The Ever-evolving Cyber Threat to Planes

Uploaded on 2015-06-22 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

image-852231-panoV9free-oett.jpg

Hackers and cyber-terrorists present an ever-evolving threat to airlines, with experts constantly testing for new vulnerabilities -- including the fear that drones could be used to throw a plane off course.
Most agree hacking a plane would be a near-impossible feat, but some professional hackers have claimed airline computer systems are riddled with weaknesses that could allow someone to break in, perhaps even through the in-flight entertainment system.
US computer security expert Chris Roberts recently claimed to have hacked into a plane's controls through the entertainment console and to have issued a "climb" command.
But speaking at the Paris Air Show recently Alain Robic of Deloitte Consulting, an expert on cybersecurity, said the claims were not credible.
Robic was working for Airbus in 2005 when a hacker showed them how he could penetrate the flight controls from a passenger seat while they were designing the new A380.
"The bosses were shocked. It was a revolutionary moment. They re-engineered everything to separate the systems so it could never happen again," said Robic.
But there are plenty of other risks -- and although they are unlikely, companies such as Airbus and Boeing take them very seriously.
David Stupples, a professor of electronic and radio systems at City University in London who advises Airbus, said the latest threat he was exploring was whether a drone could be used to send radio signals to an aircraft and confuse its systems.
"If I could get a signal to the aircraft that caused it to become confused while it's on its final approach, could I cause an incident? My view is yes," said Stupples, adding that flying near to the plane could allow the drone to overpower signals from the ground.
Stopping this kind of activity means preventing drones from flying near airports -- something which has only recently become possible with new forms of radar capable of spotting tiny aircraft.
Stupples said there was a greater threat of an employee with access to the computer data hubs uploading malware to an aircraft's systems.
"It could be a dissatisfied employee, or someone who has been bribed or who is doing it for a cause," he said.
Even this would be almost impossible, since airlines have highly complex, specially designed computing systems that only a handful of people know how to navigate.
Even if all those factors came together perfectly, hackers would almost certainly not be able to take full control of the aircraft since pilots have manual overrides.
While public concerns tend to focus on the terrorist risk, companies face a much more immediate and frequent threat from hackers trying to steal their commercial secrets. Hacks can cost tens of millions of dollars to repair and could be used to extort money by planting threats.
Many airlines are now issuing their pilots and cabin crew with iPads, because they weigh less than piles of charts and passenger logs. "The airlines are ultra-strict with us about the security of our iPads and everything else -- much stricter than with passengers because they worry about coercion, that our family has been kidnapped or something," said the pilot.
Robic said it was time for the whole aeronautic industry to create a joint cybersecurity organization to combine their efforts. "There is a whole eco-system of staff that needs to be secured.
There are a great many actors from development to maintenance, which exposes airlines to cyber risks," he said.
"What they're doing at the moment is not sufficient."
Security Week: http://bit.ly/1J664zE

 

« Cyber Insurers Won’t Cover Data Breach
Cyber attack on German Parliament Still Active »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

SecPoint

SecPoint

SecPoint provides products to secure & protect your network from remote and local attacks.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

SecureKey Technologies

SecureKey Technologies

SecureKey is a leading identity and authentication provider that simplifies consumer access to online services and applications.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

Threat Status

Threat Status

Threat Status are a Threat Intelligence company. We are the developers of Trillion. A cloud based Security As A Service (SaaS) platform.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

Securden

Securden

Securden provide an all-in-one Platform for Next-Gen Privileged Access Governance, helping you to prevent identity thefts, malware propagation, cyber attacks, and insider exploitation.

Voxility

Voxility

Voxility provides Infrastructure-as-a-Service in the biggest Internet hubs in the world.

Ribbon Communications

Ribbon Communications

Ribbon Communications delivers global communications software and network solutions to service providers, enterprises, and critical infrastructure sectors.

WebSec

WebSec

WebSec is a cybersecurity firm based in Amsterdam (NL) and Wyoming (US), specializing in offensive security services including penetration testing, red teaming, and tailored security assessments.

Softcat

Softcat

Softcat offer a broad portfolio of IT services and solutions covering Hybrid Infrastructure, Cyber Security, Digital Workspace and IT Intelligence.

ControlMap

ControlMap

ControlMap is a software as a service platform with a mission to simplify and eliminate stress from everyday operations of modern IT compliance teams.

ADL Consulting

ADL Consulting

ADL Consulting provide information security-related consultancy and training support to businesses across the UK. Our services include ISO27001, GDPR, Cyber Essentials and training.

Inversion6

Inversion6

Inversion6 (formerly MRK Technologies) is a cybersecurity risk management provider that offers custom security solutions.

Command Zero

Command Zero

Command Zero is the industry’s first autonomous and AI-assisted cyber investigations platform, built to transform security operations in complex enterprise environments.