Since 9/11, airlines, airports and government agencies have introduced many travel security measures aimed at protecting passengers from a terrorist attack. Some researchers in the US government are starting to show concern about another avenue of attack: remote hacking of an airplane.
Among the chief concerns are the “potential of catastrophic disaster,” should an aircraft be breached while in flight, according to a report from Motherboard that drew on documents from the Department of Homeland Security and other federal agencies. One risk-assessment presentation called an airline breach “a matter of time.”
Last November, a DHS official said at a cybersecurity conference that he had remotely hacked the systems of an airplane parked at the airport in Atlantic City, N.J. The breach, which relied on the aircraft’s radio-frequency communications, took place in September 2016.
The documents obtained by Motherboard indicated that DHS researchers have been conducting similar attempts to explore airplanes’ vulnerability to remote attacks. While security experts have warned about airline cyberattacks for years and airlines say they’ve have been investing in cybersecurity measures, many vulnerabilities still remain.
“Today’s commercial aviation backbone is built upon a network of trust,” a slide from a 2016 DHS presentation reads. “Most commercial aircraft currently in use have little to no cyber protections in place.”
Most commercial aircraft have a life cycle of 20 or more years, so the current vulnerabilities could last for another 15-20 years, the presentation noted.