CYBERCRIMINALS could hack into the control systems of passenger jets, the head of Europe’s aviation safety regulator has warned.
A simulation found it was possible for hackers to crack an airliner’s automatic messaging system, although they would not have been able to steer or change the direction the aircraft.
Patrick Ky, executive director of the European Aviation Safety Agency (EASA), said a so-called “white-hat hacker”, who was also a professional pilot, recruited by his organisation, took just five minutes to crack the jet’s Acars automatic messaging system, which enables it to transmit messages to ground stations during flight.
In just a few days, the consultant gained access to other onboard systems. EASA declined to identify them, but said they were not “critical”.
Details of the hack, which took place when the jet was on the ground, were disclosed to aviation safety regulators and experts at a meeting in Brussels in May.
Advertisement
This weekend, cybersecurity experts warned it was “inevitable” that hackers would eventually be able to access aircraft flight controls.
“The question isn’t really if, but when,” said Carl Herberger, vice-president of IT security firm Radware and a former US air force cyberwarfare specialist. “The second question is what do we do about this thereafter.”
Ky warned that the risk of hacking would be “multiplied” when a new air traffic management system, called Sesar, is introduced. It will use satellite-based communications to give instructions to aircraft. “We need to start by putting in place a structure for alerting airlines on cyberattacks,” said Ky.
Earlier this year Chris Roberts, a prominent US hacker, claimed he had gained access to a plane’s flight controls through the in-flight entertainment system.
He said that during one flight he was able to make the plane “climb” and “move sideways” by accessing flight control systems from a laptop in his seat.
Advertisement
The International Civil Aviation Organisation conducted research last year which found that the risk of hacking critical systems was low.