Christmas and New Year's Eve are right around the corner. People from all across the country will be traveling so they can spend the holidays with friends and family. With so many travelers heading to the airport, you might want to think about signing up for the TSA's PreCheck program.
The last thing you want to worry about during this joyful season is your safety while traveling. Unfortunately, there's a frightening new report out about security on an airplane.
Ruben Santamarta, with cybersecurity company IOActive, has discovered flaws in the Panasonic Avionics In-Flight Entertainment (IFE) system. This system is used in several commercial airlines including American Airlines, Virgin Airlines and Emirates to name a few.
What's the risk?
Santamarta said that the vulnerabilities he found could allow hackers to commit cyberfraud. Cybercriminals could access some of the IFE unit's backend to acquire passengers' frequent flyer membership details and use it to steal personal information.
Furthermore, he said hackers could put up phony images on the IFE screens, detailing incorrect flight information. The scammer could post misinformation about the plane's route, speed or altitude or even take over the airline crew's PA system. This could cause passengers to panic and create chaos on the flight.
Finally, Santamarta's most shocking claim is that a hacker could remotely take over control of the airplane. He said that a skilled hacker could use the IFE as a gateway to the aircraft's controls.
To be clear, this is theoretical at the moment. As of now, there are no known exploits that would give the hacker a physical path to the airplane's control system.
An airplane has four domains for data. Aircraft control, airline information services, passenger entertainment and passenger-owned devices.
Santamarta is worried that a cybercriminal could cross the 'red line' between these domains. He said, "I don't believe these systems can resist solid attacks from skilled malicious actors. As such, airlines must be incredibly vigilant when it comes to their IFE systems, ensuring that these and other systems are properly segregated and each aircraft's security posture is carefully [analyzed] case by case."
The "DailyMail" reached out to airlines for comment on these risks. Spokespeople for each airline said pretty much the same thing, that they take the safety of their passengers seriously and they are not at risk from the IFE systems.
An Emirates spokesperson said, "Emirates can confirm there is no risk to the safety of our aircraft. We have been a long-term partner of Panasonic Aviation Corporation (PAC) and we utilize their [in-flight] entertainment systems on our aircraft. Matters of aviation cybersecurity are of utmost importance to Emirates and we continuously work with Panasonic on robust assessments to update our IFE systems and have measures in place to resolve any issues. The safety of our passengers and crew on board is a priority and will not be compromised."
We've warned you in the past that hackers have been targeting your frequent flyer miles. Click here to find out how to protect your information.
As far as a hacker taking control of an airplane, we don't believe that is possible yet. Keep checking in with our Happening Now section and we'll let you know if there are any developments.