Gogo inspects secure Web traffic in attempt to limit in-flight video streaming
In-flight Internet provider Gogo is inspecting its users’ traffic exchanged with secure sites by replacing those sites’ HTTPS certificates with self-signed ones.
The company argues that this procedure, which is technically a man-in-the-middle (MitM) attack, is only performed for some video streaming sites as part of its efforts to limit or block the use of such services.
The issue came to light after Adrienne Porter Felt, an engineer and researcher with Google’s Chrome security team, noticed a rogue HTTPS certificate when she tried to access youtube.com via Gogo’s Wi-Fi service during a flight.
Porter Felt posted a screen shot of the certificate issued by Illinois-based Gogo on Twitter asking the company why it had replaced YouTube’s real certificate. Her message sparked criticism of Gogo from other users.