How easy is it to hack an airplane?

  • By Andrea Peterson The Washington Post
  • Tuesday, April 21, 2015 1:22pm
  • Business

Chris Roberts knows a lot about hacking planes, but not because he’s trying to make them fall out of the sky. His job as a security researcher is to prevent those types of breaches from happening – whether’s it’s on a plane or in a major retailer’s computer system.

But a tweet joking about “playing” with a plane’s on-board communications systems made while Roberts was on a United Airlines flight last week landed him in hot water. The FBI questioned him for several hours after he landed, and confiscated his laptop and hard drives. Over the weekend, he was blocked from boarding another United flight while on the way to speak at a security conference.

Roberts was able to book a last-minute flight on another airline. But his research raises a bigger question: How hackable are the planes that millions of worldwide travelers rely on? The answer, it turns out, is up for debate.

Planes are increasingly designed to give passengers more access to technology, mostly through in-flight WiFi. But connectivity may have a dark side. Last week, the Government Accountability Office released a report saying that security researchers have warned that this trend leaves planes less secure by providing a “direct link” between an aircraft and the outside world that could be leveraged by hackers.

Keeping flight-related and entertainment systems separate can be one way to limit an attacker’s access, but not all planes are designed with that in mind. In 2008, the Federal Aviation Administration expressed concern that the Boeing 787 Dreamliner combined some of that digital infrastructure – saying that the design “may result in security vulnerabilities.”

Modern planes use digital defenses called firewalls to protect critical technology used during flight against intrusions from someone who has gained access to other parts of the aircraft such as in-flight entertainment systems, the report said. Some cybersecurity experts worry that isn’t enough, arguing that “because firewalls are software components, they could be hacked like any other software and circumvented,” according to the report. (Some critics of the report say it may have overstated the risks.)

Boeing and competitor Airbus have defended the security of their systems. “Multiple security measures and flight deck operating procedures help ensure safe and secure airplane operations,” Boeing said in a statement to CNN in response to the GAO report.

But over the years, many researchers have warned about potential problems – including Roberts, the founder of One World Labs, who has given several talks about airplane cybersecurity.

Brad “RenderMan” Haines, a researcher who has investigated potential vulnerabilities in aircraft tracking systems, said limited access to the technology can make comprehensive audits difficult. “A lot of our research we can only take so far because we don’t want to cause problems – but all of the evidence seems to point to there being issues that remain unresolved,” he said.

In an interview with CNN after being detained by the FBI, Roberts said he tested theories about how much visibility into avionic systems he had from the passenger cabin – pulling out his laptop and connecting it to a box underneath his seat 15 to 20 times on flights – and was able to view sensitive data. That interview, combined with the tweet, seems to have set off alarm bells at United.

“Given Mr. Roberts’s claims regarding manipulating aircraft systems, we’ve decided it’s in the best interest of our customers and crew members that he not be allowed to fly United,” United spokesman Rahsaan Johnson told The Washington Post. “However, we are confident our flight control systems could not be accessed through techniques he described.”

The Electronic Frontier Foundation, which represents Roberts, called United’s decision “both disappointing and confusing.”

“Security researchers are allies, not opponents, and their work makes us all more safe, not less,” EFF staff attorney Nate Cardozo said. “We fear that United’s actions here will cause a real chilling effect, and that researchers will be less likely to help United improve their security in the future based on its over reaction to Mr. Roberts’s statements.”

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Business

Szabella Psaztor is an Emerging Leader. (Olivia Vanni / The Herald)
Szabella Pasztor: Change begins at a grassroots level

As development director at Farmer Frog, Pasztor supports social justice, equity and community empowerment.

Owner and founder of Moe's Coffee in Arlington Kaitlyn Davis poses for a photo at the Everett Herald on March 22, 2024 in Everett, Washington. (Annie Barker / The Herald)
Kaitlyn Davis: Bringing economic vitality to Arlington

More than just coffee, Davis has created community gathering spaces where all can feel welcome.

Simreet Dhaliwal is an Emerging Leader. (Olivia Vanni / The Herald)
Simreet Dhaliwal: A deep-seated commitment to justice

The Snohomish County tourism and economic specialist is determined to steer change and make a meaningful impact.

Emerging Leader John Michael Graves. (Ryan Berry / The Herald)
John Michael Graves: Champion for diversity and inclusion

Graves leads training sessions on Israel, Jewish history and the Holocaust and identifying antisemitic hate crimes.

Gracelynn Shibayama, the events coordinator at the Edmonds Center for the Arts, is an Emerging Leader. (Olivia Vanni / The Herald)
Gracelynn Shibayama: Connecting people through the arts and culture

The Edmonds Center for the Arts coordinator strives to create a more connected and empathetic community.

Eric Jimenez, a supervisor at Cocoon House, is an Emerging Leader. (Olivia Vanni / The Herald)
Eric Jimenez: Team player and advocate for youth

As an advocate for the Latino community, sharing and preserving its traditions is central to Jimenez’ identity.

Nathanael Engen, founder of Black Forest Mushrooms, an Everett gourmet mushroom growing operation is an Emerging Leader. (Olivia Vanni / The Herald)
Nathanael Engen: Growing and sharing gourmet mushrooms

More than just providing nutritious food, the owner of Black Forest Mushrooms aims to uplift and educate the community.

Molbak's Garden + Home in Woodinville, Washington closed on Jan. 28 2024. (Photo courtesy of Molbak's)
Molbak’s, former Woodinville garden store, hopes for a comeback

Molbak’s wants to create a “hub” for retailers and community groups at its former Woodinville store. But first it must raise $2.5 million.

DJ Lockwood, a Unit Director at the Arlington Boys & Girls Club, is an Emerging Leader. (Olivia Vanni / The Herald)
DJ Lockwood: Helping the community care for its kids

As director of the Arlington Boys & Girls Club, Lockwood has extended the club’s programs to more locations and more kids.

Alex Tadio, the admissions director at WSU Everett, is an Emerging Leader. (Olivia Vanni / The Herald)
Alex Tadio: A passion for education and equality

As admissions director at WSU Everett, he hopes to give more local students the chance to attend college.

Dr. Baljinder Gill and Lavleen Samra-Gill are the recipients of a new Emerging Business award. Together they run Symmetria Integrative Medical. (Olivia Vanni / The Herald)
Emerging Business: The new category honors Symmetria Integrative Medical

Run by a husband and wife team, the chiropractic and rehabilitation clinic has locations in Arlington, Marysville and Lake Stevens.

People walk along the waterfront in front of South Fork Bakery at the Port of Everett on Thursday, April 11, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Port of Everett inks deal with longtime Bothell restaurant

The port will break ground on two new buildings this summer. Slated for completion next year, Alexa’s Cafe will open in one of them.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.