Hacking aircraft: Remote control

cyberjackingIN ONE of his many former lives, Gulliver qualified as a pilot. He therefore exudes an aura of unquestionable confidence when striding into an aircraft cabin, secure in the belief that, if the worst happens and both pilots have the fish, he could take charge of the cockpit and calmly land the plane, Sullenberger-style. Cue the applause.

At least he did. Nowadays, he is less sure, for two reasons. First, fly-by-wire has become the norm. As the direct link between bicep and control surface has been severed, it has rendered much of Gulliver’s skill obsolete. Second, the technical sophistication of modern aircraft means that pilots are no longer necessarily masters of the plane’s destiny. As Britain’s parliament heard last week, protecting the data links connecting ground and aircraft from cyber hackers is a “conundrum for the future”.

How realistic is it for computer hackers to interfere with aircraft while they are in the air, a phenomenon known as cyberjacking? It partly depends on terminology. Hijacking and fully controlling an aircraft by remote means borders on the impossible, according to David Stupples of City University in London, a specialist in communications. But interfering with an aircraft’s systems, including inducing a catastrophic failure, in order to extort money is a distinct possibility, he warns.

There are two ways this could be done, one more likely than the other. The first is a cyber attack from the outside. Passengers increasingly demand internet connectivity for work, games, movies and the like. But drilling holes in fuselages for additional antennae is costly and inefficient. So internet signals are routed through existing communications architecture, such as the Aircraft Communications Addressing and Reporting System (ACARS), which is used for short messages, or the Automatic Dependent Surveillance-Broadcast (ADS-B), an anti-collision system. As these both send and receive information they can, in theory, be targetted. When aircraft become more connected to the wider world they begin to look, electronically at least, like fixed structures. If banks can be hacked, why not aircraft?

Yet such an attack from outside is unlikely due to the technical challenges of overcoming software architectures that, unlike banks, are currently unfamiliar and largely bespoke. It would be far easier to pay a disgruntled employee to implant malware either directly into the aircraft during a maintenance routine or through the jetway when the aircraft docks to upload the In-Flight Entertainment (IFE) system. (The IFE on the Boeing 787 used to link to the flight control system, but the company have since rectified this, according to Mr Stupples.) Just the threat of activating such a program when a flight is in the air could be enough to trigger a ransom.

So why hasn’t it happened yet? There are two probable answers. First, the airlines and authorities are aware of the danger and are actively taking steps to address the threat, including designing fall-back systems to revert to basic manual control in the event of an anomaly discovered in the system. Second, the integration of aircraft systems, which increases the chances of finding a way through the entire architecture, is a relatively new development, brought in with the move to fibre optic cabling and data buses.

But there is another possibility: perhaps it has already happened. Just as smartphones have been disabled with “ransomware” (“send money to this account and you’ll get the code to unlock your phone”) perhaps airline companies have had erroneous messages pop up indicating the malicious potential of an anonymous extorter. If so, would they tell the passengers and watch the share price collapse? Mr Stupples is gloomy: “if it can happen, it will”.

This article was published in The Economist on 4th November 2014.  See this link.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s