It security on a plane

IT security on board – can you hack a plane?

Redaktion
24.08.2018
5 minutes

Aircraft are essentially flying IT systems. Apart from the critical flight systems, which are responsible for navigation and control, there are also downstream systems like the entertainment system. However every network presents a potential security risk and therefore also a target for a hacking attack.

An attack of this nature could have fatal consequences: from the failure of key functions, like breathing masks, to collision with an obstacle or even a crash. We probe the question about what IT security on board is like and whether you can hack a plane. Are computers on board well enough protected against attacks from the outside?

IT provides safety on flights

Today, aircraft are controlled by complex computer systems networked to each other: control signals and other data are sent from the ground to the computer in the aircraft. As in all other areas of life, it is hard to imagine aviation operating without computers. Aircraft are navigated using IT, the pilot communicates with air traffic control using the technology, and even the passengers benefit from the systems: high-tech entertainment systems make flying considerably more comfortable. Many of the on-board systems significantly contribute to safety. Read in this article about the interaction between man and computer systems.

Software often outdated

One of the problems with IT security in aircraft lies with the expensive maintenance of the systems, which explains why most commercial aircraft are operating with outdated software and hardware. Many commercial aircraft remain in service for between 15 and 20 years and their software is often ten years old. Computer systems in aircraft are therefore seriously outdated, at least compared to today’s standards in tablets, smartphones and other devices.

Having said that, these ageing systems do not present a major risk for general safety. Software and hardware represent well-practised teams capable of handling hundreds of thousands of hours in the air with ease. This is just one of the reasons why aircraft are regarded as one of the safest modes of transport.

However, experts criticise the fact that there is currently no central means of collating attempted attacks, an option that could help to identify vulnerabilities faster and adapt the systems of all the affected aircraft accordingly. A further criticism is directed at security concepts in the aviation industry, whereby security is guaranteed by complete secrecy about its operation.

Hacking attempts by security experts

Time and time again there are rumours about hackers who are said to have hacked into the safety systems of aircraft. Among them was a security expert, who wanted his actions to draw attention to security vulnerabilities in the systems. The hacker is said to have used a LAN cable to connect to the technology in the aircraft and managed to access the engines and breathing masks etc. The aircraft manufacturer Boeing considers this to be unlikely, as on-board electronics and entertainment systems operate separately from each other. Besides, surely the crew would have noticed someone removing the panelling under his seat. So what is the truth about the rumours that aircraft could be hacked?

Aircraft hacking scenarios

Hacking attack with a LAN cable
Theoretically and practically, an aircraft can only be hacked if the hacker is on board, as only then does he have direct access to the relevant computer systems. They communicate with each other via Ethernet, in other words a LAN cable. However, the hacker would need to remove the panelling in front of the relevant components to access the cables. Wireless access to the entertainment system is impossible.

Wireless hacking attack
Systems less relevant for flight safety include the “Information Management On-Board” system that displays weather data and information through wireless connections. Although it is secured by a firewall, this protection can of course be overcome, but it remains questionable what a hacker would do with the information and how he could use it to crash an aircraft. Nevertheless, there is a more serious risk should he penetrate more deeply into the system through the “Information Management On-Board” system. Having said that, he would need to be familiar with the protocols and data and be able to interpret them to cause damage. According to Boeing, “no modification to the flight can be uploaded into the aircraft’s system without the pilot seeing it and agreeing to it.” In all cases, the pilot has the last word.

Conclusion about on-board IT security

Theoretically, hacking attacks to aircraft are fundamentally possible, although the exacting security standards in aviation immensely complicate any attempts. It is a very reassuring fact that ultimately it is a person – the pilot – who decides where the plane flies.

Cover picture Pixabay – thedigitalartist

by Redaktion

Related Posts