In November 2017, Robert Hickey, a cybersecurity expert with the US Department of Homeland Security revealed at a cybersecurity conference that he had remotely hacked the systems of an airplane parked at the airport in Atlantic City, New Jersey in the US. The breach, which relied on the aircraft’s radio-frequency communications, took place in September 2016.
Prior to the above revelation, an ethical hacker group, IO Active had, in Dec 2016, revealed that they discovered a flaw in an inflight entertainment system used by several airlines that could let hackers access a plane's control. IO Active notified the manufacturer of the system who denied the claim by IO Active saying the report from IO Active contained inaccurate and misleading statements on method of hacking into their system.
IO Active's ethical hackers gained famed in 2015 when they took control of a Jeep Cherokee from 16 km away and cut its engine while driving on the highway making it veer off the road. They did it by hacking into the Cherokee's onboard system giving them access to the Jeep's steering, brakes and transmission. As a result, 470,000 cars made by the same manufacturer were recalled as it shared the same the software as the Cherokee.
According to a report from Motherboard, an online website, drawing on documents from the US Department of Homeland Security, the US government has since 2016 shown concern about remote hacking of an airplane. One of the documents drawn from has a risk-assessment presentation called an airline breach 'a matter of time'.
According to the documents, one of the slide reads - "today’s commercial aviation backbone is built upon a network of trust," . "Most commercial aircraft currently in use have little to no cyber protections in place". As most commercial aircraft have a life cycle of 20 or more years, so the current vulnerabilities could last for another 15-20 years, the presentation noted.
Apparently, security experts have warned about airline cyber attacks for quite sometime and airlines say they have been investing in cybersecurity measures, many vulnerabilities still remain.
To reiterate the clarion calls from cybersecurity experts around the world, we join the chorus in calling for greater collaboration amongst all stakeholders to work as a community and be proactive in fighting the global threat to cybersecurity. We also call on all stakeholders to commit and continuously invest in maximising cybersecurity to ensure that we always remain one step ahead of any threat.