FBI warns airlines to lookout for in-flight hackers
The Federal Bureau of Investigation’s Infraguard website has published a private industry notification advising airplane staff to watch out for unusual behavior on the heels of an incident last week in which FBI agents questioned a security researcher who wrote on Twitter about trying to access the systems while onboard a United Airlines passenger jet.
Chris Roberts, the researcher, asked his Twitter followers on April 15 if he should “start playing” with the messages used to control the plane’s engine-indicators and crew-alerting system, or EICAS, potentially giving commands to the jet’s oxygen system. Roberts later said he did not access the network during his flight from Chicago to Syracuse, Wired reported.
“Although the media claims remain theoretical and unproven, the media publicity associated with these statements may encourage actors to use the described intrusion methods,” according to Wired, who cited the Infraguard warning. “Attempting to gain unauthorized access to the onboard networks of a commercial aircraft violates federal law.”
According to the website, the notice went on to say that flight crews should specifically watch out for travelers “connecting unknown cables or wires,” “evidence of tampering or the forced removal of covers to network connection ports,” as well as suspicious social media messages and raw logs from the aircraft’s network.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)
— Chris Roberts (@Sidragon1) April 15, 2015
Earlier this month, the United States Government Accountability Office published a report in which it said, "Modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorized individuals might access and compromise aircraft avionics systems.”
Brent Bowen, a professor at Embry-Riddle Aeronautical University’s College of Aviation, told RT that the airline industry must adopt “a more comprehensive approach” to security, in order to defend against intrusions, as flights adopt new types of technology.
“There are several risks that can ensue from being able to access an aircraft’s computer network…or even more you could jam the system,” Bowen said.
“Planes are becoming more automated; therefore they have more computers just like automobiles today. And so therefore there’s a greater possibility of having some of the systems compromised,” added Jon C. Haass, a cyber-security expert.
According to Wired, Roberts has conducted extensive research into the airplane networks vulnerabilities in the past and has reached out to Boeing and Airbus, but to little response.