News
Major cybersecurity flaw in airline in-flight systems means hackers could hijack planes - comments
December 2016 by NSFOCUS and Synopsys
It is being reported this morning that cybersecurity vulnerabilities in Panasonic
in-flight entertainment systems, used by a several major Airlines (including Virgin,
American and Emirates), allows attackers to control in-flight displays, PA systems
and lighting, access passenger credit card data as well as the wider aircraft
network, including the aircraft control domain. Cybersecurity experts comment:
Stephen Gates, chief research intelligence analyst at NSFOCUS:
“In the light of this research, physical separation between in-flight
entertainment systems and aircraft control systems could never be more important. As
airlines continue to add new customer-based entertainment and information
technologies, airlines need to ensure that an impenetrable barrier is in place
protecting aircraft control systems. This research demonstrates that hackers could
cause all sorts of issues that could impact a customer’s “experience” while
flying, but have yet to prove they could impact flight control systems. Let’s all
hope that remains the case, long-term.
"It’s not too far of a stretch to suggest that flight entertainment systems could
even be hacked from the ground, via the Internet access on the plane. If remote
access was gained while the plane was on the ground, or by way of a hacker planting
a backdoor via an infected device while in flight, hackers could cause all kinds of
disruption that would not directly impact them – since they’re not even on the
plane. Now that’s a scary thought…”
Mike Ahmadi, global director - critical systems security at Synopsys:
“Any system that gets the attention of the hacking/research community will
eventually be found vulnerable. There are literally an infinite number of ways to
compromise any system. Organisations need to constantly monitor and test their
systems in order to keep up with security issues. Moreover, organisations should
assume compromise will happen and plan accordingly.”
Alex Cruz-Farmer, VP at NSFOCUS:
"Previous hacks and vulnerabilities have always been on the ground, but we’re now in the realms of something extremely scary - hacks in mid-air with no escape. The
active threats will be growing, and with thousands of planes in the air, the
remediation of this is going to be extremely complicated and time consuming. This
will be a huge flag to all manufacturers to review their underlying platforms, and
whether their integrated infrastructure has the necessary security around it to
protect us, the passengers. If anything did happen it could at worst be life
threatening leading this to be considered as major negligence across the multiple
parties involved."
