Since 2013, at least two prominent computer hackers have claimed they have the capability to take control of a modern airliner on a commercial flight by hacking into its sensitive flight management and control systems. These unsubstantiated claims have led to wild speculation about the possibility of terrorists and other malicious actors taking control of airliners and using them for deadly purposes.
But can an outside hacker really take control of an airliner full of passengers? The answer is “yes” – in theory. The computer networks on modern airliners are inherently vulnerable to attacks because the sensitive computer systems that control an airliner’s flight controls and other vital functions are connected to other networks that are accessible to the public. However, despite the two hackers’ claims, no individual or group has indisputably and publicly proven that they have the capability to take control of a commercial passenger flight.
The complexity of modern airliners and their computer networks means that any attacker seeking to hijack an airliner through computer hacking would need detailed knowledge of airliner operations and network designs. Airliner flight control systems and the cybersecurity measures that protect them tend to be unique, highly complex, closed-source and proprietary, making them very difficult for outsiders to understand, let alone penetrate. While the inherent vulnerabilities in airliner network designs mean that aircraft manufacturers’ cybersecurity experts will be in a perpetual arms race against hackers, the manufacturers are currently winning the race and are likely to maintain their lead for at least the near future.
Cybersecurity experts say that hacking into modern airliners’ sensitive computer control systems is theoretically possible, even if nobody has yet demonstrated such a capability. Modern airliners contain a vast array of interconnected computer networks, some of which are open to the outside world. The primary concern of cybersecurity experts is that hackers could use the networks with exposure to the outside world to penetrate more sensitive networks, such as those that control the airliner’s flight controls.
Modern airliners maintain a high degree of separation between sensitive flight control computer networks and networks that outsiders can access, but the networks do not have complete physical separation, especially on the most modern airliner designs. All points where sensitive networks touch networks that are open to the public are guarded by firewalls and other security measures, but these controls theoretically could be disabled and compromised by a skilled hacker with detailed knowledge of the networks.
The networks on airliners that hackers could theoretically exploit are generally split into two categories. The first category is composed of the networks accessible to passengers, such as the in-flight entertainment (IFE) systems, and onboard Wi-Fi systems. The second category is made up of systems that airline personnel use to send data to airliners, such as the Aircraft Communications Addressing and Reporting System (ACARS) that is used to send messages to airliners during flights, and electronic flight bags, which are tablet computers that contain reference materials for pilots and can be plugged in to airliner computer systems. Most media reporting tends to focus on the former threat; however, security experts in the airline industry tend to be more worried about the latter, as the airline systems tend to have more direct connections to the aircraft’s most sensitive networks.
Case Studies in Airliner Hacking Claims
The two most prominent individuals to claim that they found ways to take control of airliners by computer hacking are cybersecurity consultants Chris Roberts and Hugh Teso. Roberts claims to have manipulated an in-service airliner’s controls by hacking in through the IFE system, while Teso has presented methods that he claims would allow him to take control of an aircraft through its ACARS system. The airline industry has cast doubts on both claims, and neither method has been clearly proven to work on an operational airliner.
Hugh Teso – Hacking Through ACARS
German cybersecurity consultant and certified pilot Hugh Teso demonstrated his hacking methods on simulated airplanes in a laboratory environment at the April 2013 Hack in the Box cybersecurity conference in Amsterdam. Teso gained access to the airliner’s computer system through ACARS, which airlines use to send and receive information between ground stations and airliners regarding the airliner’s flight phase, flight path, maintenance status and other information. ACARS interacts with an airliner’s flight management system (FMS), and Teso used phony ACARS messages to gain access to and control of the simulated airliner’s FMS. Once he had control of the FMS, Teso was able to control the airliner’s course, speed, altitude and other internal systems. The hack was only effective while the airliner was on autopilot.
Boeing, Airbus and the FAA poured cold water on Teso’s claims by pointing out that his alleged capabilities had been demonstrated under carefully-controlled laboratory conditions. Speaking at a conference, the manufacturers claimed that such a hack would not be possible on an in-service airliner carrying passengers, as the environment on such flights would be far less controlled and subject to a much greater number of variables. There are no reports of Teso testing his hacking capability on a real-life airliner, and he has stated that real-life testing of his methods would be “too dangerous and unethical.”
Chris Roberts – Hacking Through IFE
In May 2015, the FBI released documents containing details from earlier interviews with security researcher and cybersecurity consultant Chris Roberts, during which Roberts claimed that he had taken unauthorized partial control of an airliner while it was operating a commercial flight. According to FBI documents from April 2015, Roberts told the FBI that he had hacked into an airliner’s flight control systems during a flight in 2014 by tampering with the flight’s IFE system. According to Roberts, he removed the cover on a box below the seat that controls the IFE system’s hardware and plugged a cable into the hardware. He claimed that he then used his access to the IFE system to hack into other networks on the aircraft, including the thrust management computer, which controls the engines. Roberts told the FBI that, during one flight, he increased thrust on one of the engines, causing the aircraft to briefly change course.
Although Roberts’ claims received significant media attention, there are strong reasons to doubt that his story is entirely true. Since the 9/11 attacks, passengers and crew members on commercial flights in the U.S. generally have a very low tolerance of suspicious behavior from other passengers. Removing the cover on the under-seat IFE box, plugging a cable into the box, and working on a laptop connected to that cable certainly qualifies as suspicious behavior, and it is highly unlikely that Roberts would be able to engage in such behavior 15-20 times, as he claimed, without getting caught. Major airlines also have detailed internal incident reporting systems, and pilots would almost certainly report a non-commanded thrust increase on one of their flights. No major U.S. airline has reported that one of its flights experienced an incident consistent with the one that Roberts claims he triggered in 2014.
The More Likely Threats – Disruptive, but Not Destructive
Although computer hackers are unlikely to hijack a commercial airliner in the near future, hackers have already demonstrated that they do not need access to an airliner’s flight control systems in order to disrupt airline operations. Cyberattacks against airlines’ computer networks and air traffic control systems are likely to cause disruptions to airline operations around the world for the foreseeable future.
Hackers have disrupted airline operations on several occasions by penetrating their ground-based computer systems. On June 21, 2015, for example, hackers forced Polish national carrier LOT Polish Airlines to cancel 20 flights and delay several others by disrupting the system that issues flight plans at its Warsaw hub. Hackers have also stolen sensitive customer data at several major airlines.
An April 2015 report by the U.S. Government Accountability Office found that the U.S. air traffic control network is vulnerable to cyberattacks, and other networks around the world are unlikely to be significantly more secure. A hacking attack that hijacks an air traffic control network and sends false instructions to commercial flights could cause enormous destruction. Such an attack is unlikely in the near future, however, as it would require a high degree of sophistication and detailed knowledge of air traffic control networks.
A more feasible attack would simply take a portion of the air traffic control network offline for a period of time. This less complex form of attack could still be incredibly disruptive, as shown by the chaos caused by the September 2014 outage at the Chicago Center air traffic control facility. The outage, which was caused by an extremely rudimentary cyberattack (a disgruntled employee setting fire to the network cables), caused major disruptions throughout the U.S. airline network for over two weeks. Attacks causing similar disruptions in the near future are a distinct possibility.