How a Hacker Could Hijack an Airplane From Their Seat

Illustration for article titled How a Hacker Could Hijack an Airplane From Their Seat

Reports that a cybersecurity expert successfully hacked into an aeroplane’s control system from a passenger seat raises many worrying questions for the airline industry.

Advertisement

It was once believed that the cockpit network that allows the pilot to control the plane was fully insulated and separate from the passenger network running the in-flight entertainment system. This should make it impossible for a hacker in a passenger seat to interfere with the course of the flight.

But the unfolding story of this hacker’s achievement, which has prompted further investigation by authorities and rebuttals from plane manufacturers, means that this assumption needs to be revisited.

Advertisement

In a similar way, it was once also believed that PIN protection was sufficient for ATMs. Then it was discovered that keystroke logging software can be used to translate sound signals created when pressing the ATM numeric keypad into the PIN, greatly reducing the time needed for hackers to guess for it. This could increase the risk of an ATM security breach compared with the previously held assumption that the system is secure as long as nobody can see it.

When it comes to technology, as one person is making sure that a system is secure, another is already working to bypass the established security. That is a worrying prospect when you’re at 30,000 feet and travelling at over 500 miles an hour.

Direct connections

The hacker claims to have been able to access the cockpit network through communication with the in-flight network. Many in-flight entertainment systems now have USB ports and some airlines run Wi-Fi. Both are potential entry points for the determined hacker to access all the plane’s computer systems.

Advertisement

It is highly unlikely, however, that someone hacking the passenger network could take direct control of the pilot’s network because the two systems are designed to be insulated from each other. Network engineers have long been able to control what data passes between different network segments, and aircraft systems are no exception.

The FBI and other authorities may reveal that there is no evidence that the two networks are connected. But another explanation may be the hacker was equipped with a device (or a software probe) that can gather information from both networks. Is that likely? It is certainly possible.

Advertisement

Although insulated, the two networks in a plane are connected as they share common information about velocity, direction and weather. By monitoring just one network and comparing its traffic to the real world events, it would be very difficult to work out which network signals corresponded to which pieces of information. But by looking at the networks for signals that appear in both at the same time, a hacker may be more likely to infer how the data relate to physical changes.

They could then attempt to copy this traffic and send the same instructions, potentially taking control of the aircraft. Even if the messages were digitally encrypted and insulated, theoretically it should still be possible to work out which parts of the network are talking to each other. This means they could also identify the systems sending the instruction and launch an internal denial-of-service (DOS) attack, flooding the system with useless information and preventing the pilots from sending control data to the engines.

Advertisement

Monitoring the network

It is becoming imperative that airlines re-evaluate their internal aircraft security, particularly with the introduction of in-flight passenger Wi-Fi. They should also monitor any unusual network traffic that passes between the passenger cabin and the cockpit in order to watch out for any attempts at hacking.

Advertisement

The same principles that enable the hacking could be used to watch out for them by allowing two independent monitors to observe the causes and effects of unfolding events on the network via satellite. When both believe that there is an issue, the information could be reported back to the pilot as a noted risk.

Network engineers already accomplish this by looking at network traffic behaviour and inferring possible issues, without actually seeing the physical problem first hand. With the-time critical nature of airline safety, having more than one individual check for alerts, increases the possible assurance given to the pilot.

Advertisement

Any traffic not expected or requested should be treated as suspect and the prelude to a more detailed investigation. The aircraft could then automatically call on the services of remotely working security experts. This would allow them to warn the pilot of any attempted security breach and provide advice on how to deal with it.

Yijun Yu is Senior Lecturer, Department of Computing and Communications at The Open University. Andrew Smith is Lecturer in Networking at The Open University.

Advertisement

This article was originally published on The Conversation. Read the original article.

Image by StudioSmart/Shutterstock.

Advertisement

Share This Story

Get our newsletter

DISCUSSION

barbarabowers
barbarabowers

No. Just no. This guy is a fucking crackpot and anyone who thinks he was remotely capable probably doesn’t know shit. Guy claimed he used the same strategies for his “hacks” on both Boeing and Airbus aircraft, which both operate DRASTICALLY differently. Seriously. He claimed like he hacked an a320, 737, 757....first off those three aircraft are all so goddamn different. Secondly, the networks are so damn independent there is literally no physical nor digital connection to them. FFS even the GPS map app on IFE utilizes a different GPS receiver than used by the flight instruments.