Reports that a cybersecurity expert successfully hacked into an aeroplane’s control system from a passenger seat raises many worrying questions for the airline industry.
It was once believed that the cockpit network that allows the pilot to control the plane was fully insulated and separate from the passenger network running the in-flight entertainment system. This should make it impossible for a hacker in a passenger seat to interfere with the course of the flight.
But the unfolding story of this hacker’s achievement, which has prompted further investigation by authorities and rebuttals from plane manufacturers, means that this assumption needs to be revisited.
In a similar way, it was once also believed that Pin protection was sufficient for ATMs. Then it was discovered that keystroke logging software can be used to translate sound signals created when pressing the ATM numeric keypad into the Pin, greatly reducing the time needed for hackers to guess for it. This could increase the risk of an ATM security breach compared with the previously held assumption that the system is secure as long as nobody can see it.
When it comes to technology, as one person is making sure that a system is secure, another is already working to bypass the established security. That is a worrying prospect when you’re at 10 000m and travelling at over 800km/h.
The hacker claims to have been able to access the cockpit network through communication with the in-flight network. Many in-flight entertainment systems now have USB ports and some airlines run Wi-Fi. Both are potential entry points for the determined hacker to access all the plane’s computer systems.
It is highly unlikely, however, that someone hacking the passenger network could take direct control of the pilot’s network because the two systems are designed to be insulated from each other. Network engineers have long been able to control what data passes between different network segments, and aircraft systems are no exception.
The FBI and other authorities may reveal that there is no evidence that the two networks are connected. But another explanation may be the hacker was equipped with a device (or a software probe) that can gather information from both networks. Is that likely? It is certainly possible.
Although insulated, the two networks in a plane are connected as they share common information about velocity, direction and weather. By monitoring just one network and comparing its traffic to the real world events, it would be very difficult to work out which network signals corresponded to which pieces of information. But by looking at the networks for signals that appear in both at the same time, a hacker may be more likely to infer how the data relate to physical changes.
They could then attempt to copy this traffic and send the same instructions, potentially taking control of the aircraft. Even if the messages were digitally encrypted and insulated, theoretically it should still be possible to work out which parts of the network are talking to each other. This means they could also identify the systems sending the instruction and launch an internal denial-of-service attack, flooding the system with useless information and preventing the pilots from sending control data to the engines.
It is becoming imperative that airlines re-evaluate their internal aircraft security, particularly with the introduction of in-flight passenger Wi-Fi. They should also monitor any unusual network traffic that passes between the passenger cabin and the cockpit in order to watch out for any attempts at hacking.
The same principles that enable the hacking could be used to watch out for them by allowing two independent monitors to observe the causes and effects of unfolding events on the network via satellite. When both believe that there is an issue, the information could be reported back to the pilot as a noted risk.
Network engineers already accomplish this by looking at network traffic behaviour and inferring possible issues, without actually seeing the physical problem first hand. With the time-critical nature of airline safety, having more than one individual check for alerts increases the possible assurance given to the pilot.
Any traffic not expected or requested should be treated as suspect and the prelude to a more detailed investigation. The aircraft could then automatically call on the services of remotely working security experts. This would allow them to warn the pilot of any attempted security breach and provide advice on how to deal with it.
- Yijun Yu is senior lecturer, department of computing and communications, at The Open University; Andrew Smith is lecturer in networking at the same institution
- This article was originally published on The Conversation