Man claims to hack pilot controls via flight WiFi, highlighting avionic cyber risks

A security researcher claims to have made a commercial aircraft turn sideways through hacking on his laptop, stressing the need for increased in-flight cyber security.

Security researcher Chris Roberts, founder of One World Labs, claims to have hacked a United Airlines’ flight controls through the plane’s in-flight entertainment system, causing it to turn sideways, Associated Press reports.
 
In addition to the allegation that he rotated the airplane on a flight from Denver to Chicago, Roberts also told the FBI that he accessed flight controls more than 15 times between 2011 and 2014 by connecting a cable underneath passenger seats to his laptop.
 
He also tweeted that he had the capability to cause air masks to deploy and set off cockpit alerts.
 
In April, a report issued by the U.S. Government Accountability Office highlighted some of the cybersecurity concerns that exist on commercial aircrafts, and stressed the need for immediate risk mitigation.
 
“Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” read the report.
 
A Columbia University computer science professor told the AP that many airline passengers are now able to alternate between television programming and real-time geographic maps, indicating that in-flight entertainment could be linked to the pilots’ network. This could be exacerbated by airplane WiFi, which may also share tech infrastructure with pilots.
 
The GAO report echoes this concern.
 
“According to cybersecurity experts we interviewed, internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” the report said.
 
While it’s unclear whether Roberts actually succeeded in overriding flight controls, he did help draw attention to a coverage that businesses should view as critical: cyberattack liability insurance.
 
Many organizations are beginning to view digital assaults as inevitable, and seek coverage for breaches and any ensuing damages.
 
"Everyone's swamped with new applications," Nick Economidis, an underwriter at cyberattack insurance provider Beazley Group, told the LA Times.
 
The evolving nature of cyber risks is contributing to this sought-after protection.
 
"Think of a massive cyberattack as an intelligent hurricane," industry consultant Ty Sagalow told the outlet. "If it hits a house that doesn't fall down it learns why the house didn't fall and it changes. "It is a scary thing…Scary things sell insurance."
 
 

Keep up with the latest news and events

Join our mailing list, it’s free!