By now you’ve likely heard the denials about how a well-known hacker was able to break into an airliner’s flight control systems from within the passenger cabin, and about the resulting FBI investigation.
Chances are very good that those denials are wrong. But it’s also true that the vast majority of those who say it’s not possible have a point, since it really shouldn’t be possible.
But let’s suppose for a minute that security researcher Chris Roberts did exactly what he said he did, in exactly the way he described it. If that’s the case, let’s look at exactly what Roberts claims that he did. But let’s also look at what he didn’t say—and that’s important.
First a little background. Most modern airliners contain a variety of digital systems. The entertainment system is just one of them. But modern airliners also include digital flight controls, navigation systems and flight management systems.
Flight controls handle rudder, elevators and ailerons and perhaps the engines. Navigation systems include the GPS as well as inertial navigation and some legacy navigation systems.
Flight management systems perform mainly flight engineering tasks, such as moving fuel between tanks to keep the plane balanced, tracking telemetry, performing automatic logging tasks, and taking care of other functions, including tracking maintenance requirements.
All of these flight systems are interconnected at some level. Normally you wouldn’t think any of this would include the entertainment system, but remember those moving maps that show up on the screen in front of your seat.
Those maps use data provided by the airplane’s navigation system. Likewise, the information such as the air temperature and airspeed are provided by other flight systems. So clearly, the entertainment system is in fact connected to the flight systems, despite the denials.
Looking into this further, it pays to read what the FBI is actually investigating and their information about what Roberts actually told them when he was interviewed by the FBI. It’s worth noting that Roberts is a frequent consultant to the FBI, and that the agents conducting the interview characterized Roberts as being cooperative.
What Roberts said was that he managed to wiggle the cover of the entertainment system loose so that he could plug in an Ethernet cable. If you sit in the First Class section of many airplanes, there’s an annoying black, plastic-covered box under the seat in front of you. This box is easy to spot because it prevents you from putting your briefcase under that seat in addition to preventing your feet from going there.
There are similar plastic-covered boxes in the Coach section of the airplane’s cabin, but they’re smaller, presumably because the hoi polloi forced to fly in coach don’t get deluxe entertainment service.
But the entertainment network isn’t the only network running through the aircraft. And just because those annoying boxes are primarily used by the entertainment system doesn’t mean that’s all they’re used for.
Airliner Flight Control Hacks Likely More Feasible Than We Might Wish
Also located within the aircraft are ports used to access the flight management systems and other data systems for maintenance. Did Roberts find one of those Ethernet ports, perhaps located within the same box? I don’t know the answer to that, but if I were the airline security staff, that’s the first place I’d look.
Of course it’s also possible that the security on the entertainment system is so bad that Roberts was able to get in using the on-board WiFi or the USB connector that’s usually located under each seat.
But whatever the means that Roberts used, I think that while it’s easy and comforting to say that he couldn’t possibly have hacked into an airplane’s systems, it’s also likely to be whistling in the dark.
I think that given Roberts’ reputation, it also is probably true. I suspect that once someone decides to stop playing silly power games and ensures that Roberts isn’t prosecuted, we’ll find out exactly what happened.
It’s worth knowing that whatever the airlines say about their internal systems isn’t necessarily accurate. For example, I’ve seen the United Airlines WiFi system used to make voice phone calls, even though United says that it’s impossible. And I observed that this can be done without violating the airline restriction on using the cellular communications in flight. And, no, I’m not going to tell you how this was done, just that I’ve seen it and it is possible.
The fact is that the data systems being carried on board most airplanes these days are sufficiently complex that I suspect that the airlines don’t actually know all the details about how they’re interconnected.
Partly this is because important systems, including the entertainment systems are actually provided by third parties and are frequently integrated into the airframe by another third party. That third party may be the manufacturer such as Boeing or it may be another contractor.
In addition, there are conflicting demands that arise on airplanes. On one hand, the airlines want to do away with most of the entertainment systems you’re used to seeing and require you to use your tablet or laptop instead as a way to save weight and cut costs.
In addition, the demand by customers for ever more sophisticated information and entertainment capabilities means that the airlines have to put networks and Internet access in the hands of the public, which adds to the risk. In fact, the complexity has become so great that one airline, United, is asking for help in cleaning up its website, but not yet its flight systems.
So are all of the security experts who say that hacking an airliner is impossible correct? I don’t think so. On the other hand, it really is impossible for a hacker to get control of the aircraft and fly it if the pilot doesn’t want him to because airliners are required to have analog back up flight controls and instruments and nobody can hack those.