Although air travel is still a relatively safer form of transportation, the wide uses of airplane computers, automated piloting systems and even in-flight Wi-Fi networks and entertainment systems raise this $64,000 question - how safe are our commercial planes from cyberattacks and remote hacks?
Well, recently acquired documents show that the U.S. government is concerned about aviation cybersecurity, and security experts are now rushing to seek out and resolve any software vulnerabilities of commercial aircraft.
Obviously, a successful remote hack of a commercial flight by terrorists will not only endanger the lives of its passengers, it will have a long-term impact on the economy, as well.
Read on and learn what potential hacking dangers and issues are currently threatening the airline transport industry.
It's only a matter of time
According to government documents acquired by Motherboard, the U.S. Department of Homeland Security (DHS) fears that it is "only a matter of time" before a commercial plane is hacked and causes a "catastrophic disaster."
Scarier still, the documents also showed how most planes in use today still don't have enough cyberattack protections in place.
The risk assessment documents follow a series of tests conducted by the DHS to assess vulnerabilities in commercial aircraft and what the U.S. government should anticipate after such hacking attacks.
If you can recall, DHS security researchers successfully hacked a Boeing 757 back in 2016 using radio frequency communications. The team was able to access and gain control of the plane’s systems without the pilots' knowledge.
In-flight Wi-Fi hacks
Other documents also suggest that the DHS cybersecurity team may have already performed hacking tests on other aircraft. Among the tests listed are attacks on a commercial plane's Wi-Fi and in-flight entertainment systems.
In-flight Wi-Fi hacking has been a security concern for years now. Back in 2015, an FBI search warrant claims that security researcher Chris Roberts was able to briefly control a plane by hacking into its in-flight entertainment system.
How was that possible? Shouldn't passenger Wi-Fi systems and a plane's critical controls be totally separate?
Well, in the same year, another leaked report from the U.S. Government Accountability Office said that some Boeing and Airbus planes actually have in-flight Wi-Fi systems that are linked to the piloting systems of the planes themselves.
No cyber protections in place
Now, here's the most disturbing part - the DHS reports suggest that most commercial aircraft in use today still have little or no protection against cyberattacks.
"Today’s commercial aviation backbone is built upon a network of trust; most commercial aircraft currently in use have little to no cyber protections in place," the DHS report states.
Based on Boeing's estimated 20-year service life for its current aircraft, these vulnerabilities and flaws could last for 15 to 20 years, the report added.
However, Boeing's media relations lead Paul Bergman told Motherboard that the company is "confident in the cybersecurity measures of its airplanes."
"Multiple layers of protection, including software, hardware, network architecture features, and governance are designed to ensure the security of all critical flight systems from intrusion,” Bergman added.
Although the DHS stated that it is working with "both researchers and vendors to identify and mitigate vulnerabilities in the aviation sector," it is expecting significant reluctance by the industry to expend resources to prevent cyberattacks.
Impact of an airline hack
The DHS documents also list the possible consequences of a successful malicious commercial plane hack, including:
- creating the public perception that there is a risk to aircraft operations
- disruptions to both commercial and military air cargo operations
- effects on competition if a single airline is targeted
In short, if any discovered commercial aircraft vulnerabilities are not addressed, aside from putting the public in danger, their effects could have significant economic consequences to the aviation transportation industry.
Want to find out more about the risk to your safety? Click here to read the entire DHS aviation risk assessment document. Note: Due to an exemption of Freedom of Information and Privacy Act, large sections of the document were withheld.
Who could launch the ultimate cyberattack against America?
Cyber warfare is evolving constantly and there's a growing concern smaller malware campaigns are mere smokescreens for the ultimate terrorist threat - a weaponized cyberattack that is designed to take down key civilian infrastructures and cripple an entire nation. Who are capable of launching such attacks against the U.S.? Click here to find out.