
How to get Gogo in-flight wireless internet for free - TheSwordsman
http://outkastz.com/gogo-in-flight-wireless-internet-free/
======
bangbang
The researcher rubs me the wrong way for a few reasons:

1\. 15 days for a major company not nearly enough to remedy this issue.

2\. The activity log reads like a ransom timeline. This isn't some l33t hacker
exploit it's simple session hijack and mac spoof. You're not owed anything for
finding this.

Anyone that tries this could tread carefully. If you get caught (chances are
slim), it wouldn't be hard to convince a jury that you're hacking an airborne
plane's network.

<fun hearted bit of sarcasm> Did you know a bathroom lock is woefully
insecure!?! Time to hold the government ransom about this exploit and collect
my millions. If they don't pay, I'll post it on the internet. </sarcasm>

~~~
mdp
Yep, yet another Gogo "exploit" disclosure. This one is actually quite
pathetic.

Here's my security disclosure for the day:

You can walk out of most stores without paying for their merchandise if you
hide it in your pocket.

Which vendor do I talk to about getting paid for this information?

------
jrnkntl
No tools needed:

    
    
      `arp -a`
    

followed by

    
    
      `sudo ifconfig en0 ether $macaddress`
    

should be enough. You'd be surprised on how many paid-for hotspots this
actually works (ethical issues aside).

~~~
NoodleIncident
I haven't gotten TFA to load yet. Is this the same thing? What exactly does
this do?

~~~
jrnkntl
arp:
[http://www.freebsd.org/cgi/man.cgi?query=arp&sektion=8](http://www.freebsd.org/cgi/man.cgi?query=arp&sektion=8)

 _arp -a_ gives you a list of other connected devices on the network with
their IP and mac address. For a paid-for hotspot this usually means devices
that have paid for access and are active.

the _ifconfig_ command changes your mac address into one of the chosen above;
the AP thinks you're one of the earlier connected devices and gives you access
to the internet.

~~~
NoodleIncident
Thanks for the explanation.

The network I'm on has a bunch of people connected, but `arp -a` only prints
one line. Is this the access point isolation the article refers to?

Also, why do they bother replaying the session, if changing the mac address is
all that it takes?

------
enobrev
I was recently disappointed by the huge price hike of gogo in flight. It's
been $10 for a flight for quite some time now which I'd felt was perfectly
fair considering the quality. On my recent flight to NYC for work and play it
was $10 per hour which essentially amounts to a 5x increase. I grabbed it for
2 hours and it was just as bad as always. Fine for email and Facebook but
unideal for pushing a significant commit on a large git repo.

On the way home I just didn't bother since I'd spent my whole air-fi budget at
the beginning of the trip.

Just seemed like an enormous and unfair price hike for a product that hasn't
improved whatsoever.

~~~
arn
They have a $14 all day pass, which is what I get, since I usually have to
change planes when going to the west coast.

[http://www.gogoair.com/gogo/listAllProducts.do](http://www.gogoair.com/gogo/listAllProducts.do)

~~~
enobrev
Interesting. My memory is a bit hazy, but I assume their all-day pass either
wasn't available, easy to find, or that price. I only say that because I've
purchased an all-day pass for a multi-leg flight in the past, so there must
have been good reason for me not to use it this time. Or it could be as simple
as grogginess from catching a 7am flight.

~~~
sjm-lbm
FWIW, they've changed the menu - there's still a "Flight Pass" that's within a
dollar or two of what it's always been, but you have to do some more hunting
to find it. It's annoying, because every flight now I spend a few minutes
paranoid that they removed the option that I'm looking for.

------
jws
This looks like it dups a paying customer's IP and MAC addresses. Does that
work if both devices are running at the same time? I was under the impression
TCP didn't like that.

~~~
biondim
Agreed, you're basically someone else's session who did the right thing and
paid up. I fail to understand why anyone with a decent moral compass would
want to do this.

~~~
dale386
This will be exploited by people _without_ a moral compass. What are you
trying to get at? The author isn't suggesting this as a life hack for free
internet, he's just showing that it can be done.

~~~
sambeau
_" The author isn't suggesting this as a life hack for free internet"_

The HN Title is _(I can 't see the actual article as the machine is hosed)_:

    
    
      "How to get Gogo in-flight wireless internet for free"
    

and the URL is

    
    
      gogo-in-flight-wireless-internet-free
    

Both of which, I would suggest, propose an article about "How to get internet
for free", specifically "How to get Gogo in-flight wireless internet for
free".

Or am I missing something?

~~~
cac04
> Or am I missing something?

Yes, you're missing something. The article is a disclosure of a security
vulnerability that has already been reported to the company responsible,
including notice that it would be published and a request for confirmation
that it has been fixed. (Edit: but your response is reasonable - I can see how
the article title is misleading.)

------
wesbos
Gogo offers free internet to Blackberry users.

Just change your User Agent (via chrome dev tools) to blackberry. Authenticate
and you have free internet!

------
JaggedJax
Here's a completely different solution to using Gogo for free that doesn't
involve piggy-backing on someone else's purchase:
[http://www.bryceboe.com/2012/03/12/bypassing-gogos-
inflight-...](http://www.bryceboe.com/2012/03/12/bypassing-gogos-inflight-
internet-authentication/)

------
sigil
Has anyone else noticed that Gogo shows higher prices to mobile phones? That
seriously pisses me off.

The fact that none of my mobile browsers can change the user agent string
pisses me off even more.

~~~
rohansingh
In fact I've always had the opposite experience — that the smartphone-only
plan costs less.

~~~
pyre
Maybe it presents a higher cost to iPhone/iPad users?

------
616c
For anyone who is not played with Dsploit (the network exploitation and
analysis tool mentioned in the article), it is fantastic. I followed it in its
early days on XDA, where the developer relentlessly answered all user
questions, patched bugs, took in many features requests, and genuinely kicked
ass.

I respect that dev a lot. I hope other people show his some love.

------
justinsb
How can MAC spoofing be stopped?

All the counter-measures I can think of seriously degrade the experience. I
can think of approaches that work for HTTP, for example, but I can't see how
you would allow e.g. SSH while preventing MAC spoofing.

~~~
gonzo
> How can MAC spoofing be stopped?

802.1x

~~~
justinsb
Can you explain a bit about how this would work here (i.e. for Gogo)?

------
bobf
Lots of people have known this for quite a while - nothing new to see here.
Here's a blog post by a friend of mine, from 2007 ("Bypass a wifi captive
portal"), which includes an example of a script to handle it all:
[http://www.semicomplete.com/blog/2007/Aug/11](http://www.semicomplete.com/blog/2007/Aug/11)

The basic idea is as follows:

1) ping the broadcast/multicast addresses to quickly fill the arp cache

2) change your mac address to that of the detected nodes

3) see if you can access the internet now [repeat step #2-3 until you can]

------
kefka
Oh well. I have a ping tunnel on my VPS. I also run a DNS-tunnel.

I can get past pretty much any "pay me money for internet" lock. Of course,
that makes me a bad netizen.

------
cybernoodles
Although the prices are a bit over the top, I can respect GoGo's customer
support. A while back I reported to them how I was able to gain access to
Facebook and Youtube almost effortlessly and they gave me two free coupons for
unlimited in-flight WiFi as a token of appreciation. I would have informed
them directly of this and awaited a response. They appeared to be pretty good
at responding to my inquiries.

------
KeepTalking
The price hike has been very disappointing and actually biz killing. 10$ for a
flight was a smooth price point while 10$ per hr is atrocious.

------
pilom
What is proper etiquette for responsible disclosure?

Hacker: "I'm publishing on the 15th."

Vendor: "We'd like to see your post first"

Hacker: "Ok, here you go"

15th comes and goes

Hacker: "Hey any response?"

Hacker: "Ok its the 18th... I'm publishing"

Is this how this usually works? Or how it should work?

~~~
mason55
A full month of notification is plenty. If the vendor acknowledges you and
tells you they're working on it and asks you to hold off then that's one
thing, but if they basically ignore you for a month then you've done your
part. Especially with an exploit like this, you're not opening up access to
PII, although it sounds like you are opening the window to possible fraudulent
charges.

~~~
lawnchair_larry
No, disclosure timelines only make sense if the public is at risk. There is
nothing like that here. The outcome is gogo not getting paid. This is just
grandstanding a fairly unsophisticated bug in their service. The end result is
that gogo will end up with more money.

~~~
mason55
_> disclosure timelines only make sense if the public is at risk_

The post says that fraudulent charges can be made without a password or credit
card number by using this exploit.

I would bet that you can access account info as well which means there is some
PII leaking. I would consider PII + fraudulent transactions to be a step above
gogo losing oney.

------
anonu
stealing a sub-par product is no fun.

~~~
swalsh
YOU HAVE INTERNET ON A PLANE IN THE AIR TRAVELLING HUNDREDS OF MILES PER HOUR!
What more do you want?

~~~
forgottenpass
_What more do you want?_

People to stop treating recent progress like the rediscovery of fire. Or that
future incremental progress is anything other than an inevitability.

Its like telling someone 100 years ago that the very notion of airtravel at
all is unreasonable because YOU HAVE THE GERM THEORY OF DISEASE!

~~~
goostavos
Amen!

I tell you, that Louis CK bit was the worst thing to happen to modern
technology discussion..

------
ryanmcdonough
& in a few days patched.

