Ground control: Analysts warn airplane communications systems vulnerable to hacking

Commercial and even military planes have an Achilles heel that could leave them vulnerable to hackers on the ground, who experts say could conceivably commandeer cockpits and create chaos in the skies.

For now, terrorist groups are believed to lack the sophistication to bring down a plane remotely, but it is their limitations, and not aviation safeguards, that are keeping the flying public safe, according to security analysts. The flaw lies in the entertainment and satellite communications systems, according to Chris Roberts, founder of OneWorldLabs, a Colorado based cyber security intelligence firm that consults with government agencies, businesses, and nonprofits.

“We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems,” said Roberts, who discovered susceptibilities in the system passengers use to watch television at their seats and is sharing his findings with the federal government. “Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit.”

“We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems.”

— Chris Roberts, OneWorldLabs

While commercial planes are potential targets, business, private and military aircraft also are at risk, according to another aviation security analyst who shared his findings with

“I discovered a backdoor that allowed me to gain privileged access to the Satellite Data Unit, the most important piece of SATCOM (Satellite communications) equipment on aircraft,” said Ruben Santamarta, principal security consultant for IOActive. “These vulnerabilities allowed unauthenticated users to hack into the SATCOM equipment when it is accessible through WiFi or In-Flight entertainment networks.”

There are “multiple high risk vulnerabilities” such as weak encryption algorithms or insecure protocols in SATCOM technologies manufactured by some of the world’s largest, Santamarta found.  IOActive, which has offices in Seattle and London, performs research on hardware, software, and wetware assessments, such as penetration testing and reverse engineering, but does not sell products.

“These vulnerabilities have the potential to allow a malicious actor to intercept, manipulate or block communications, and in some cases, to remotely take control of the physical device,” Santamarta reported.

In August, Santamarta highlighted his findings at the Black Hat cyber conference in Las Vegas, and earlier released an official report, but said, “As far as we know, the system may still be vulnerable. We are not aware of any official patch.”

Just one aviation communications company contacted by returned requests for comment.

“As the world leader in broadband satellite networks and services, Hughes places the integrity and security of communications utilizing our equipment and services at the highest level of importance,” said Judy Blake, spokeswoman for Hughes Communications. “As a matter of policy we do not publicly discuss such matters.”

Security expert Ruben Santamarta said the industry needs to address the issue.

Security expert Ruben Santamarta said the industry needs to address the issue.

Four months after Santamarta presented his research, several international aviation organizations signed “The Civil Aviation Cyber Security Action Plan,” a pact aimed at boosting cooperation among the normally competitive industry leaders to improve their cyber security capabilities.

Research by Santamarta and Roberts show hackers could gain control two ways.

But even though Roberts said the issue was raised with both the federal government and airplane manufacturers,  most companies “have not engaged in any meaningful manner to address the issues,” Roberts said.

The theoretical vulnerabilities exist within the In Flight Entertainment systems on both the Panasonic and Thales installations, the two main providers of these systems, across a wide variety of planes, Roberts said. The systems can breached wirelessly, and, once in, a clever hacker can gain access into other areas of the plane’s network, Roberts said.

“Worst case would likely be the ability to access the avionics systems, monitor and possibly influence the control interfaces and other critical flight environments typically found on the private plane subnet,” giving the hacker the ability “to intercept and possibly modify the packets of data being sent from the controls to the actuators using readily available software,” Robert said.

Neither Panasonic nor Thales responded to requests for comment from

Department of Homeland Security spokesman S.Y. Lee said the vulnerabilities alleged by Roberts and Santamarta are similar to flaws in infrastructure communications equipment long known to the DHS National Cybersecurity and Communications Integration Center (NCCIC).

“While the NCCIC is aware of this report, we have not independently verified the alleged vulnerabilities and we continue to work actively with stakeholder and industry partners to examine the claims made in the report,” Lee said.

Lee said the expertise of private analysts like Roberts and Santamarta is a key to improving security.

“DHS actively collaborates with public and private sector partners every day to share actionable information gleaned from research, ongoing network defense efforts, cybercrime investigations, and national security efforts, that support our nation’s cyber capabilities and the ability of our partners to put in place appropriate mitigation strategies,” Lee said.

Not everyone believes terrorists will use cyber attacks to attempt to bring down an aircraft.

John Harrison, senior analyst at Cyberpoint, associate editor for the Journal of Transportation Security and contributor to the Terrorism Research & Analysis Consortium, said terrorists will stick to what they know: Explosives and other conventional tactics.

“Most terrorist groups do not appear to have the technical sophistication to hack into systems the way some describe,” Harrison said.

Terrorists need opportunity and access to the target, Harrison said.

“Terrorists have invested considerable time and resources to identify and exploit vulnerabilities in the aviation system,” Harrison said.

There was a “disturbing” report back in December of “Operation Cleaver,” an apparent Iranian cyber espionage campaign that aimed to find cyber-enabled ways of bypassing airport physical security, Harrison said.

“While there don’t appear to have been any actual attacks accomplished this way, Operation Cleaver appears to offer a disturbingly modern cyber alternative to hiding bombs in body cavities,” Harrison said.

He believes if there was a cyber attack on a plane, it could be stopped midair.

“I suspect flight crews have an ability to recover from a hack in a variety of ways,” Harrison said. “While computers do a tremendous amount of the flying in modern aviation, humans are still capable of controlling aircraft if the technology fails or is disrupted.”

Meanwhile, the federal agency charged with overseeing flight operations has been under scrutiny by the Government Accountability Office for its own cyber security issues.

The “Information Security: FAA Needs to Address Weaknesses in Air Traffic Control Systems” report, released March 2, found while the FAA has taken security measures to protect its systems from cyber attacks, “significant security control weaknesses remain, threatening the agency's ability to ensure the safe and uninterrupted operation of the national airspace system.”

These include “weaknesses in controls intended to prevent, limit, and detect unauthorized access to computer resources, such as controls for protecting system boundaries, identifying and authenticating users, authorizing users to access systems, encrypting sensitive data, and auditing and monitoring activity on FAA's systems,” the report said.