Support

Explore

HomeNo Image is Available
About UsNo Image is Available
AuthorsNo Image is Available
TeamNo Image is Available
CareersNo Image is Available
InternshipNo Image is Available
Contact UsNo Image is Available
MethodologyNo Image is Available
Correction PolicyNo Image is Available
Non-Partnership PolicyNo Image is Available
Cookie PolicyNo Image is Available
Grievance RedressalNo Image is Available
Republishing GuidelinesNo Image is Available

Languages & Countries :






More about them

Fact CheckNo Image is Available
LawNo Image is Available
ExplainersNo Image is Available
NewsNo Image is Available
DecodeNo Image is Available
Media BuddhiNo Image is Available
Web StoriesNo Image is Available
BOOM ResearchNo Image is Available
BOOM LabsNo Image is Available
Deepfake TrackerNo Image is Available
VideosNo Image is Available

Support

Explore

HomeNo Image is Available
About UsNo Image is Available
AuthorsNo Image is Available
TeamNo Image is Available
CareersNo Image is Available
InternshipNo Image is Available
Contact UsNo Image is Available
MethodologyNo Image is Available
Correction PolicyNo Image is Available
Non-Partnership PolicyNo Image is Available
Cookie PolicyNo Image is Available
Grievance RedressalNo Image is Available
Republishing GuidelinesNo Image is Available

Languages & Countries :






More about them

Fact CheckNo Image is Available
LawNo Image is Available
ExplainersNo Image is Available
NewsNo Image is Available
DecodeNo Image is Available
Media BuddhiNo Image is Available
Web StoriesNo Image is Available
BOOM ResearchNo Image is Available
BOOM LabsNo Image is Available
Deepfake TrackerNo Image is Available
VideosNo Image is Available
Boom Picks

How A Hacker Could Hijack A Plane From Their Seat

By - A Staff Writer | 22 May 2015 3:19 PM IST

Reports that a cybersecurity expert successfully hacked into an aeroplane’s control system from a passenger seat raises many worrying questions for the airline industry.

 

It was once believed that the cockpit network that allows the pilot to control the plane was fully insulated and separate from the passenger network running the in-flight entertainment system. This should make it impossible for a hacker in a passenger seat to interfere with the course of the flight.

 

But the unfolding story of this hacker’s achievement, which has prompted further investigation by authorities and rebuttals from plane manufacturers, means that this assumption needs to be revisited.

 

In a similar way, it was once also believed that PIN protection was sufficient for ATMs. Then it was discovered that keystroke logging software can be used to translate sound signals created when pressing the ATM numeric keypad into the PIN, greatly reducing the time needed for hackers to guess for it. This could increase the risk of an ATM security breach compared with the previously held assumption that the system is secure as long as nobody can see it.

 

When it comes to technology, as one person is making sure that a system is secure, another is already working to bypass the established security. That is a worrying prospect when you’re at 30,000 feet and travelling at over 500 miles an hour.

Direct connections

 

The hacker claims to have been able to access the cockpit network through communication with the in-flight network. Many in-flight entertainment systems now have USB ports and some airlines run Wi-Fi. Both are potential entry points for the determined hacker to access all the plane’s computer systems.

 

It is highly unlikely, however, that someone hacking the passenger network could take direct control of the pilot’s network because the two systems are designed to be insulated from each other. Network engineers have long been able to control what data passes between different network segments, and aircraft systems are no exception.

 

The FBI and other authorities may reveal that there is no evidence that the two networks are connected. But another explanation may be the hacker was equipped with a device (or a software probe) that can gather information from both networks. Is that likely? It is certainly possible.

Cockpit control. Shutterstock
 

Although insulated, the two networks in a plane are connected as they share common information about velocity, direction and weather. By monitoring just one network and comparing its traffic to the real world events, it would be very difficult to work out which network signals corresponded to which pieces of information. But by looking at the networks for signals that appear in both at the same time, a hacker may be more likely to infer how the data relate to physical changes.

 

They could then attempt to copy this traffic and send the same instructions, potentially taking control of the aircraft. Even if the messages were digitally encrypted and insulated, theoretically it should still be possible to work out which parts of the network are talking to each other. This means they could also identify the systems sending the instruction and launch an internal denial-of-service (DOS) attack, flooding the system with useless information and preventing the pilots from sending control data to the engines.

Monitoring the network

 

It is becoming imperative that airlines re-evaluate their internal aircraft security, particularly with the introduction of in-flight passenger Wi-Fi. They should also monitor any unusual network traffic that passes between the passenger cabin and the cockpit in order to watch out for any attempts at hacking.

 

The same principles that enable the hacking could be used to watch out for them by allowing two independent monitors to observe the causes and effects of unfolding events on the network via satellite. When both believe that there is an issue, the information could be reported back to the pilot as a noted risk.

 

Network engineers already accomplish this by looking at network traffic behaviour and inferring possible issues, without actually seeing the physical problem first hand. With the-time critical nature of airline safety, having more than one individual check for alerts, increases the possible assurance given to the pilot.

 

Any traffic not expected or requested should be treated as suspect and the prelude to a more detailed investigation. The aircraft could then automatically call on the services of remotely working security experts. This would allow them to warn the pilot of any attempted security breach and provide advice on how to deal with it.

 

This article has been republished from TheConversation.com.

 

Tags: