BA was the one who got pwned with a card skimmer script on their checkout page, so this tracks.

On the other hand, in-flight Wi-Fi "security" and actual company property security don't have anything to do with it. The in-flight Wi-Fi isn't protecting anything, it's just there as an annoyance to get a few extra bucks similarly to catering (and just like the latter, typically outsourced to a third-party which just allows them to white-label it).

It’s also keeping it working. If they allow open access for everyone it would quickly be unworkable

Starlink-based ones have enough bandwidth for the whole plane to have workable bandwidth (just rate-limit based on client so no single heavy user hogs the entire bandwidth).

There's also an European one whose name currently escapes me which uses a custom flavor of LTE and special ground stations that also happily provides hundreds of mbps.

Capacity is primarily an issue on the legacy BGAN-based ones where you have a handful of mbps for the entire plane.

You can do 100s of mbps with a flag and a pair of binoculars...

Sorry, pet peeve: do you mean MB/s, Mb/s, or something else? Probably not the milli-bits per second (mbps) that you wrote.

I mean Mb/s; just reusing the same terminology a lot of speed tests use (they report in Mb/s but often refer to it as "mbps").

mbps has always been used for megabits

That's EAN, also used by BA as the backhaul.

EAN is a joint venture between Inmarsat (now Viasat) and Deutsche Telekom. The system uses a combination of ground based LTE and satellite connectivity.

That's the one, thanks!

Sadly most planes still run on legacy systems, it's not something that's ever a priority.

Yes those are awesome

> They said a pentest would find them if they were important.

Is it just me, or are pentests about as useless as a UK home survey? Like, they're not going to move the furniture to look for issues.

I've experienced many companies who think due diligence is done by paying a 3rd party company to do the annual pentest. Meanwhile, the eng that actually work on the product, and know about potential issues, can't get leadership buy-in to invest in security.

Counterpoint: pentests are good to catch regressions over time.

Should it be your only security strategy? No. But it can help in combination with other solutions.

They're not all bad. We're selling our house and the buyer's surveyor was incredibly thorough - he picked up on some small issues I'd never even noticed even though they were right in front of my eyes the last few years (nothing serious though). He was so good that I'd definitely use him for any future moves.

> as useless as a UK home survey

Hey it confirms the loft exists at least, by virtue of the surveyor sticking their head through the hatch

Is there a more cushty job in existence??

Pentests can be brilliant if you know the scope you want to have tested. The additional benefit being the business is more likely to pay (engineering time!) for fixes of the issues reported.

I'm impressed BA even had such a position open. Bullet dodged!

Maybe their job interviews are their pentest.