It is “only a matter of time” until a commercial aircraft is hacked, the Department of Homeland Security and other US government agencies have warned. Most planes lack cybersecurity protections to prevent such a hack.
Motherboard obtained internal DHS documents through a Freedom of Information Act request which detail vulnerabilities with commercial aircraft and risk assessments. A number of the documents are still being “withheld pursuant to exemption” of the FOIA.
The release includes a January presentation from Pacific Northwest National Laboratory (PNNL), part of the Department of Energy, outlining the group’s efforts to hack an aircraft via its wifi service as a security test.
The hacking test was to be carried out without any insider help, from a position of public access (for example, a passenger seat or the airport terminal), and without using hardware that would trigger airport security. According to the presentation, the hack allowed the researchers to “establish actionable and unauthorized presence on one or more onboard systems.”
Another document, from 2017, says testing indicates “viable attack vectors exist that could impact flight operations.” A DHS presentation included in the documents says “most commercial aircraft currently in use have little to no cyber protections in place.” It points to the fact that even a perceived successful cyber attack could have an “enormous impact on the global aviation industry.”
Click here to read more.