In the wake of increased cybercrime, we see that the threat of hackers gaining control over planes in motion is indeed possible.
In some documented cases, hackers have also managed to compromise airplane navigation systems, commanding them to do as they wish.
In one instance, cyber security consultant and researcher Chris Roberts pointed out that some planes have huge vulnerabilities within their in-flight control systems.
As proof, he hacked into a flight mid-air, causing it to perform a lateral move.
Even though his claims are not yet fully verified, the risk of something like this happening is still very possible.
TheUnited States Federal Bureau of Investigation (FBI) began investigating Roberts after he tweeted about the hack while in-flight.
Lots of hackers instigate security breaches for the sake of pointing out vulnerabilities that require necessary patches.
And instead of tweeting about their findings, they simply choose to inform manufacturers and relevant authorities of the particular devices/systems that pose major security flaws.
But this isn’t true in Roberts’ case; he has taken to Twitter to voice his various findings of airplane security flaws.
Roberts admitted he could have hacked into the system while the aircraft was in motion.
This instance has brought about many matters of grave concern that should be solved before the issue gets out of control.
In his defense, Roberts said his only motivation was to increase aircraft security awareness.
A known threat is that hackers might gain access to a plane’s Wi-Fi network, which could be incredibly dangerous to crew members and passengers.
If both the hacker and the pilot are on the same network, then the hacker can manipulate the aircraft to do whatever operation they want.
What is even more disturbing is that pilots are not trained to deal with such situations where a hacker has gained control over their system.
So, the possibility is quite high that pilots won’t even be aware of what is happening.
There are control boxes below the seats of passenger planes. To connect to the boxes, one needs to use a LAN cable.
Once that is complete, the hacker is in full control of the plane’s navigation system.
In some instances, there are more questions than answers as to why the boxes are placed in such positions.
Authorities in the U.S. have warned airlines to be on the lookout in the event a passenger gains access to the boxes, and treat it as a severe security threat.
These boxes are meant to serve the purpose of being in-flight entertainment systems (IFEs), and so the possibility of individuals using them to gain control of the plane remains relatively high.
As it is now, the majority of planes are controlled through the same hardware.
The device links the planes’ controls systems and the in-flight entertainments systems to each other.
The fact that these platforms are on the same hardware makes it very easy for a single hacker to control the whole flight.
Even though aircraft manufacturers are installing firewalls, antivirus programs and other forms of software meant to enhance security on the hardware devices, it’s still not safe to assume hackers don’t already have the capabilities and skills to infiltrate these devices.
If this negligence continues in such a manner, then the aviation field will remain exposed to dangerous cyber threats.
In the event, a team of hackers join forces to hack into a plane, the situation becomes even worse.
In such a situation, there is usually one person on the inside on the plane that connects to the aircraft’s network, so that other hackers can gain access remotely.
The possibilities of all this are possible and thus bringing about serious concerns in the aviation industry.
THE CAUSES OF AVIATION INSECURITY
As mentioned earlier, the use of Wi-Fi systems could result in a disaster if specific guidelines are not implemented.
Due to technological advancements of tools capable of orchestrating various forms of hacks, Wi-Fi is very prone to attacks—and they can happen in the least expectant ways.
By gaining access to wireless networks, attackers can cause critical harm to both the passengers and crew.
Several cyber security experts state that internet connectivity on a plane is a link between all parties mid-air and the rest of the world.
Even though aircraft hardware has firewalls and anti-virus systems that serve purposes such as preventing attacks and alerting the crew of a pending attack, they are not safe.
The reason is that hackers are always crafting new means of hitting new targets.
And as it is, there is no platform completely secure.
Security measures can be bypassed depending on the degree of skill an individual or a group possesses.
When an attacker infiltrates a plane through Wi-Fi networks, they can perform operations such as diverting the route of the aircraft, causing it to change altitude and carrying out a false alarm.
These factors possess serious threats, as pilots may react and further make the situation irreversible.
In-flight Entertainment Systems (IES)
Passengers can connect their personal computers to in-flight entertainment systems by the use of a LAN cable.
However, the Wi-Fi is part of the IES.
By using a LAN cable, the hacker has access to the navigation systems as it shares the same platform with the entertainment system.
As a result, the security is compromised to a greater extent.
According to a report carried out by The Telegraph, there are security flaws that hackers can use to steal credit card information of frequent fliers, which brings into question the issue of privacy.
Acceptance of Sophisticated Gadgets into Flights.
The mere fact that users are allowed to carry tablets, laptops and other devices onto planes implies that there is a reason to worry.
Because these devices are mostly used for leisure on flights, it’s sad to know this is considered a security issue, but the reality is that hackers are targeting personal devices to use them for wrong reasons.
For example, if a terrorist with skills in hacking can hack into airplanes, then it means that terrorists will have found a hub to cause human deaths.
As a result, we will continue to witness terror-related incidents until a solution to the matter is reached through the cooperation of relevant governments and stakeholders.
Lack of Cooperation
The lack of cooperation between stakeholders is a problem.
For example, when security researchers approach authorities and manufacturers to explain the flaws they’ve uncovered, those security vulnerabilities are often never addressed.
This may prevent experts and researchers in the future from coming forward and disclosing what they discovered.
Air Traffic Control System
Aviation pilot Righter Kunkel, who doubles up as a security researcher, presented a report at the 17th and 18th DEFCON Hacking Conference about aircraft control systems.
The report highlighted that control systems are not built to certain standards, thus leaving them very prone to attackers.
In a different instance, security researcher Andrei Costin stated that new air traffic control systems developed by the Federal Aviation Administration (FAA) were hazardous and prone to spoofing by hackers.
The deployment of the Automatic Dependent Surveillance System (ADS) was set for launch in 2014.
What’s disturbing is that even after Costin submitted this report to the relevant federal offices, they dismissed the matter and claimed that spoofing is just a theory which happens to have existed since years ago.
Countless disclosures such as these have been made to authorities, stating the serious nature of the situation.
At a DerbyCon Conference, a Canadian security researcher presented his findings criticizing next-generation air traffic control systems after his findings were utterly dismissed by the FAA.
Latest posts by C.M. (see all)
- AfricaHackOn: Group in Africa Aims to Create & Improve Cyber Security - July 23, 2017
- U.K. Parliament Hacked Through Brute Force, Proves the Importance of Email Security - July 21, 2017
- Hacking in the Aviation industry - July 6, 2017