Hackers Can't 'Cyberhijack' Planes, But Can Still Cause Problems

At the DefCon security conference this weekend in Las Vegas, cyber security professionals shot down the notion that a plane could be overtaken by someone hacking into the controls through the network within the cabin of the aircraft. However, other concerns remain.

"One thing everyone needs to understand, you cannot override the pilot. You cannot override the pilot's inputs in flight control. That system is closed," said Phil Polstra, associate professor of digital forensics at Bloomsburg University of Pennsylvania. Polstra said that someone could potentially affect autopilot operations, but those attempts or any changes made would alert the pilots immediately, which would result in the autopilot system being disengaged.

A data network called Avionics Full-Duplex Switched Ethernet (AFDX) is used on safety-critical applications that use dedicated bandwidth. It is found on all of the newest planes, including the Airbus A350, A380, A400M, Boeing's 787, Bombardier's Global Express and C Series. The most important thing to know here, it that it's not a wireless system, and it's not connected to the inflight entertainment systems or Wi-Fi network that passengers browse during their flight.

Polstra did say that hackers could access the Aircraft Communications Addressing and Reporting System (ACARS). It's a messaging system, that when Twitter came out, made me describe Twitter as "ACARS for everyone." ACARS messages are sent to and from the aircraft, containing information such as weather, flight plan updates, and maintenance issues. So what happens if someone can access ACARS? The hacker could create faulty messages, which Polstra says would be impractical — a mischievous distraction at most.

Hackers Can't 'Cyberhijack' Planes, But Can Still Cause Problems

They could also mess with the ADS-B or ADS-A tracking systems. These systems provide real-time aircraft tracking information including altitude, speed, heading and the aircraft's registration. We can see this information via sites like flightradar24 (screenshot above) or FlightAware. If someone with the ability gained access to this system, they could potentially jam the signal, create fake weather reports, or "phantom aircraft." Phantom aircraft?! Having the pilots think that planes are around when they aren't, could be a menace, but pilots don't really rely on these for reporting traffic. They have TCAS, the Traffic Collision Avoidance System.

The bottom line here is that we are safe from airborne hackers. There's nothing they can do to take over the plane or cause it to crash. Worst case scenario — if they mess up the ACARS or ADS-B, the pilots will likely divert your flight to somewhere you don't want to go, which would really ruin everyone's day.

Top photo by the author, Paul Thompson

Source: SC Magazine