Security Services

Cybercrime at 10,000 feet and above

As we were updating this article FBI today (29.04.2015) sent a warning to airlines to check for any suspicious activities where passengers are connecting unknown cables or wires to the inflight entertainment, or they have been advised to check inflight system logs frequently for any suspicious behavioural access.

All this action from world top investigative agency stemmed out of an recent event when a security researcher was offloaded a plane on 19th April 2015 from an United Airlines flight because the airlines thought he could probably hack into the aviation systems and disturb its inflight systems including EICAS (Engine-Indicating and Crew Alerting System), he tweeted something like this, "find myself on a 737/800, lets see Box-IFE-ICE-SATCOM,? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone? :) "

FBI had already seen his tweet and by the time his plane landed after he tweeted the above message he was escorted away and was questioned for few hours, now the point is whether or not he tweeting something as sensitive as aircraft information and claiming to hack is dumb/or was totally unnecessary but, it all points back to one key element here, that is anything and everything with an IP address connected to the all-knowing internet is vulnerable for cybercrime attack.

Airplanes are increasingly fitted with state of the art gadgetry so that passengers wouldn't be deprived of the earthly connectivity options when they are above 10,000 ft and more. Most American airlines today provide Wi-Fi at a nominal cost and passengers have an option and wide array of choice to stream media, or to connect to internet to update their status on social media like Facebook or Twitter in real time. This combination of entertainment on the usual computer networks and an ever growing ambition to make everything connected might have just put the aircrafts flying above the ground susceptible to attacks by organizations which may have completely sinister motives which would also include threats to a national security and safety of passengers. Though the experts say this is theoretically possible might be difficult to achieve technically as of now.

The security experts also warn that there are weak encryption algorithms or insecure protocols in SATCOM technologies manufactured by some of the world's largest manufacturers of these equipments who supply the same to airlines to be fitted in those aircrafts.

Technically though inflight systems and aircraft navigation is usually separated there usually will be a network communication which could be potentially breached by would be cyber criminals with advance knowledge of avionics systems and most modern aircrafts today have this combination of passenger systems and in aircraft controls on the same network.

In January 2008, Boeing responded to reports about FAA concerns regarding the protection of the 787's computer networks from possible intentional or unintentional passenger access by stating that various hardware and software solutions are employed to protect the airplane systems. These included air gaps for the physical separation of the networks, and firewalls for their software separation. These measures prevent data transfer from the passenger internet system to the maintenance or navigation systems.

Aircrafts usually have a device called NED or Network Extension Device, though the way this device handles information is unique in nature, there is a slight possibility that in the future cyber criminals might come up with techniques which could probably bypass security boundaries between passenger network and the in aircraft systems.

As an example the geo position that you see on the entertainment screens comes from this devices where inflight systems transmit position frequently to the screens in front but this is usually one way communication and it has been stated that communication back to aircraft systems may be very difficult to achieve though new techniques might emerge.

This recent incident has only shown that new age technology not only affects the way you would do business on the ground but it could also affect the personal safety of people in today's modern transport systems or endanger national safety if it falls into wrong hands.

Though the recent findings or warnings have been largely based on theoretical possibilities, Airlines and Aircraft manufacturers now have an increased pressure not only to ensure the in flight systems are safe and time tested but also they would need to imbibe state of the art cyber security controls to keep the Pilot/air traffic control systems safe from falling prey to criminals or terrorist groups.

About CSS Corp Blog

About

The CSS Corp blog brings you insights from the world of technology and disruptions that are shaping the digital age. Subscribe now to learn the art of delivering exquisite customer eXperience for today's digital economy

Categories

see all