In the 1980s, travelers aboard long flights had very few options for in-flight entertainment (IFE). They might be able to watch a movie projected on a screen at the front of the cabin, maybe listen to music with their Walkman or read. Fast forward to today, many airplanes are equipped with individual LCD screens capable of playing movies, TV shows and songs on-demand, as well as Wi-Fi internet connectivity, allowing travelers to check Facebook at 30,000 feet.
But beware. . . where there’s Wi-Fi, there are hackers lurking. In addition to hacking devices connected to the in-flight Wi-Fi, hackers can actually take control of the airplane, mid-flight. Federal lawmakers now want to make sure that doesn’t happen.
A 2015 report by the Government Accountability Office found that the Federal Aviation Administration’s Next Generation Air Transportation System faces various cybersecurity challenges, including protecting air-traffic control information systems and aircraft avionics that operate flight systems. The report said internet connectivity could potentially result in unauthorized remote access to aircraft systems.
The report was right.
The same year, security researcher Chris Roberts told the FBI that he exploited vulnerabilities in IFE systems on various Boeing Co. and Airbus SAS aircrafts. Roberts said he was then able to connect to other systems on the airplane network, and overwrite the plane’s trust management code, causing the airplane to move sideways mid-flight. An in-the-sky version of hackers using internet-connected system to make control connected cars.
Lawmakers have noticed the cybersecurity threats raised by in-flight internet connectivity and are doing something about it. In March, Sens. Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced the Cybersecurity Standards for Aircraft to Improve Resilience Act (S.679), which seeks to identify and address cybersecurity vulnerabilities on commercial aircraft.
Forget snakes on a plane; hackers on a plane may be the bigger threat!