According to this UC San Diego paper, your cellular data may be sent completely unencrypted when flying, using VoIP services, and even just during day-to-day cellular use. The authors recommend using a VPN to cover these security gaps. Ambit Client, unlike any other VPN, can protect your data in these scenarios as well as from the HNDL threat.
For the brave, details follow from their website:
Cellular Backhaul
We observed unencrypted cellular backhaul data sent from the core network of multiple telecom providers and destined for specific cell towers in remote areas. This traffic included unencrypted calls, SMS, end user Internet traffic, hardware IDs (e.g. IMSI), and cellular communication encryption keys.
Military and Government
We observed unencrypted VoIP and internet traffic and encrypted internal communications from ships, unencrypted traffic for military systems with detailed tracking data for coastal vessel surveillance, and operations of a police force.
In‑flight Wi‑Fi
We observed unprotected passenger Internet traffic destined for in-flight Wi-Fi users on airplanes. Visible traffic included passenger web browsing (DNS lookups and HTTPS traffic), encrypted pilot flight‑information systems, and in‑flight entertainment.
VoIP
Multiple VoIP providers were using unencrypted satellite backhaul, exposing unencrypted call audio and metadata from end users.
Internal Commercial Networks
Retail, financial, and banking companies all used unencrypted satellite communications for their internal networks. We observed unencrypted login credentials, corporate emails, inventory records, and ATM networking information.
Critical Infrastructure
Power utility companies and oil and gas pipelines used GEO satellite links to support remotely operated SCADA infrastructure and power grid repair tickets.
End Users
There is no way for end users to know if upstream providers are encrypting their traffic. Nearly all Internet browsing traffic was encrypted by end-user devices using TLS or QUIC, and cellular backhaul exposure was limited to a relatively small number of cell towers in specific remote areas. End users can encrypt network traffic they directly generate by using a VPN; for messaging and voice communications use end to end encrypted apps like Signal.”
