I’ve written about a hacker demonstrating his ability to remotely hack into an airplane flight management system in the last two weeks’ newsletters.
His claims were controversial, but most of the controversy seemed to be people with their eyes wide shut saying ‘Ignore what you see and what this pilot is showing you, it just isn’t possible’ – a statement they would make without any evidence to back it up.
Sure, it is difficult to prove a negative, but that is the whole thing – it is so difficult to ensure and to prove that any computer, anywhere, is secure. We regularly read about supposedly super-secure computers being hacked – why should an airplane’s computers be any more hack-proof than an ultra-secure military intelligence computer?
To date the largest problem in hacking into an airplane’s control systems has been how to gain access to the plane’s computers. One potential vulnerability – through the seatback entertainment system – suffers from a clear disadvantage. If a hacker were to use that route, he would be sacrificing his own life when making the plane crash (although the solution to that would be to load code into the computer with a time delay associated with it, so that the code would take over the computer only some hours later, when the hacker had safely deplaned).
It also has an inefficiency – clearly a hacker can only attack one plane at a time (ie the plane he is on).
The ‘Holy Grail’ of hacking planes is to get remote access to them – for a hacker in his basement, far away in another country, to be able to hack into planes in the air, halfway around the world. The articles I linked to in the last two newsletters detailed one way in which that could be done. Other methods may already exist, but until now, planes have been fairly ‘insulated’ from the rest of the internet.
Note the phrase ‘until now’. With this as background, here’s an interesting article with a terrifying quote :
“The next frontier is the connectivity of everything,” says Carl Esposito, vice president of marketing and product management at Honeywell Aerospace. “Most of the aviation systems we’ve designed to date have been relatively self-contained with little communication to the outside world.”
My prediction – while the TSA and various pressure groups obsess over miniature pocket knives, liquids, and shoes; the next terrorist attack on airplanes will be computer based. What is the TSA doing about that?