Federal Bureau of Investigation issues warning regarding airline hacking

Modern aircrafts likely to be targeted by hackers mid-flight says FEDS

According to the reports recently published by the United States Government Accountability Office, the Federal Aviation Administration have been warned that the aviation faces cybersecurity challenges in “at least three areas”, including the protection of aircraft avionics used to operate and guide aircrafts. In reply to the reports, the FBI and TSA have issued an notice to airlines advising them to be on the lookout for proof of altering or network intervention.

Andrew Nikishin, Head of Future Technology Projects at Kaspersky Lab, has given a detailed explanation on this controversial topic:

“As a fairly frequent flyer, I had mixed feelings about the news that modern planes can be hacked. Readers who are not familiar with how modern planes operate might get the impression that an intruder with a laptop can easily seize full control of a plane. In reality, that isn’t quite the case.”

Currently, the FBI and TSA have no information to back claims that an attacker could control a plane’s navigation system through the passenger Wi-Fi or IFE (In Flight Entertainment) networks, however, they are taking the claims seriously. They are currently assessing the proof to find out if there is a convincing danger posed by intervention into the networks of passenger planes.

The notice, posted on the FBI’s InfraGard site as a private industry notification (or PIN), advises airline staff to be on the lookout for signals that any passengers may be attempting to connect to the network ports situated beneath their seats.

“Although the media claims remain theoretical and unproven, the media publicity associated with these statements may encourage actors to use the described intrusion methods,” the alert notes. “Attempting to gain unauthorized access to the onboard networks of a commercial aircraft violates federal law.”

The alert then illustrates the signs that flight staff should be looking for:

Report any suspicious activity involving travelers connecting unknown cables or wires to the IFE system or unusual parts of the airplane seat.

Report any evidence of suspicious behavior following a flight, such as
IFE systems that show evidence of tampering or the forced removal of
covers to network connection ports.

Report any evidence of suspicious behavior concerning aviation wireless signals, including social media messages with threatening references to Onboard Network Systems, ADS-B, ACARS, and Air Traffic Control networks.

Review network logs from aircraft to ensure any suspicious activity, such as network scanning or intrusion attempts, is captured for further analysis.

The FBI/TSA alert comes following a tweet sent out by security researcher, Chris Roberts last week while he was aboard a United Airlines flight from Chicago to Syracuse. Roberts had jokingly tweeted about controlling his airplane’s network to see if he could fiddle with his fellow passengers oxygen masks. However, once he landed in Syracuse he was met by FBI agents, who took his laptop and other electronics.

Roberts tweet was in reply to the report released last week by the Government Accountability Office pointing out that unsafe connections between the passenger Wi-Fi networks and the avionics systems on some Boeing and Airbus planes could make it possible for a hacker to get entry into navigational controls and commandeer a plane.

Roberts, a respected computer security professional, has done large research into the susceptibilities of airplane networks and has communicated with Boeing and Airbus in the past about the vulnerabilities, but got limited reply from the airlines.

He told WIRED that the tweet was sent from his United flight which was a result of his annoyance that his warnings had not been paid attention to over the years by the airlines.

He confessed to WIRED and the FBI that in the past he had connected to the network ports situated under his seat along with a fellow unnamed researcher on more than a dozen flights. However, he said that did not access to United’s network during his Chicago to Syracuse flight and had no intentions of doing so. He further said that they did this to detect traffic crossing the networks and unearth susceptibilities.

The FBI/TSA notice to airlines to keep a watch on the passenger’s activity seems to be a direct reply to Roberts’s admission.