dslreports logo
 story category
GAO Warns In-Flight Wi-Fi a Hackable Hijack Risk

Not only is in-flight Wi-Fi expensive and slow, it's a potential attack vector for hackers, warns a new government report. The US Government Accountability Office (GAO) has issued a new study (pdf) claiming that in-flight Wi-Fi leaves the door open for attackers to damage, and potential hijack, commercial airliners.

Click for full size
“New networking technologies connecting FAA’s ATC information systems expose these systems to new cybersecurity risks, potentially increasing opportunities for systems to be compromised and damaged," notes the GAO study.

"Such damage could stem both from attackers seeking to gain access to and move among information systems, and from trusted users of the systems, such as controllers or pilots, who might inadvertently cause harm," the GAO said.

Some however have criticized the study for being alarmist and not fully understanding how avionics and plane technology actually work. Dr Phil Polstra, a pilot and professor of digital forensics at Bloomberg University, tells Forbes, for example that in-flight Wi-Fi doesn't function on the same network as cockpit navigation systems, and that other plane technologies are one-way communications systems that can't be compromised:

quote:
"The information passed on to the inflight entertainment system is via something called a NED (Network Extension Device). This device is not a router. This is a device that must be programmed to pass certain information to the entertainment system (aircraft position, etc.).

“This is a one-way communication. Even if someone were able to send information back toward the avionics, they aren’t listening for information from the in-flight entertainment systems… Since the computer doesn’t try and read information on those wires it is not likely to be useful to an attacker."
While there's no documented case of an airplane being hacked and manipulated yet, there have been instances where infotainment systems and avionics were separated by a single software firewall, something the GAO says is a potential problem with the Boeing 787 Dreamliner, Airbus A350 and A380 aircraft. The GAO study appears to simply offer a warning call to the FAA and security experts to keep security in mind, and explore options like air gapping public and cockpit networks.
view:
topics flat nest 

vaxvms
ferroequine fan
Premium Member
join:2005-03-01
Polar Park

vaxvms

Premium Member

Don't make the FPI suspcious

A security researcher joked about hacking a plane ("We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems.") and was picked up by the FBI. They didn't think it was one bit funny.

»www.zdnet.com/article/jo ··· -safety/

cableties
Premium Member
join:2005-01-27

cableties

Premium Member

Re: Don't make the FPI suspcious

Not something to joke about, considering that United Airlines was one of the planes involved on 9/11. These "Security Research Firms" think they can use fear and ignorance to shake down companies with total disregard for their actions. Totally unprofessional. Why not setup a demo on a plane with the company, not broadcast "Hey, look at me, I'm hackz0r URZ flight!"

BimmerE38FN
join:2002-09-15
Boise, ID

BimmerE38FN

Member

Maybe...Maybe not...

It maybe alarmist information and it's always good to try to be aware of any future possibilities and prevent them. From what I know, the systems are separate from each other from what I'm told and is fairly complex and hard to even begin to try to attempt something. If anything were to happen, it would have to be done on-board the plane. Trying to attempt something from the ground to the plane while in flight is not really possible since WiFi signals don't go that far, even with high powered signals, you'd need the ability to track the plane and maintain the signal and connection. I'm sure the FAA has been looking into this since the advent of WiFi and Internet on-board planes now and would review all the possibilities and make preventative and deterrent adjustments where needed. My 2 cents.

tshirt
Premium Member
join:2004-07-11
Snohomish, WA

tshirt

Premium Member

Re: Maybe...Maybe not...

One of the safeguards is the crew can shut off the wifi, which would be a first step in any apparent computer problem "reboot and bring systems back 1 at a time"
It's a training item to the crew to react even if passengers complain.
Harder is if it's a less noticeable hack, like all the altitude indicators will read 100' high on the next low visablity approach

BimmerE38FN
join:2002-09-15
Boise, ID

BimmerE38FN

Member

Re: Maybe...Maybe not...

If they could get in to that system...

tshirt
Premium Member
join:2004-07-11
Snohomish, WA

tshirt

Premium Member

Re: Maybe...Maybe not...

probably not, in this case, but it applies more and more when you see calls for more remote/automated control. and it applies to EVERY self driving car and many human drive cars....that could submit to wireless control over manual.
And more buses, cars and trucks get their "freedom" everyday.
between hackers, bugs, and "incidental" errors we may be battling the machines sooner than we think.

jap
Premium Member
join:2003-08-10
038xx

jap

Premium Member

Same frequency band?

I was hoping the article would make a statement about frequency bands of 802.11x versus avionics. I've a hard time accepting avionics would be allowed to utilize the same frequency range any common consumer device uses.

BimmerE38FN
join:2002-09-15
Boise, ID

BimmerE38FN

Member

Re: Same frequency band?

Not even close to same freq ranges on avionics. Why WiFi and devices are allowed now. Just took them time to test and make sure consumer devices would not interfere with avionics and flight operations.

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK

KrK

Premium Member

Re: Same frequency band?

The only danger I could ever see would be if badly designed electronics with insufficient safeguards could fail and start a fire from overheating.

BimmerE38FN
join:2002-09-15
Boise, ID

BimmerE38FN

Member

Re: Same frequency band?

That has already happened. Entertainment system started a fire on a flight...

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK

KrK

Premium Member

Re: Same frequency band?

Right, it wouldn't surprise me. Electronics that go on an airline would have to be very quality designed, like full military spec. No way you want some crappy power supply shorting out and starting a fire, for example.

BimmerE38FN
join:2002-09-15
Boise, ID

BimmerE38FN to jap

Member

to jap
Exactly!

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB

Premium Member

Everbody in Unison Now


"If it can be built by human hands, it can be broken by human hands."

Personally I say if it shares any physical equipment it is not secure enough for this environment. In flight network for access for passengers must be completely isolated.

WHT
join:2010-03-26
Rosston, TX

WHT

Member

Nothing Is Foolproof

Nothing is foolproof...fools are ingenious.
Skippy25
join:2000-09-13
Hazelwood, MO

Skippy25

Member

Awesome GIF!

Airplane.... one of the classics!
travisdh1
join:2007-10-20
Wooster, OH

travisdh1

Member

*facepalm* Really?

Why id the wifi and coms for it not a completely separate system from the avionics? Who thought that could possibly be a good idea?

SimbaSeven
I Void Warranties
join:2003-03-24
Billings, MT

SimbaSeven

Member

Separate Networks?

It would be a no-brainer to separate the Public network and the Private network. Unfortunately, many corporations don't want the added "expense", even though it's as easy as adding a VLAN.

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

1 recommendation

NOYB

Premium Member

Re: Separate Networks?

VLAN separation not acceptable. Must be completely isolated at physical level. No shared/common equipment, RF spectrum, etc.

PoloDude
Premium Member
join:2006-03-29
Aiken, SC

PoloDude

Premium Member

Why is this

report from the GAO? Aren't they an ACCOUNTING office? Or am I missing something here?

B4Knight
Premium Member
join:2014-03-20
Colon, MI

B4Knight

Premium Member

Re: Why is this

More than just accounting.. »en.wikipedia.org/wiki/Go ··· y_Office
BiggA
Premium Member
join:2005-11-23
Central CT

BiggA

Premium Member

MH370

All signs point to MH370 being hijacked via the E/E bay and flown to Kazakhstan, and it didn't even on board Wifi. So there are other things they should probably be worrying about!

exocet_cm
Writing
Premium Member
join:2003-03-23
Brooklyn, NY

exocet_cm

Premium Member

Re: MH370

I read that theory and it sounds pretty damn tight.
BiggA
Premium Member
join:2005-11-23
Central CT

BiggA

Premium Member

Re: MH370

Yeah. It's the only theory that's able to even stay consistent with all the evidence, as crazy as it seems. And the whole Ukraine thing happening at the EXACT same time...

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK

KrK to BiggA

Premium Member

to BiggA
Well, that's news to the people searching for it in the Indian Ocean, then.

So my guess is that all signs do not point to the plane flying to Kazakhstan.
OldCableGuy (banned)
join:2014-12-19

OldCableGuy (banned) to BiggA

Member

to BiggA
Wild conspiracy theories are not "all signs"
BiggA
Premium Member
join:2005-11-23
Central CT
·Frontier FiberOp..
Asus RT-AC68

BiggA

Premium Member

Re: MH370

Have you read Jeff Wise's e-book? He's actually an aviation expert, not some crackpot conspiracy theorist. His theory is a credible explanation to what most likely happened to MH370, while the Diego Garcia and other theories are crackpot conspiracy theories.
Joe12345678
join:2003-07-22
Des Plaines, IL

Joe12345678

Member

Remember the the lone gunmen ep1?

Remember the the lone gunmen ep1? the talked about hacking planes and useing them to crash in to the trade towers (episode aired six months before 9/11)

and now we have the case of MH370 (may of been a hack or some kind of computer fail) and airasia flight 8501 (there is a report saying the caption was trying to hard reset the systems to fix an computer glitch (You can reset the FAC, but to cut all power to it is very unusual,"))

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK

KrK

Premium Member

Re: Remember the the lone gunmen ep1?

Any inflight wifi, or entertainment system is not connected to any avionics. You can't gain control of the flight control computers by simply accessing the internet.

exocet_cm
Writing
Premium Member
join:2003-03-23
Brooklyn, NY

1 recommendation

exocet_cm

Premium Member

Re: Remember the the lone gunmen ep1?

Sounds like a whistle into the phone system to launch nukes scenario to me....
OldCableGuy (banned)
join:2014-12-19

OldCableGuy (banned)

Member

Re: Remember the the lone gunmen ep1?

Except that was because Ma Bell used in channel signaling, pretty much the opposite of a separate system. The reason why 2600 Hz Captain Crunch whistles don't let you play with trunks today is because AT&T uses OOB signaling. Even though the signaling controls the phone system it's not on the phone system. Same with these planes, even though the in flight entertainment can show the location, altitude, etc; doesn't mean they're on those networks.

exocet_cm
Writing
Premium Member
join:2003-03-23
Brooklyn, NY

exocet_cm

Premium Member

Re: Remember the the lone gunmen ep1?

said by OldCableGuy:

Except that was because Ma Bell used in channel signaling, pretty much the opposite of a separate system. The reason why 2600 Hz Captain Crunch whistles don't let you play with trunks today is because AT&T uses OOB signaling. Even though the signaling controls the phone system it's not on the phone system. Same with these planes, even though the in flight entertainment can show the location, altitude, etc; doesn't mean they're on those networks.

My point was launching nukes while whistling into the telephone system was FUD just like gaining flight control systems simply by accessing WIFI.
Joe12345678
join:2003-07-22
Des Plaines, IL

Joe12345678

Member

need more oversight swissair Flight 111 had a fire do to lax FAA oversight

»usatoday30.usatoday.com/ ··· on_x.htm

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK

KrK

Premium Member

What a load of "Horsepucky"

I can hack my kitchen sink because I have Wi-Fi in my house, and then I will flood the house and drown everybody in it.

Who writes this stuff? Hollywood?

exocet_cm
Writing
Premium Member
join:2003-03-23
Brooklyn, NY

exocet_cm

Premium Member

Re: What a load of "Horsepucky"

Worse, the news media!

Flyonthewall
@teksavvy.com

Flyonthewall

Anon

How else do you sell fear?

You have to make this stuff up to keep threat levels high.