Major cybersecurity flaw in airline in-flight systems opens potential vectors for hackers

It has been reported that cybersecurity vulnerabilities in Panasonic in-flight entertainment systems, used by a several major Airlines (including Virgin, American and Emirates), allows attackers to control in-flight displays, PA systems and lighting, access passenger credit card data as well as the wider aircraft network, including the aircraft control domain. Below are comments from cybersecurity experts.

Stephen Gates, chief research intelligence analyst at NSFOCUS:

“In the light of this research, physical separation between in-flight entertainment systems and aircraft control systems could never be more important. As airlines continue to add new customer-based entertainment and information technologies, airlines need to ensure that an impenetrable barrier is in place protecting aircraft control systems. This research demonstrates that hackers could cause all sorts of issues that could impact a customer’s “experience” while flying, but have yet to prove they could impact flight control systems.  Let’s all hope that remains the case, long-term.

“It’s not too far of a stretch to suggest that flight entertainment systems could even be hacked from the ground, via the Internet access on the plane.  If remote access was gained while the plane was on the ground, or by way of a hacker planting a backdoor via an infected device while in flight, hackers could cause all kinds of disruption that would not directly impact them – since they’re not even on the plane.  Now that’s a scary thought…”

Mike Ahmadi, global director – critical systems security at Synopsys:

“Any system that gets the attention of the hacking/research community will eventually be found vulnerable.  There are literally an infinite number of ways to compromise any system.  Organisations need to constantly monitor and test their systems in order to keep up with security issues.  Moreover, organisations should assume compromise will happen and plan accordingly.”

Alex Cruz-Farmer, VP at NSFOCUS:

“Previous hacks and vulnerabilities have always been on the ground, but we’re now in the realms of something extremely scary – hacks in mid-air with no escape. The active threats will be growing, and with thousands of planes in the air, the remediation of this is going to be extremely complicated and time consuming. This will be a huge flag to all manufacturers to review their underlying platforms, and whether their integrated infrastructure has the necessary security around it to protect us, the passengers. If anything did happen it could at worst be life threatening leading this to be considered as major negligence across the multiple parties involved.”