Are Commercial Airliners At Risk Of Being Hacked?

As more commercial aircraft become plugged into the digital world, concerns have begun to surface over the security of these channels of communication. On the ground, cybercrime is on the rise, so why wouldn’t it be in the air too? We take a look at whether commercial aircraft can be hacked, and if we should be worried about the consequences.

The rise of connected aircraft

Connected aircraft are becoming increasingly common, and not just for passengers who want to stay online while 30,000 feet above the world. Passenger WiFi is, in some ways, very much in its infancy, whereas connected cockpits are far more widespread.

Pilots have been able to bin thick user manuals and reams of paper maps in favor of digital alternatives. Even those aircraft which are not connected while in flight will be linked up when they arrive at the gate, with airlines keen to download data about everything, from engine performance to peanut consumption.

With this in mind, airlines are realizing that digital security is no longer a nice addition to their toolbox; it’s an absolutely essential component of a secure, successful operation.

Has hacking happened?

The hacking of aircraft has already taken place on multiple occasions, although none of the outcomes have been as sinister as you might think.

In 2016, the US Department of Homeland Security did what the aviation industry said wasn’t possible. A team of researchers, led by Robert Hickey, hacked into a Boeing 757 which was on the ground at Atlantic City. While the details of the hack were, quite rightly, kept top secret, the news raised important questions about the security of onboard connectivity.

BA ipad — Many aircraft around the world offer connectivity. Photo: British Airways

In early 2018, Aviation Today said that hacking of aircraft was already going on. Their report quoted Alan Pellegrini, president and CEO of Thales USA, as saying there had already been hacks of aviation-related systems including IFE, data communications between pilots and on the ground controllers, as well as airline operations systems. Pellegrini said,

“I’m not trying to scare anybody but these things are happening. As the aircraft become connected, there are real hacks.”

This was further supported by an announcement at last year’s Black Hat cybersecurity conference in Vegas when Ruben Santamarta from IOActive claimed he had hacked hundreds of aircraft in flight, from the ground. The cybersecurity researcher said he had exploited weaknesses in satellite equipment to hack into the planes.

He claimed he could have infiltrated the onboard WiFi to snoop on connected passenger’s devices, should he have wanted to. However, his attack never compromised the aircraft’s safety systems.

Should we be worried?

10 years ago, Boeing faced some criticism over the onboard systems of the Dreamliner, at which time they said,.

“Critical flight systems cannot be accessed from an aeroplane’s non-critical systems.”

This segmentation of systems is crucial to understanding the reality of the threat the cybersecurity poses. Yes, it might be possible for a hacker to infiltrate onboard WiFi and, yes, this could mean that personal devices and therefore personal details are put at risk. But, thanks to the complete divide between this system and the one used for flight and safety-critical functions, the risk to our safety on board is minimal.

This was further supported by Careen at the IATA conference, where he told us,

“There have been claims by hackers that they have the ability to hack the passenger domain communications equipment on aircraft and access critical flight systems. This is not the case.

“No systems critical to flight safety have ever been put at risk.”

Nick Careen speaking at IATA's Media Days on cybersecurity. Photo: IATA

Much is being done by organizations like IATA, ICAO, the FAA and others, as well as at manufacturer and governmental level, to keep aircraft as safe as possible even when they are connected. The way in which communication systems are segmented between customer-facing connections and flight critical connections should provide some peace of mind that a hack which endangers our safety in the air is far less likely to happen.

What do you think? Are you worried about hacks on connected aircraft? Let us know in the comments.