Gogo, one of the largest providers of in-flight Internet service, has been issuing fake SSL certificates, leading some to accuse the company of launching man-in-the-middle attacks on its own users. But Gogo says its fake certificates are meant mainly to throttle bandwith-heavy video streaming.
Google security engineer Andrienne Porter Felt first discovered the SSL certificate issue during a recent flight while trying to use YouTube and other Google sites — noticing that the SSL certificate was not issued by Google, but rather by Gogo. She publicly called out Gogo about her finding, tweeting, “Hey, @Gogo, why are you issuing *.google.com certificates on your planes?”
— Adrienne Porter Felt (@__apf__) January 2, 2015
A man-in-the-middle attack is used to intercept communications between two systems. But while Gogo confirmed to VentureBeat that it has been issuing fake SSL certificates during users’ in-flight sessions, a company spokesperson said the purpose has mainly been to restrict those users from streaming video.
In a statement, Gogo CTO Anand Chari said that “Gogo takes our customer’s privacy very seriously and we are committed to bringing the best internet experience to the sky. Right now, Gogo is working on many ways to bring more bandwidth to an aircraft. Until then, we have stated that we don’t support various streaming video sites and utilize several techniques to limit/block video streaming.”
One of the concerns about Gogo’s issuing the fake SSL certificates is that the company may be working with law enforcement and using its ability to intercept users’ activities to forward information to the authorities.
But the company said that’s not true, and that any use of the fake certificates is aimed at ensuring that all users have the best-possible browsing experience.
“We can assure customers that no user information is being collected when any of these techniques are being used. They are simply ways of making sure all passengers who want to access the Internet in flight have a good experience,” Chari’s statement said.