Threat of easy hacking worries some airlines

Threat of easy hacking worries some airlines
A plane flying over mountains in China's western Xinjiang region. As the aviation industry adopts communication protocols similar to those used on the Internet to connect cockpits, cabins and ground controls, it leaves itself open to the vulnerabilities bedevilling other industries - from finance to oil and gas to medicine.

Security researcher Chris Roberts made headlines last month when he was hauled off a plane in New York by the FBI and accused of hacking into flight controls via his underseat entertainment unit.

Other security researchers say Roberts - who was quoted by the FBI as saying he once caused "a sideways movement of the plane during a flight" - has helped draw attention to a wider issue: that the aviation industry has not kept pace with the threat hackers pose to increasingly computer-connected airplanes.

Through his lawyer, Roberts said his only interest had been to "improve aircraft security."

"This is going to drive change. It will force the hand of organisations (in the aviation industry)," says Jonathan Butts, a former US Air Force researcher who now runs a company working on IT security issues in aviation and other industries.

As the aviation industry adopts communication protocols similar to those used on the Internet to connect cockpits, cabins and ground controls, it leaves itself open to the vulnerabilities bedevilling other industries - from finance to oil and gas to medicine.

"There's this huge issue staring us in the face," says Brad Haines, a friend of Roberts and a security researcher focused on aviation. "Are you going to shoot the messenger?"

More worrying than people like Roberts, said Mark Gazit, CEO of Israel-based security company ThetaRay, are the hackers probing aircraft systems on the quiet. His team found Internet forum users claiming to have hacked, for example, into cabin food menus, ordering free drinks and meals.

That may sound harmless enough, but Gazit has seen a similar pattern of trivial exploits evolve into more serious breaches in other industries. "It always starts this way," he says.

ANXIOUS AIRLINES

The red flags raised by Roberts' case are already worrying some airlines, says Ralf Cabos, a Singapore-based specialist in inflight entertainment systems.

One airline official at a recent trade show, he said, feared the growing trend of offering inflight WiFi allowed hackers to gain remote access to the plane. Another senior executive demanded that before discussing any sale, vendors must prove their inflight entertainment systems do not connect to critical flight controls.

Panasonic Corp and Thales SA, whose inflight entertainment units Roberts allegedly compromised, declined to answer detailed questions on their systems, but both said they take security seriously and their devices were certified as secure.

Airplane maker Boeing Co says that while such systems do have communication links, "the design isolates them from other systems on planes performing critical and essential functions." European rival Airbus said its aircraft are designed to be protected from "any potential threats coming from the In-Flight-Entertainment System, be it from Wi-Fi or compromised seat electronic boxes."

Steve Jackson, head of security at Qantas Airways Ltd , said the airline's "extremely stringent security measures" would be "more than enough to mitigate any attempt at remote interference with aircraft systems."

More about

Hacking
Purchase this article for republication.

BRANDINSIDER

SPONSORED

Most Read

Your daily good stuff - AsiaOne stories delivered straight to your inbox
By signing up, you agree to our Privacy policy and Terms and Conditions.