An FBI agent's claim that a hacker may have exploited weaknesses aboard more than a dozen commercial flights, including sending commands to a jet engine in mid-air, has sparked new worries over the safety and cybersecurity of the nation's passenger planes.
The hacker, a security researcher, said the FBI misinterpreted him, and jetmakers and security experts have cast doubt on claims that he was able to control a flight. But the episode has added to a mounting sense of vulnerability ahead of what's expected to be the busiest summer for air travel in years.
The FBI investigation comes one month after more than 50 American Airlines flights were delayed due to a bug in a critical iPad flight-navigation app that pilots could fix only by nudging closer to an airport's Wi-Fi.
And it comes only two months after the deadly crash of a Germanwings jet in the French Alps, caused by a co-pilot who locked the captain out of the cockpit and began the descent, killing all 150 people on board. Despite that tragedy and the cyber scares, air travel has never been safer — 20 commercial flights crashed last year, making it one of the safest in aviation history.
But a new wave of technology is raising questions about security for an industry that has long kept a tight grip on information flowing among pilots, air-traffic controllers and top officials..
The aviation industry's "previously centralized and controlled culture," said Tim Erlin, a director at security software firm Tripwire, "is being forced to deal with the basic, but prevalent, security issues more open systems have been confronting for years."
In an application last month for a search warrant, an FBI agent said researcher Chris Roberts had used a simple plug, installed beneath the seats of many commercial planes, to tap into in-flight entertainment systems up to 20 times since 2011.
From there, according to the FBI, Roberts said he was able to change code on a plane's internal computers and even command a plane to climb and fly sideways. Roberts last month got agents' attention by tweeting that he might "start playing" with his jet's controls.
Roberts defended the tweet as a joke riffing off his previous warnings to jetmakers Airbus and Boeing over their planes' security flaws, which he said could leave control systems for the plane's cabin and oxygen mask systems open to attack. "My only interest has been to improve aircraft security," he tweeted Sunday.
But other aviation and security experts said the claims, of tapping into flight controls via a seat outlet, stretched the imagination, because entertainment and crucial flight systems are often kept separate. Hacking a plane's engine controls through its entertainment system, they argue, is a bit like controlling a car's steering wheel through its CD player.
Jetmakers defended their security against worries of a fleet-wide flaw. In Boeing jets, entertainment systems are kept separate from flight and navigation, pilots have multiple navigational systems at their disposal, and the jet's flight plan can't change without pilot approval, Boeing spokesman Doug Alder said.
"On every flight, there are multiple layers of security and procedures in place to protect passengers and crew," said Victoria Day, a spokesperson for Airlines for America, the industry's trade group.
But the industry came under fire in a Government Accountability Office report last month, which said that in-flight Wi-Fi networks on some Boeing and Airbus planes could allow an attacker to commandeer a flight.
Cockpit electronics connect to the same networks as the passenger cabin, and the firewalls that divide them can, as cybersecurity experts told the watchdog, "be hacked like any other software and circumvented."
Security experts like Christopher Soghoian, who in 2006 built a tool exploiting an airline weakness by allowing people to print fake boarding passes, poked back at the industry itself, saying it had sacrificed security when it made features like the under-seat port, designed for entertainment systems, easily available to anyone.
"In order to show video ads to passengers," Soghoian tweeted, "airlines placed an easy to access 'hack this plane' data port under every seat."
Some of air travel's biggest tech headaches have arisen from the same hazards troubling other industries. About 10,000 frequent flyers of American and United airlines were told in January their accounts had been compromised by hackers who booked themselves free or upgraded flights.
Air miles and loyalty programs have become easy targets for hackers, analysts said, because they often lack the security controls protecting credit cards, checking accounts and other forms of currency.
But the industry's tech problems have also challenged the basic safety measures of commercial flight, including last month, when dozens of American Airlines pilots were stranded on the runway after the iPad app that gives them their flight plans crashed.
The airline had in 2013 turned to the app as an alternative to heavy bags of paper maps, saying the switch would allow for quicker updates, take weight off pilots and even save $1 million a year in fuel. But the glitch showed the risk of too much tablet dependence, especially because the airline didn't carry backup paper terminal charts in its cockpits.
To counter technical problems, United Airlines this month launched the industry's first "bug bounty," offering free airline miles to hackers who alert the carrier to vulnerabilities in its website, app and reservations system.
But security researchers said the airline stopped short of preventing the most damage, by saying it would not accept submissions detailing weaknesses in planes' onboard Wi-Fi, entertainment systems and flight electronics.
Years of bankruptcies and megamergers have left fewer airlines to compete over a growing traveler base, and some analysts have argued the air carriers have been slow to implement important upgrades.
But some airlines are "starting to see that messy operations are very expensive," said Seth Kaplan, a managing partner for trade publication Airline Weekly.
"When you invest money wisely in tech, and not just a blank check, you get this virtuous cycle where you don't have as many delays, you're not losing as many bags" — and passengers feel more confident to step on the plane.
The Washington Post
Tue May 19 2015
The FBI investigation comes one month after more than 50 American Airlines flights were delayed due to a bug in a critical iPad flight-navigation app that pilots could fix only by nudging closer to an airport's Wi-Fi.
AWANI 7:45 [25/04/2024] - Akaun KWSP distruktur semula | Pensyarah pro-Israel | Suspek tembak di KLIA didakwa | Astro Radio kekal nombor 1!
Laporan berita padat dan ringkas #AWANI745 bersama Cynthia Ng;
Tumpuan #AWANI745 malam ini:
Agihan 10% akaun tiga, pencarum boleh keluar bila-bila masa
Serangan di KLIA, Hafizul didakwa cuba bunuh isteri
SPRM sahkan Tun Mahathir disiasat isu isytihar harta
Era, Sinar, Gegar jejak dominasi saluran radio Melayu
Saksikan #AWANI745 di saluran 501 Astro AWANI, Astro AWANI apps dan astroawani.com/live-tv.
Tumpuan #AWANI745 malam ini:
Agihan 10% akaun tiga, pencarum boleh keluar bila-bila masa
Serangan di KLIA, Hafizul didakwa cuba bunuh isteri
SPRM sahkan Tun Mahathir disiasat isu isytihar harta
Era, Sinar, Gegar jejak dominasi saluran radio Melayu
Saksikan #AWANI745 di saluran 501 Astro AWANI, Astro AWANI apps dan astroawani.com/live-tv.
AWANI Ringkas: SSPA terbaik pernah diperkenalkan kerajaan - PM
AWANI Ringkas
Pasaran getah ditutup rendah bagi hari keempat berturut-turut
Pada 5 petang, harga rujukan bagi getah fizikal LGM untuk GMM 20 adalah 754 sen sekilogram manakala susu getah pukal ialah 700.5 sen sekilogram.
Bursa Malaysia ditutup rendah selepas kenaikan enam hari berturut-turut
Pada 5 petang, FTSE Bursa Malaysia KLCI (FBM KLCI) susut 2.23 mata kepada 1,569.25 daripada 1,571.48 ketika ditutup pada Rabu.
Ringgit ditutup tinggi sedikit berbanding dolar AS
Pada 6 petang, ringgit naik kepada 4.7745/7775 berbanding dolar AS daripada 4.7765/7780 ketika ditutup pada Rabu.
Inspirasi bermakna daripada Forum Umrah & Ziarah 2024
Usaha meningkatkan kapasiti Mekah dan Madinah bagi membolehkan lebih ramai umat Islam mengerjakan umrah kini menjadi fokus utama kerajaan Arab Saudi.
Forum Umrah & Ziarah 2024 yang diadakan di Madinah telah membincangkan banyak hal berkaitan perkhidmatan umrah dan ziarah termasuklah pengadaptasian teknologi terkini, pengurusan yang lebih cekap serta pengurusan kewangan yang lebih berdaya saing.
Ikuti laporan hari terakhir forum berkenaan bersama Hilal Azmi.
#ForumUmrahZiarah2024
#AWANI745
Forum Umrah & Ziarah 2024 yang diadakan di Madinah telah membincangkan banyak hal berkaitan perkhidmatan umrah dan ziarah termasuklah pengadaptasian teknologi terkini, pengurusan yang lebih cekap serta pengurusan kewangan yang lebih berdaya saing.
Ikuti laporan hari terakhir forum berkenaan bersama Hilal Azmi.
#ForumUmrahZiarah2024
#AWANI745
Penjawat awam perlu amal kecepatan dan kepesatan dalam pelaksanaan tugas - PM Anwar
Penjawat awam digesa untuk sentiasa mengamalkan kecepatan dan kepesatan dalam pelaksanaan tugas supaya dasar-dasar kerajaan dapat dilaksanakan dengan pantas.
Kerajaan kekal komited laksana dwirangkaian 5G, DNB penuhi syarat terdahulu - Gobind
Kerajaan semakin hampir untuk melaksanakan dwirangkaian 5G selepas pengumuman Ahli Lembaga Pengarah baharu Digital Nasional Bhd (DNB).
Kos SUKMA Sarawak dianggar hampir RM300 juta
Kos penganjuran Sukan Malaysia (SUKMA) Sarawak tahun ini dianggarkan hampir RM300 juta, antaranya meliputi kerja-kerja menaik taraf venue sukan serta perbelanjaan keperluan logistik.
Break The Siege: Misi flotila ke Gaza belayar esok
Syaff Shukri membawakan perkembangan terkini misi pelayaran Break The Siege: Freedom Flotilla to Gaza yang dijadualkan esok.
#AWANI745
#AWANI745