Security Expert Says Blocking Access to Airliner Networks Impossible
Bennett also suggests that VPNs are a very good idea for the airplane's own networks as a way to limit the damage that someone can do if they get into the network. The airlines, unfortunately, are caught in a difficult position. On one hand, they're trying to reduce the cost of providing a flight to the public. To accomplish this at the prices the public is demanding, airlines need to provide the level of service that passengers have come to expect. Now that the airlines have started offering WiFi, passengers have come to expect it. But the airlines also need to provide flights as cheaply as possible. That means cutting fuel use to the minimum. Cutting fuel use ultimately means cutting weight, since the weight of an airplane directly impacts fuel use and the cost of fuel is the major expense in flying an airliner from one place to another. By offering onboard WiFi services, the airlines were able to significantly reduce aircraft weight by eliminating thousands of feet of wire and fiber along with some hefty legacy electronics gear needed to operate entertainment systems for the passengers. Now all that the airlines need to do is provide WiFi and some onboard storage.Bennett points out that the airlines could have provided totally separate networks, which would mean not providing things like in-flight maps, but would also mean getting another set of satellite radios, another set of antennas and another set of everything else, which add more weight. Another factor that the airlines need to consider, Bennett said, is that given enough time, any system, including networks, can be reverse-engineered to understand how they work and therefore how to break in. Bennett said that reverse-engineering networks is something he does regularly in his security work. He recalled one former client telling him that their security system was impossible to reverse-engineer. "At that point," he said, "we had already done it." What this means is that the airlines will never be able to keep motivated passengers out of their networks, whether they're on the ground or in the air. The best practice is one that organizations that need real security already do, which is to stop pretending that it's impossible to hack their networks and start finding ways to protect their data with the assumption that their network has already been penetrated.
The problem with that arrangement is that by giving WiFi to the passengers, you also invite those passengers onto the airplane's data network. As we have seen, once you let passengers onto a plane with a WiFi network, a few of them will get the bright idea to try to hack that network.