With modern day aircraft becoming so dependent on technology, one doesn’t really think of them as a platform that is at risk of being hacked. With the way they are built remote hacking of an aircraft’s critical systems would be extremely difficult as it would require the person with malicious intent to be on the aircraft to carry out the attack as well as connected to the aircraft’s network.
With airlines introducing in-flight internet, it might be possible for hackers to tap into the planes network using only a personal device and no physical connection.
Networked Aircraft Systems
Modern aircraft are full of avionics which are networked, and connect various critical systems to provide the flight crew with better real time data and telemetry, as well as the ground crews to find and quick fix maintenance issues.
Aircraft systems are not hard wired and do not operate on the world wide web. Hacking them requires a physical connection to systems which are in a very difficult place to access as well as in a highly access controlled area of the aircraft.
This though does not mean that they cannot be hacked by non standard means.
Chris Roberts, a white hat hacker managed to demonstrate another way flight systems can be hacked. He managed to successfully access flight systems on numerous commercial planes by exploiting the in flight entertainment system with just a CAT6 network cable.
In doing this Roberts managed to overwrite code on the plane’s Thrust Management System. By doing this, this has raised concerns about potential vulnerabilities that might be exploited on passenger facing systems.
In Flight Wireless Connectivity
With the advent of digitally integrated and web connected aircraft now offering internet access to the passengers on board, this introduces new chances for hackers to access critical flight systems.
Ruben Santamarta, principal security consultant at IOActive, asserted at BlackHat 2019 that it is possible to do the following:
“effectively reach the avionics network on a commercial airplane from either non-critical domains, such as passenger information and entertainment services, or even external networks.”
As airlines upgrade their fleets with aircraft that have in flight wireless connectivity, which is used for passenger entertainment and services, it becomes increasingly important that the segregation between the critical flight systems and passenger networks is in place.
Aircraft manufacturer Boeing has disputed the findings of Santamarta, but the threat of cyber criminals targeting passenger facing systems to use them to reach sensitive aircraft networks is a real security concern.
With highly networked avionics playing a vital role in today’s aviation sector, they help to facilitate better communication as well as decision making processes for both flight and ground crews.
There are significant benefits to have such networks in aircraft, but they are not invulnerable to hacking. This risk will increase as more aircraft are providing in flight internet access for passengers.
A proactive approach is required to mitigate the risks associated with the in flight wireless networks and passenger facing systems such as the in flight entertainment system. It is essential to ensuring that the integrity and safety of the critical flight systems is maintained in the every advancing cyber threats that exist.