News about hackers and planes has recently taken the spotlight over the past year and continues to be a hot topic, many reports have come out stating that hackers can hijack planes right from their seat, but one researcher claims that hackers cannot simply hijack a plane and pilots can override nearly every attack.
Researcher, Dr. Phil Polstra, professor of digital forensics at Bloomberg University, is the researcher behind these broad claims. With a number of published security professional books, over 12 aviation ratings, an aircraft builder, and a certified pilot with thousands of hours of flight time, Polstra has the research to back these broad claims. Next to Phil was, Captain Polly, a former airline pilot and current Aviation professor that also agrees with Phil, stating planes cannot be hijacked with hackers current methods.
Polstra and Polly disclosed their research at the Def Con 22, the annual hacker conference held in Las Vegas, Nevada. Phil opened his talk saying, “common hackers claim they can hack the actions [of a plane] via the entertainment network”, which he continues to state is false. Then Polstra goes on to say “you cannot override a pilot“.
While he claims hacking into the plane is not impossible, hackers cannot simply override the pilots actions. He goes on to say “you may be able to affect the autopilot operations, but if the pilot notices, they will disconnect the autopilot.” Phil reiterates if Captain Polly noticed hackers trying to ‘hijack’ the plane, Polly could stick “all 90 pounds” on planes steering and easily override hackers attempts.
Later in his talk he goes over the technicalities and cabling inside a plane, which are some of the areas researchers claim are vector for compromise. He states the cabling attached to the entertainment system is not the same attached to anything “vital” found in the plane. With researchers claiming they can hijack planes simply from the entertainment network is false, Polstra says, this is due to the cabling inside the entertainment network not begin hardwired into any vital plane functionalities. Even from there, any cabling is not made widely available throughout the plane for hackers to easily access and possibly compromise. Polstra goes over what may happen if you tried to hack a plane via the inflight WiFi in a short video.
Phil continuously reiterates throughout his talk that hackers cannot hijack a plane just by begin connected to the entertainment system or in-flight WiFi. Such devices on planes that interact with over the air networks do not interact over the in-flight WiFi, but are instead controlled by by the pilots and can be safely turned off if the pilot notices any attacks.
Phil wraps up his talk saying that planes are not unhackable, just current vectors researchers claim to be vulnerable to compromise will not lead to a plane begin ‘hijacked’. Everything has a vector for compromise, but broad claims researchers are making are falsehood and pilots will always be able to override any automated system or attackers by disconnecting selected services. Again, this does not mean unhackable, but an attacker will not be in the seat next to you overriding the pilot from the entertainment system.
Phil Polstra Def Con 22 Slides: http://www.slideshare.net/ppolstra1/cyberhijacking-airplanes-truth-or-fiction