This post is also available in: עברית (Hebrew)
Reports that a cybersecurity expert successfully hacked into an airplane’s control system from a passenger seat raises many worrying questions for the airline industry.
It was once believed that the cockpit network that allows the pilot to control the plane was fully insulated and separate from the passenger network running the in-flight entertainment system. This should make it impossible for a hacker in a passenger seat to interfere with the course of the flight.
But the unfolding story of this hacker’s achievement, which has prompted further investigation by authorities and rebuttals from plane manufacturers, means that this assumption needs to be revisited.
The hacker claims to have been able to access the cockpit network through communication with the in-flight network. Many in-flight entertainment systems now have USB ports and some airlines run Wi-Fi. Both are potential entry points for the determined hacker to access all the plane’s computer systems.
It is highly unlikely, however, that someone hacking the passenger network could take direct control of the pilot’s network because the two systems are designed to be insulated from each other. Network engineers have long been able to control what data passes between different network segments, and aircraft systems are no exception.
The FBI and other authorities may reveal that there is no evidence that the two networks are connected. But another explanation may be the hacker was equipped with a device (or a software probe) that can gather information from both networks. Is that likely? It is certainly possible.
According to HomeLand Security News Wire , although insulated, the two networks in a plane are connected as they share common information about velocity, direction and weather. By monitoring just one network and comparing its traffic to the real world events, it would be very difficult to work out which network signals corresponded to which pieces of information. But by looking at the networks for signals that appear in both at the same time, a hacker may be more likely to infer how the data relate to physical changes.
They could then attempt to copy this traffic and send the same instructions, potentially taking control of the aircraft. Even if the messages were digitally encrypted and insulated, theoretically it should still be possible to work out which parts of the network are talking to each other. This means they could also identify the systems sending the instruction and launch an internal denial-of-service (DOS) attack, flooding the system with useless information and preventing the pilots from sending control data to the engines.Monitoring the network