales in mobile devices, the $211 billion global tech giant sold more than 665 million products last year spanning televisions, refrigerators, ovens, washers and other home appliances, as well as phones and tablets. 

Over the next couple of years, the lion’s share of sales will focus on one thing: “By 2017, 90% of all Samsung products will be IoT devices, and that includes all our televisions and mobile devices,” he said. “And five years from now, every single piece of Samsung hardware will be an IoT device, whether it is an air purifier or an oven.” 

That’s a big leap for the company. Until recently, many of its home products didn’t talk to each other. But over the past few months, its new SmartThings division has been on a tear to integrate modules into Samsung appliances to smarten them up and finally click them together into a cohesive system. Now, the parent company announced that its smart TVs will also be able to act as a hub to monitor or control other home appliances. 

In that way, Samsung could have an edge over Google, with its nascent Nest- (and now Revolv-) based smart home efforts, and Apple, which is still trying to raise an iPhone-controlled army of products through its fledgling HomeKit initiative

Think of it this way: Convincing people to spend money on new, somewhat esoteric items is probably much harder than getting people to explore features their existing products can do. It just sounds like common sense. 

A Galaxy Of Connected Things

Yoon pledged to keep the connected platform open. SmartThings’ openness has been a major reason it became popular among device and software makers. These days, it boasts about 10,000 developers. 

Samsung wants to keep that interest going. “This year, Samsung will invest more than one hundred million dollars in the developer community,” said Yoon, which covers accelerator programs and developer events.

As for SmartThings itself, it has been busy in its own right, said founder Alex Hawkinson. 

In addition to scrambling to integrate its technology into Samsung’s products, the former indie startup debuted a new hub that works through Internet or power outages. It has also been gearing up to roll out SmartThings Premium, a new subscription service for emergency alerts due out in April.  

See also: SmartThings Wants To Make Samsung Work Harder In Your Home

Challenges To Mastering The Internet of Things 

Samsung may be known as an Android device maker and Tizen evangelist, but SmartThings plays no favorites. It works with Android, iOS and Windows Phone, and last month, Hawkinson told me that wouldn’t change anytime soon. Compare that to, say, Apple, whose HomeKit system relies on iPhones and iPads.  

That’s yet another big advantage point, but Samsung’s success isn’t a sure thing yet. In fact, I had doubts about whether the company could pull off a smart home initiative and actually stick with it (some of which still remain). 

There are also two major challenges to overcome: making the system easier to use, and addressing security. 

See also: Intel And Samsung Join Battle Over The Internet Of Things

In my experience testing a SmartThings system, I found it comprehensive, but too complex for the average consumer. As for security—well, Samsung glossed over that on Monday. 

But it’s clear that at least SmartThings takes its connected home security seriously. I looked at its white paper last year, and described the variety of measures it used at the time: 

SmartThings reviews all of its partners’ apps and devices, to make sure they conform to its safety standards, and “handles all security testing to ensure that everything is up to their standards,” says a company spokesperson.

The company’s white paper also outlines numerous protocols—from pin codes and two-factor authentication to firewalls, data encryption and sandboxing, which keeps SmartApps from accessing local system files on its the software’s residing device. It even places its SmartThings hub in a special mode for pairing with Zigbee or Z-wave-enabled devices, to keep potentially malicious devices out.

SmartThings was then a small but rising star in a budding smart home niche of a still nascent Internet of Things movement. Now its system may have more thrown at it than ever before—which can happen when you suddenly become a crucial part of a global corporation’s bid to dominate one of the hottest areas of technology. 

But if those connected dots stay intact and relatively disruption free, Samsung could go from Galaxy maker to a master in the smart home universe. 

Photos by Adriana Lee for ReadWrite

via Feedbin Starred Entries for mkbriney@gmail.com by ReadWrite