Inflight entertainment and IP connectivity expose airliners to hackers

WASHINGTON — Hackers could exploit inflight entertainment systems to fatally sabotage the cockpit electronics of a new generation of airliners connected to the Internet, a US government report warns.

It comes weeks after a co-pilot crashed his Germanwings A320 into the French Alps killing all 150 on board, prompting talk of airliners one day being 100 per cent automated.

Inflight cybersecurity is “an increasingly important issue” that the Federal Aviation Administration [FAA] is just starting to address in earnest, said the audit and investigative arm of the US Congress.

“Modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorised individuals might access and compromise aircraft avionics systems,” the Government Accountability Office (GAO) report said.

In the past, the electronics used to control and navigate aircraft — known as avionics — have functioned autonomously, said the GAO.

“However, according to FAA and experts we spoke to, IP networking may allow an attacker to gain remote access to avionics systems and compromise them,” the GAO said.

In theory, firewalls ought to protect avionics “from intrusion by cabin-system users, such as passengers who use inflight entertainment systems”.

But four cybersecurity experts told the GAO that firewalls, being software components, can be hacked and circumvented “like any other software”.

The FAA, the aviation authority of the United States, has yet to develop regulations to make “cybersecurity assurance” for avionics part of its process for certifying new aircraft.

FAA officials told the GAO, however, that cybersecurity is an increasingly important concern and that it is shifting its certification focus to address it.

‘No evidence this has occurred’

Gerald Dillingham, a co-author of the GAO report, said the issue particularly affects a new generation of Internet-connected aircraft that includes the Boeing 787 Dreamliner and Airbus A350.

To date, he told AFP, there is no sign that any “bad actors” have successfully planted a virus or malware into an avionics system.

“We don’t have any evidence that this has occurred and we are hoping that raising this question will make it less likely to occur,” he said.

Last month’s Germanwings crash, in which the captain was reportedly locked out of the cockpit by his co-pilot, raised the spectre of robots one day taking the place of humans at the controls to prevent a deadly repeat.

Responding to the GAO report, Airbus said it was “constantly assessing and revisiting the system architecture of our products with an eye to establishing and maintaining the highest standards of safety and security”.

“Beyond that, we don’t discuss design details or safeguards publicly, as such discussion might be counterproductive to security,” its Washington spokesman Clay McConnell told AFP by e-mail.

In a statement to US media, Boeing said its aircraft are delivered with more than one navigational system available to pilots.

“No changes to the flight plans loaded into the airplane systems can take place without pilot review and approval,” it said.

“In addition, other systems, multiple security measures, and flight deck operating procedures help ensure safe and secure airplane operations.”

Meanwhile, one of the world’s foremost experts on counter-threat intelligence within the cybersecurity industry, who blew the whistle on vulnerabilities in airplane technology systems in a series of recent Fox News reports, has become the target of an FBI investigation himself.

Chris Roberts of the Colorado-based One World Labs, a security intelligence firm that identifies risks before they’re exploited, said two FBI agents and two uniformed police officers pulled him off a United Airlines Boeing 737-800 commercial flight last week just after it landed in Syracuse, and spent the next four hours questioning him about cyberhacking of planes.

The FBI interrogation came just hours after Fox News published a report on Roberts’ research, in which he said: “We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems. Quite simply put, we can theorise on how to turn the engines off at 10,688 metres and not have any of those damn flashing lights go off in the cockpit.”