In-flight en­ter­tain­ment can ex­pose air­lin­ers to hack­ers, says US re­port


Hack­ers could ex­ploit in- flight en­ter­tain­ment sys­tems to fa­tally sab­o­tage the cock­pit elec­tron­ics of a new gen­er­a­tion of air­lin­ers con­nected to the In­ter­net, a U.S. gov­ern­ment re­port warns.

It comes weeks af­ter a co-pi­lot crashed his Ger­man­wings A320 into the French Alps killing all 150 on board, prompt­ing talk of air­lin­ers one day be­ing 100 per­cent au­to­mated.

In­flight cy­ber­se­cu­rity is “an in­creas­ingly im­por­tant is­sue” that the Fed­eral Avi­a­tion Ad­min­is­tra­tion ( FAA) is just start­ing to ad­dress in earnest, said the au­dit and in­ves­tiga­tive arm of the U.S. Congress.

“Mod­ern com­mu­ni­ca­tions tech­nolo­gies, in­clud­ing IP con­nec­tiv­ity, are in­creas­ingly used in air­craft sys­tems, cre­at­ing the pos­si­bil­ity that unau­tho­rized in­di­vid­u­als might ac­cess and com­pro­mise air­craft avion­ics sys­tems,” the Gov­ern­ment Ac­count­abil­ity Of­fice (GAO) re­port said.

In the past, the elec­tron­ics used to con­trol and nav­i­gate air­craft — known as avion­ics — have func­tioned au­tonomously, said the GAO.

“How­ever, ac­cord­ing to FAA and ex­perts we spoke to, IP net­work­ing may al­low an at­tacker to gain re­mote ac­cess to avion­ics sys­tems and com­pro­mise them,” the GAO said.

In the­ory, fire­walls ought to pro­tect avion­ics “from in­tru­sion by cabin-sys­tem users, such as pas­sen­gers who use in-flight en­ter­tain­ment sys­tems.”

But four cy­ber­se­cu­rity ex­perts told the GAO that fire­walls, be­ing soft­ware com­po­nents, can be hacked and cir­cum­vented “like any other soft­ware.”

The FAA, the avi­a­tion author­ity of the United States, has yet to de­velop reg­u­la­tions to make “cy­ber­se­cu­rity as­sur­ance” for avion­ics part of its process for cer­ti­fy­ing new air­craft.

FAA of­fi­cials told the GAO how­ever that cy­ber­se­cu­rity is an in­creas­ingly im­por­tant con­cern and that it is shift­ing its cer­ti­fi­ca­tion fo­cus to ad­dress it.

‘ No ev­i­dence this has


Gerald Dilling­ham, a co- au­thor of the GAO re­port, said the is­sue par­tic­u­larly af­fects a new gen­er­a­tion of In­ter­net-con­nected air­craft that in­cludes the Boe­ing 787 Dream­liner and Air­bus A350.

To date, he told AFP, there is no sign that any “bad ac­tors” have suc­cess­fully planted a virus or mal­ware into an avion­ics sys­tem.

“We don’t have any ev­i­dence that this has oc­curred and we are hop­ing that rais­ing this ques­tion will make it less likely to oc­cur,” he said.

Last month’s Ger­man­wings crash, in which the cap­tain was re­port­edly locked out of the cock­pit by his co- pi­lot, raised the specter of ro­bots one day tak­ing the place of hu­mans at the con­trols to pre­vent a deadly re­peat.

Re­spond­ing to the GAO re­port, Air­bus said it was “con­stantly as­sess­ing and re­vis­it­ing the sys­tem ar­chi­tec­ture of our prod­ucts with an eye to es­tab­lish­ing and main­tain­ing the high­est stan­dards of safety and se­cu­rity.”

“Be­yond that, we don’t dis­cuss de­sign de­tails or safe­guards pub­licly, as such dis­cus­sion might be coun­ter­pro­duc­tive to se­cu­rity,” its Wash­ing­ton spokesman Clay McConnell told AFP by email.

In a state­ment to U.S. me­dia, Boe­ing said its air­craft are de­liv­ered with more than one nav­i­ga­tional sys­tem avail­able to pi­lots.

“No changes to the flight plans loaded into the air­plane sys­tems can take place with­out pi­lot re­view and ap­proval,” it said.

“In ad­di­tion, other sys­tems, mul­ti­ple se­cu­rity mea­sures, and flight deck op­er­at­ing pro­ce­dures help en­sure safe and se­cure air­plane op­er­a­tions.”

Newspapers in English

Newspapers from Taiwan

© PressReader. All rights reserved.