Warning! Today’s article may mean you’ll never fly in a plane ever again. Seriously.
After reading this you might only ever travel by car. Actually, maybe not even by car, or train. After this the only way you might want to travel ever again is by bicycle or by foot.
I travel by plane pretty regularly. Sometimes it’s darting across to the Netherlands. Sometimes it’s a longer haul to get back home to Australia. Either way, I consider myself a pretty good flyer.
People always ask me if I get troubled by turbulence, terrorism, mentally unstable pilots…my answer is always no.
The safest way to travel is by plane. But this week there is something that has me worried. And the more I’ve been thinking about it, the more I realise it’s actually something that’s been in the back of my mind for some time.
About a year and a half ago I was on a flight to Dubai. I was in economy class, flying with Emirates. They’re a great airline. I fly with them almost every time I’m going the long haul back to Australia.
This time was just a quick eight hours to Dubai though. Well it’s quick for me, considering it’s a full 24 hrs back home.
Anyway, my inflight entertainment system had frozen (Emirates call their system I.C.E). It wasn’t working. I alerted the air steward that I had a problem with my ICE system. The flight was full so they couldn’t move me to another seat to enjoy the entertainment.
After checking to see what was wrong the steward came back. He informed me that he’d have to reset the system to get it going again.
Now most people know that sometimes you need to restart your tech to get it functioning again. That’s nothing new. However I had this strange thought come over me.
What if in resetting the entertainment system, it reset the systems of the entire plane? I dismissed the idea as crazy.
But as I sat in my seat looking at the screen in front of me I noticed something else. The ICE system has a screen. It also has a power socket. It also has USB connections.
And it was the USB connections that had me worried.
Even planes are vulnerable to cyber attack
You see, in my line of work I do a lot of research. And for some time a large portion of my research has been dedicated to cyber security. That includes how to protect technology. But I’ve also seen firsthand highly skilled hackers attack technology through the most simple entry points.
One such common entry point into a system, into any system, is the USB port. It’s perhaps one of the most vulnerable ports of any computer system. And here I was at 40,000 feet staring at a massive security vulnerability on a Boeing 737.
I’ve written before about how attackers can attack computer systems in some pretty crazy ways. I’ve seen a security researcher demonstrate how to access a computer using a laser from 1.2km away via a wireless printer.
I’m going to see a live wireless hack of a modern car later this year at BlackHat USA.
But for some time I’ve also wondered how easy or possible would it be to hack, attack or take down a plane through a cyber attack.
And it seems not only is it possible. It’s been done.
Five days ago Wired published a report about security researcher Chris Roberts.
Roberts works for One World Labs. One World Labs describe what they do on their website,
‘One World Labs is a security intelligence firm that identifies risks before they’re exploited.
‘We offer access to the world’s largest database of dark content and provide comprehensive assessment and consulting services to protect corporations, government and non-profit organizations.’
Roberts was on a United Airlines flight and tweeted he’d been able to hack the plane through their inflight entertainment system.
Apparently Roberts has been researching plane security for six years. Wired reports,
‘[Roberts] and a research colleague got hold of publicly available flight manuals and wiring diagrams for various planes. The documents showed how inflight entertainment systems on some planes were connected to the passenger satellite phone network, which included functions for operating some cabin control systems. These systems were in turn connected to the plane avionics systems.’
The avionics are the systems that control all the things that keep the plane in the air. Things like altitude, thrust, wing flaps, pitch and more. Roberts’ research suggested that if you could access the inflight entertainment systems, then you could possibly access the avionics.
Roberts’ tweet caught the attention of United Airlines cyber team. This then, as you’d expect, caught the attention of the FBI.
And you guessed it, Roberts found himself in custody.
Get used to reading books on your next flight
Wired reports that Roberts said he’d only ever accessed systems to observe traffic across the networks. However the FBI warrants were published this week. They show Roberts told the FBI he’d briefly commandeered a plane and caused it to turn to fly to the side.
The accuracy of the warrant and what Roberts exactly did or didn’t do is up for debate. But it doesn’t remove the fact that a plane with all its electronic systems is also a vulnerable piece of technology.
Now the good news is Roberts wasn’t malicious with his work. And the fact that he’s made these vulnerabilities public is a good thing. It means companies like Airbus and Boeing can put measures in place to secure their planes from cyber attack.
However, as of now the problem still exists. And the right kind of attacker with the right kind of tools could still potentially hack a plane and take control.
The fallout from this will be huge. I wouldn’t be surprised if electronic items like laptops, tablets, and USB drives are all banned from being carried in a cabin.
Maybe even mobile phones too…
The positive fallout from this is that there are guys like Roberts who have devoted their lives to finding cyber vulnerabilities in things like planes. These are guys that are fighting a good fight. They’re the ones that help plug vulnerabilities before the bad guys can exploit them.
And there’s a raft of exciting investible companies out there that research and find cyber exploits. Big billion dollar companies like Boeing pay these cyber researchers to break their systems…and then fix them.
It’s a huge industry and one that’s growing at a rapid speed. In fact I think it’s the number one tech industry to invest in for 2015. It might even be the biggest technology industry of the 21st century.
Editor, Markets and Money
Ed Note: This article was first published in Money Morning.