Gogo Inflight Internet Intentionally Issuing Fake SSL Certificates
Gogo Inflight Internet seems to believe that they are justified in performing a man-in-the-middle attack on their users. Adrienne Porter Felt, an engineer that is a part of the Google Chrome security team, discovered while on a flight that she was being served SSL certificates from Gogo when she was requesting Google sites. Looking at the issuer of the certificate, rather than being issued by Google, it was being issued by Gogo.
This presents itself as an extremely unacceptable action by Gogo which serves in-flight internet to a number of different national and international airlines, including Aeromexico, American Airlines, Air Canada, Japan Airlines and Virgin Atlantic, among many others.
Earlier this year, it was revealed through the FCC that Gogo partnered with government officials to produce “capabilities to accommodate law enforcement interests” that go beyond those outlined under federal law. It mentioned how it worked closely with law enforcement and directly baked spyware into their service. If that wasn’t bad enough, based on this revelation, Gogo is now intentionally attacking its users’ browsing sessions to remove any line of defense that a user may have, and based on their history, it cannot be trusted that it is being done for any legitimate reason.