The potential for hackers to compromise and control commercial airliners via their Wi-Fi networks made headlines last week in response to the General Accounting Office's new 56-page report, “FAA Needs a More Comprehensive Approach to Address Cybersecurity as Agency Transitions to NextGen.”
It's a great report from start to finish, and it didn't escape the attention of the U.S. Congress, which is demanding more research and protections. A few concerned readers emailed to ask about the vulnerability of the systems and the likelihood of an attack.
I'm not an airline communications expert, but considering that the aircraft, crew, and passengers -- in certain solutions and scenarios -- share the same communication components, it's probably true that these airline control systems could be maliciously hacked. I bet in a few instances it might be easier than any of us would like to think, but I could not guess at the severity of the compromise or the potential outcome.
Frankly, it’s hard for me to imagine a system that can’t be compromised. I've yet to be involved in a penetration test with a good crew that did not result in the desired target being accessed and owned. It's very hard for any target to withstand the concentrated efforts of a dedicated team of skilled hackers.
I'm even willing to bet that one or more teams have successfully demonstrated hacking an airplane's control system from the general Wi-Fi network, exactly as we fear. However, it isn't the sort of news that the General Accounting Office, Federal Aviation Administration, or any airline or aircraft manufacturer wants to publicly acknowledge.
Nonetheless, I wouldn't start canceling flights yet, for a few reasons. But first, a little background.
Wi-Fi takes to the air
We've used wireless communications (radio, satellite) between planes and ground stations for as long as we've had commercial flights. What's relatively new is the use of 802.11 Wi-Fi networks that are exactly like the ones you have at work or at home. Airlines want to provide Wi-Fi networks for a variety of reasons, including for crew use and passenger needs.
Of course, adding a Wi-Fi network to a commercial airplane isn't as simple as plugging in a Wi-Fi access point and entering a few configuration commands. As you might imagine, the FAA requires testing and certification not only for the Wi-Fi equipment, but also an assessment of how the Wi-Fi equipment impacts the safe operation of the specific model of airplane. You can read a summary of the FAA’s Wi-Fi certification process here.
Unfortunately, although the FAA and everyone involved absolutely wants to prevent compromises of an airplane's Wi-Fi network, reading through the myriad of documents and checklists makes it clear that malicious hacking isn't one of the FAA’s top worries.
This is exactly why the GAO is bringing up the issue. After reading the GAO's report, you sense a collision (excuse the pun) between the old-school FAA and today's cyber security challenges. Modern airplanes are full of digital screens, file servers, operating systems, big storage drives, multiple networks, and network equipment.
A troubling picture
To get a sense of what these networks include, check out this diagram of Boeing's 737 MAX Advanced Onboard Network System. Although the diagram could very well be inaccurate, it clearly shows passenger wireless, crew wireless, file server, storage, and engine systems as part of a single, consolidated, IP-connected system.
At the least, we can assume that the various systems on an airplane aren't always airgapped. If they were, the GAO wouldn't have written the report and talked about potential malicious access.
The following statement is a fact: If different communication networks share components, then those components can be hacked, and access can occur from one network segment to another.
The GAO report discusses how software-based firewalls are used to separate the various networks. Some concerned people have recommended that they be separated by hardware-based firewalls instead.
That's a bogus solution. All firewalls, software or hardware, can be hacked. Hardware is simply harder-to-patch software -- ask the router jockeys tasked to patch firmware every time their network equipment needs to be updated. I've yet to meet a firewall that didn't have multiple critical vulnerabilities.
That’s true of security products in general; they’re as buggy as any software product on a per-line-of-code basis. I would also bet that many airplanes have systems that share the same logon names and passwords, often across an entire fleet -- a credential hijacker's dream scenario.
So let's dispense with the subtleties. Yes, more than likely, commercial airliners can be hacked from Wi-Fi-accessed networks to their control systems. It's probably more likely now than ever before, and the risk is growing.
I'm not taking a huge gamble in saying this. The GAO already did, in writing, to the FAA and Congress. I'm merely agreeing, although I'll go further and speculate that it's probably already been done (forgive me). Heck, my hacker friends fly the friendly skies all the time. I know many who can't resist hacking every network they encounter -- and there they are, on an airplane, with nothing else to do for hours and hours.
What do you think is going to happen?
The reason I won’t start avoiding airports and taking buses? I think there’s a huge digital divide between being able to bridge two networks on an airplane and crashing or controlling that airplane.
First, most airplanes don't have the sort of connectivity discussed in Boeing's 737 MAX computer system (though they all will in the future). Probably the biggest saving grace for us in this scenario is that the type of access needed to accomplish a major digital disturbance on an airplane doesn't exist on most jets. You have far more fly-by-wire mechanisms than controls activated by digital circuits running on a network.
Second, every airliner's network has to be configured and certified differently. It's less Windows and OS X monocultures and more like Linux distros from hell. Each of those systems would have to be learned and penetrated differently. Although I'm sure there are lessons, vulnerabilities, and logon credentials that can be used across multiple plane models, hackers still have to learn what works where.
Third, the FAA, airline manufacturers, and airlines have not ignored this particular type of threat. In fact, I've been in a few airline boardrooms discussing new wireless solutions, and I can assure you that everyone in the room has some sort of doomsday scenario in mind. Not everyone around the table is a rocket scientist, but there are always a few bright people considering the right details. Many of the most likely scenarios have been addressed for years.
Fourth, and very important, systems on airplanes are rife with redundancy, backups, and fail-safe modes. Pilots are trained and trained again on how to handle system problems. They can disengage, disconnect, and ignore malfunctioning systems. Heck, they do it all the time during normal flight operations, and passengers are none the wiser.
The fifth and last reason why I'm not worried about planes dropping out of the skies from digital warfare is the very news that garnered headlines last week. The GAO's excellent report is an early warning about what can happen if we don't start to pay attention, especially as air travel progresses deeper into the digital world. Many people probably felt that some airlines and the FAA were not being concerned enough, which led to the GAO's report.
The alarm has been sounded. Lots of smart people will now get involved and make sure the details that were probably fairly well handled to begin with are handled even better.
Knowing what we now know about potential network vulnerabilities, how can we relax about air travel? Because other people are stressing about it for us. That makes me stress a lot less.