How to “Hack” Gogo Inflight Wireless on Alaska Airlines for free internet… even if you don’t have T-Mobile

How to “Hack” Gogo Inflight Wireless on Alaska Airlines for free internet… even if you don’t have T-Mobile

Image for postYep, free for you and me

I?m not a hacker, and I?m not one of those ethical pen testers either. I took a look at some of those online courses and realized that it?s all Kali hacking windows boxes. I didn?t have the patience to sit through 100 hours of someone telling me how to break into a windows box. That?s so boring.

That said, I do exist in a strange world, one where I look for data, collect that data, and I try and make sense of it. There is part of it that is hacking, and another part that is Data Science? I guess I call it, ?looking for the shortcuts that give me the map as to what the engineer or the company was doing?. Those shortcuts allow me to grab the data I am looking for, to chop it up, throw out the garbage, and figure out what is really happening, both with the data and with the company. Maybe the company or app made a mistake with their API and they don?t use tokens when making a request. Maybe they didn?t use certificate pinning and I can just watch their network traffic via a proxy. And so I sit, and I watch, and sometimes I probe to see what comes of it. A lot of times the magic is just saying, ?what happens if I do this?? Those simple guard rails which keep 99.9999% of us on the road are, really, only 3 feet high.

But this ?hack?, if you can even call it a ?hack? is so simple. And, maybe that?s just it, we get so caught up in the two or three choices, that we don?t realize that there is a whole other world out there if we just probe a little, ask a different question, sit back and watch. That?s the secret.

Ok, that?s a lot of build up for such a simple thing? but I have a point. I?ll get to that later.

While in flight, let?s connect to the gogoinflight SSID.

Image for postconnecting

Next, you should be routed to the gogoinflight web page. If not, then you need to navigate to the the default router. Here, we can used 172.19.131.2 (this ip is in the connection info). Alternatively, you can use ?airbone.gogoinflight.com?.

There we go. Why yes, it is nice to see you. Scroll down and connect to the T-Mobile check in link. Click it. That?s fine that you don?t have a T-Mobile number. I?ll explain that in a bit.

Image for posthomepage

Getting closer. Hit ?Let?s go?. And, you don?t really need to enable WiFi Calling. You would if you actually want to make calls. Otherwise, don?t bother.

Image for postT-Mobile Link

Let?s fill out that captcha. And here is our first ?shortcut?. The developer uses the same captcha for each request we are going to make. Ooph, but OK. Maybe they were probably pushed by the airline and T-Mobile to get it done as fast as possible. Then again, maybe not.

Image for postCaptcha and Number Check

Now let?s enter a phone number. Any number. Let?s try a few and after each time, we?ll hit ?Ready For Takeoff?. Here, we use the same shortcut left by the developer. That Captcha doesn?t renew.

503?851?2214? nope

503?851?2215? nope

503?851?2216? nope

503?851?2217? nope

503-851-2218? BINGO!

Sorry if that?s your number and I just posted it to Medium.

Image for postWelcome to free

That. is. it.

So what does this mean?

On top of each plane, there is a satellite dish. That dish has several degrees of freedom and sends a very small small amount of data to check which carrier your phone number belongs to. ~40 bits, give or take.

Think about it, you are on a plane thats 30,000 feet in the air you have no reception. How are you expected to confirm your phone number without reception, without supplying an email address? You can?t. Well, you can, but this isn?t the time for that convo.

So the plane sends a signal to the satellite, the satellite beams it down to earth, and then to some API somewhere that checks the request to see which carrier it belongs to. You can try it yourself with these carrier lookup services. Im guessing here, but most likely, the request will return a True or False. If true, you get free internet, a logged session and a randomly generated url that includes some token in the url that expires after a set amount of time.

So why do it this way? Because satellite communication is very expensive. Alaska and T-Mobile purposely try and limit that bandwidth to check the validity of the phone number supplied. I used this method last night and I used the free wifi for more than an hour since the flight was 2.5 hours. That means that the token doesn?t expire, either.

So, what?s the funniest part about this? Last night I looked to see if there were any posts about it. I only found one article and that finding was buried down at the bottom in Forbes magazine. Yes, Forbes from March 2017. The author was so close to implementing it.

As per the article,

You can use any smartphone to access the T-Mobile promotion. The Carrier does not appear to be validating the phone number against the SIM, so this means that inputting a valid T-Mobile number will result in the ability to access the service.

But he didn?t do it! He had a T-Mobile number and used that instead. When the author spoke to a senior T-Mobile representative,

T-Mobile assured me that they had certain validation checks in place to prevent what I just described but they admitted there were still some issues (as did Gogo when I spoke with them).

As did gogo. That tells me a lot about the project with Alaska Airlines, and T-Mobile. I bet that there was a lot of pressure to get this done as quickly as possible with a limited number of resources. The devs just did what they did, got it done so they could go onto another project.

Enjoy that sweet, sweet internet.

#TMobileWingman

No Responses

Write a response