“If Banks Can Be Hacked, Why Not Aircraft?”

A terrorist remotely taking control of a plane is very, very unlikely. Hacking into the system and causing a crash-inducing error (or threatening to activate one to demand ransom) is possible but also not the easiest thing to do at this point. An employee introducing a “ghost” into the machine from the inside is the simplest way to hijack a modern airplane through an act of digital terrorism. That hasn’t happened yet, has it? Has it??? From the Economist:

“How realistic is it for computer hackers to interfere with aircraft while they are in the air, a phenomenon known as cyberjacking? It partly depends on terminology. Hijacking and fully controlling an aircraft by remote means borders on the impossible, according to David Stupples of City University in London, a specialist in communications. But interfering with an aircraft’s systems, including inducing a catastrophic failure, in order to extort money is a distinct possibility, he warns.

There are two ways this could be done, one more likely than the other. The first is a cyber attack from the outside. Passengers increasingly demand internet connectivity for work, games, movies and the like. But drilling holes in fuselages for additional antennae is costly and inefficient. So internet signals are routed through existing communications architecture, such as the Aircraft Communications Addressing and Reporting System (ACARS), which is used for short messages, or the Automatic Dependent Surveillance-Broadcast (ADS-B), an anti-collision system. As these both send and receive information they can, in theory, be targetted. When aircraft become more connected to the wider world they begin to look, electronically at least, like fixed structures. If banks can be hacked, why not aircraft?

Yet such an attack from outside is unlikely due to the technical challenges of overcoming software architectures that, unlike banks, are currently unfamiliar and largely bespoke. It would be far easier to pay a disgruntled employee to implant malware either directly into the aircraft during a maintenance routine or through the jetway when the aircraft docks to upload the In-Flight Entertainment (IFE) system. (The IFE on the Boeing 787 used to link to the flight control system, but the company have since rectified this, according to Mr Stupples.) Just the threat of activating such a program when a flight is in the air could be enough to trigger a ransom.

So why hasn’t it happened yet?”

Tags: