Airport Wifi is [highly likely] actually spying on you

Forums › Travel (planes, train, cruise) › Airport Wifi is [highly likely] actually spying on you

wellygary

8810 posts

Uber Geek
+1 received by user: 5287

#311515 23-Jan-2024 14:51

While this article says "assumed" pretty much all the other media are reporting that the tip off did come from Gatwick's wifi

A British man accused of public disorder after joking about blowing up a flight has gone on trial in Spain.
Aditya Verma made the comment on Snapchat on his way to the island of Menorca with friends in July 2022.

The message, sent before Mr Verma departed Gatwick airport, read: "On my way to blow up the plane (I'm a member of the Taliban)." Mr Verma told a Madrid court on Monday: "The intention was never to cause public distress or cause public harm."

If found guilty, the university student faces a hefty bill for expenses after two Spanish Air Force jets were scrambled.

Mr Verma's message was picked up by the UK security services who flagged it to Spanish authorities while the easyJet plane was still in the air.

A court in Madrid heard it was assumed the message triggered alarm bells after being picked up via Gatwick's Wi-Fi network.

Shortly after, the court was told two Spanish F-18 fighter jets were sent to flank the aircraft.

https://www.bbc.com/news/world-europe-68056421

1 | 2

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#3185524 23-Jan-2024 14:57

Is it spying if you accept the terms and conditions?

wellygary

8810 posts

Uber Geek
+1 received by user: 5287

#3185529 23-Jan-2024 15:17

gehenna:

Is it spying if you accept the terms and conditions?

The legal enforcement of Browse-wrap and click-wrap is still rather fluid,

If you get a great big box that says "we can share stuff with MI5" its probably likely seen as an agreement,

But if its buried in 15 pages of scrollable small print YMMV

Behodar

11095 posts

Uber Geek
+1 received by user: 6074

Trusted

Lifetime subscriber

#3185530 23-Jan-2024 15:23

Does Snapchat not use HTTPS? Or does it swallow certificate errors? A man in the middle attack shouldn't be possible, right?

wellygary

8810 posts

Uber Geek
+1 received by user: 5287

#3185533 23-Jan-2024 15:28

Behodar:

Does Snapchat not use HTTPS? Or does it swallow certificate errors? A man in the middle attack shouldn't be possible, right?

it Shouldn't be... which is why this case is interesting as it appears to show one....

or its wasn't the airport that raised the alarm, but rather the security services ( and 5 eyes partners) that were keyword searching snapchat...

andysh

229 posts

Master Geek
+1 received by user: 16

#3185555 23-Jan-2024 16:24

Behodar:

Does Snapchat not use HTTPS? Or does it swallow certificate errors? A man in the middle attack shouldn't be possible, right?

Thought the same thing when I was reading the article, how was this possible.

Referrals:

Tesla: https://ts.la/andrew897313

Sharesies: https://sharesies.com/r/XRGS77

boosacnoodle

1271 posts

Uber Geek
+1 received by user: 855

#3185691 23-Jan-2024 21:30

If you've ever snooped on the Snapchat app you'll very quickly learn it's all fully encrypted. More likely he posted his Snapchat - inadvertently or otherwise - publicly.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

jnimmo

1098 posts

Uber Geek
+1 received by user: 255

#3185713 23-Jan-2024 22:19

boosacnoodle:
If you've ever snooped on the Snapchat app you'll very quickly learn it's all fully encrypted. More likely he posted his Snapchat - inadvertently or otherwise - publicly.

It’s unfortunate that his assumption this was a tipper from Gatwick wifi has ended up in all the reporting, which is totally implausible. Like you say, either someone saw his message and reported it, or Snapchat may well have mechanisms to detect and notify Police of imminent threats like this.

Tinkerisk

4798 posts

Uber Geek
+1 received by user: 3660

#3185742 24-Jan-2024 06:56

What can I say? Nothing new and it's his own fault. Public internet simply means public internet. Otherwise he would have had to encode the unoriginal joke.

- NET: FTTH & VDSL, OPNsense, 10G backbone, GWN APs
- SRV: 12 RU HA server cluster, 0.1 PB storage on premise
- IoT: thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D: two 3D printers, 3D scanner, CNC router, laser cutter

MurrayM

2502 posts

Uber Geek
+1 received by user: 742

ID Verified

Trusted

Lifetime subscriber

#3185887 24-Jan-2024 14:41

The message, sent before Mr Verma departed Gatwick airport, read: "On my way to blow up the plane (I'm a member of the Taliban)."

Why do people think it's funny to say things like this? In my world this isn't remotely funny.

Wombat1

586 posts

Ultimate Geek
+1 received by user: 409
Inactive user

#3185901 24-Jan-2024 15:07

wellygary:

gehenna:

Is it spying if you accept the terms and conditions?

The legal enforcement of Browse-wrap and click-wrap is still rather fluid,

If you get a great big box that says "we can share stuff with MI5" its probably likely seen as an agreement,

But if its buried in 15 pages of scrollable small print YMMV

This is why I use wireguard to my home network. My phone just switches to it when connecting over any foreign network or LTE. Very handy little app and adds hardly any latency. Nobody can snoop my stuff.

muppet

2642 posts

Uber Geek
+1 received by user: 1660

Trusted

#3185980 24-Jan-2024 16:59

Wombat1:

This is why I use wireguard to my home network. My phone just switches to it when connecting over any foreign network or LTE. Very handy little app and adds hardly any latency. Nobody can snoop my stuff.

I believe some people can snoop your stuff, if they've got reason to do so.

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

PolicyGuy

1820 posts

Uber Geek
+1 received by user: 1769

ID Verified

Lifetime subscriber

#3185992 24-Jan-2024 17:22

muppet:

Wombat1:

This is why I use wireguard to my home network. My phone just switches to it when connecting over any foreign network or LTE. Very handy little app and adds hardly any latency. Nobody can snoop my stuff.

I believe some people can snoop your stuff, if they've got reason to do so.

Actually, if Wombat1 is using a good implementation of end-to-end encryption (Wireguard should be solid) and is using a robust encryption key (IIRC the NZ ISM recommends 16 characters) and neither of the end devices is compromised, then the contents of the communication are actually fairly safe from snooping.

Unless the content of Wombat1's communication is of extreme and urgent interest to the NZ authorities, they are extremely unlikely to even consider deploying the time, effort, computing resources and money to brute force crack the encrypted content of the message.
They will of course have access to the metadata - although they will need an Interception Warrant to get it - and that will probably tell them most of what they want to know.

jnimmo

1098 posts

Uber Geek
+1 received by user: 255

#3185996 24-Jan-2024 17:34

WireGuard aside, Snapchat iOS and Android apps use TLS Certificate Pinning, which means there’s no chance that traffic could be Machine-in-the-Middled over the wire, the app just wouldn’t connect.

muppet

2642 posts

Uber Geek
+1 received by user: 1660

Trusted

#3185998 24-Jan-2024 17:44

@PolicyGuy Yeah, my point was they don't need to break his mobile wireguard if they have a tap on his ISP line. But I didn't make that very clear.

I agree with your points though. With everything being SSL these days it would be DNS (if not also encrypted) and the IP endpoints they'd have to work with.

PolicyGuy

1820 posts

Uber Geek
+1 received by user: 1769

ID Verified

Lifetime subscriber

#3186006 24-Jan-2024 18:08

muppet: @PolicyGuy Yeah, my point was they don't need to break his mobile wireguard if they have a tap on his ISP line. But I didn't make that very clear.

I agree with your points though. With everything being SSL these days it would be DNS (if not also encrypted) and the IP endpoints they'd have to work with.

All they would get from a tap on the ISP connection - for which the Intelligence Services must justify and obtain an Interception Warrant - is metadata, provided you're using proper end-to-end encryption.

I would guess it would be much easier and cheaper to put surveillance on the person of interest, bug their home / office / car, try to insert an undercover agent into the trusted circle, and/or compromise one of the end devices, than it would be to bust decent modern encryption.
But all these "easier & cheaper" alternatives are very, very expensive in time, staffing and money. We do not, thankfully, live in a society where this can be routinely done for more than a tiny number of people - the IGIS Annual Report 2021-22 says that just 39 Interception Warrants were issued against New Zealanders in that financial year

1 | 2