The FBI is warning airlines to keep an eye out for miscreants hacking airplane computer networks mid-flight.
The alert – privately circulated today by the FBI's InfraGard program – claims hackers may or may not be able to take over a plane's navigational system via the in-flight entertainment (IFE) system or public Wi-Fi network. The bulletin urges staff and flight crews to:
- Report any suspicious activity involving travelers connecting unknown cables or wires to the IFE system or unusual parts of the airplane seat.
- Report any evidence of suspicious behavior following a flight, such as IFE systems that show evidence of tampering or the forced removal of covers to network connection ports.
- Report any evidence of suspicious behavior concerning aviation wireless signals, including social media messages with threatening references to Onboard Network Systems, ADS-B, ACARS, and Air Traffic Control networks.
- Review network logs from aircraft to ensure any suspicious activity, such as network scanning or intrusion attempts, is captured for further analysis.
The alert, a copy of which was obtained by WiReD, notes that there have been no actual cases of hackers hijacking aircraft via in-flight movies. However, airlines should nonetheless be wary of anyone attempting to connect to a plane's local network via a cabled connection, apparently.
"Although the media claims remain theoretical and unproven, the media publicity associated with these statements may encourage actors to use the described intrusion methods," the Feds' memo reads.
The warning appears to have been sparked by a jokey tweet by security researcher Chris Roberts of One World Labs, who mulled messing around with the systems of his United flight as it flew from Chicago to Syracuse, New York.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)— Chris Roberts (@Sidragon1) April 15, 2015
Roberts says he did not perform any of the described actions, but was met upon the arrival in New York by FBI agents, who quizzed him for four hours. Roberts was then banned by United Airlines from its flights.
Bye bye electronics, all encrypted....and all now in custody/seized pic.twitter.com/a5o6rYTbZ0â Chris Roberts (@Sidragon1) April 16, 2015
Just before this kicked off, the US Government Accountability Office acknowledged in a report that hackers could maybe, possibly, tamper with in-flight systems via the on-board Wi-Fi. "According to the FAA and experts we interviewed, modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorized individuals might access and compromise aircraft avionics systems," the report warned.
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks