News Backgrounder
Onboard Wi-Fi vulnerable to malevolent hackers
May 1st 2015
More and more airlines are introducing wireless entertainment systems onboard, but a U.S. government report has raised the possibility that the systems could be a serious security risk to carriers worldwide. Read More »
The report, from the U.S. Government Accountability Office (GAO) has warned wireless entertainment systems could be hacked inflight by passengers, allowing access to flight controls.
It said this is one of several emerging cyber-security weaknesses that the Federal Aviation Administration (FAA) must address as America’s air traffic control systems move toward next generation technology. “Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” the report said.
The potential threat is not being ignored in the Asia-Pacific. Andrew Herdman, director general of the Association of Asia Pacific Airlines (AAPA), told Orient Aviation cyber security is regarded as an emerging threat and risk and has been the subject of considerable discussion within the industry.
“One of the issues is the operation of multiple systems. Because of the need to have interoperability worldwide among these systems a lot of them are not encrypted, which raises the question of their vulnerability to attack. It’s something the industry overall is conscious of,” Herdman said.
He said for aircraft, maintaining separation between aircraft systems and IFE systems always has been understood. Major manufacturers such as Boeing and Airbus have maintained complete separation of the systems as a design principal in their aircraft, but Herdman said this built in security may not provide total protection.
“It is true that as the systems become more sophisticated and you have data where everything’s fly-by-wire and on the communications backbone, you must ask if you are you relying on network firewalls to protect one system from another?”
He said cyber security experts from other industries point out the vulnerability is often not in a company’s own systems. Because airline systems are interconnected to their suppliers and their distributers the security vulnerabilities can come through the back door.
“Cyber security experts have warned that everything is connected. You can’t isolate yourself. The question is: What is your defence? A firewall is subject to penetration. That’s one topic of discussion,” Herdman said.
In the U.S., Federal Aviation Administrator, Michael Huerta, agreed with the GAO’s findings and said the aviation regulator has started working with government security experts, including the National Security Agency (NSA), to identify needed changes.
“This threat will continue to evolve and it needs to be at the forefront of our thinking,” he told a U.S. Senate oversight panel. GAO investigators said cyber security experts told them onboard firewalls intended to protect avionics from hackers could be breached.
One expert told investigators “that a virus or malware” planted on websites visited by passengers could provide an opportunity for a malicious attack. Lawmakers in the U.S. Congress called on the FAA to act. “This report exposed a real and serious threat – cyberattacks on an aircraft in flight,” said U.S. Representative Peter DeFazio, ranking Democrat on the House Transportation and Infrastructure Committee.
“The FAA must focus on aircraft certification standards that would prevent a terrorist with a laptop in the cabin or on the ground from taking control of an airplane through the passenger Wi-Fi system.”
Herdman pointed out airlines faced potential cyber threats beyond the issue of safety. “At a lower level, there is the embarrassment for an airline if an attack leads to loss of passenger data or credit card information.
“Travel agents and airlines are like banks and retailers. They have huge data bases of sensitive information about passengers. This is another dimension of security that is not to do with flight safety but it shows that like every business on earth today, we are IT dependent.”