The US Federal Bureau of Investigation (FBI) has issued a formal alert telling airlines to be on the lookout for hackers.
It follows an onboard tweet from security expert Chris Roberts, who joked about being able to hack into a United Airlines plane’s wi-fi network.
A terrorist could theoretically take over systems that fly a plane by compromising equipment at their seat.
United Airlines has now banned Mr Roberts from all its flights.
The FBI and the US Transportation Security Administration (TSA) said they had no information to support claims a plane’s navigation system could be interfered via its onboard wi-fi kit, but added that they were evaluating the evidence.
In a private industry notification posted on its website and reported by Wired magazine, the FBI advised airlines to:
- report any suspicious activity involving travellers connecting unknown cables or wires to the in-flight entertainment (IFE) system
- report any evidence of suspicious behaviour following a flight, such as IFE systems that show evidence of tampering or the forced removal of covers to network connection ports
- report any evidence of suspicious behaviour concerning aviation wireless signals, including social media messages with threatening references to onboard network systems, automatic dependent surveillance systems (ADS-B), aircraft communications addressing and reporting systems (ACARS) and air traffic control networks
- review network logs from aircraft to ensure any suspicious activity, such as network scanning or intrusion attempts, would be captured for further analysis
In his tweet, Mr Roberts suggested that he might be able to deploy the oxygen masks on the flight.
Chris Roberts’s tweet:
“Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? :)”
(EICAS refers to the engine indicating and crew alerting system)
On arrival at Syracuse airport, Mr Roberts – who is co-founder of security company One World Labs – was taken in for questioning by the FBI, and his laptop and other devices were seized.
A few days later, he was prevented from boarding a flight to California.
He had previously given a number of interviews, explaining the possible weak points in airline systems, telling CNN that he could connect to a computer under his seat to view data from the aircraft’s engines, fuel and flight-management systems.
Security experts have warned for some years that airlines are a possible target for hackers.
Planes including the Boeing 787 Dreamliner and the Airbus 350 and A380 have a single network that is used by both pilots to fly the plane and by passengers for their wi-fi connections.
“The risk is that a hacker sitting in the back of a plane, or even one on the ground, could use the wi-fi connection to hack into the avionics and then remotely fly the plane,” explained security expert Bruce Schneier in a blog written after last week’s incident.
Although there were currently no publicly known vulnerabilities that a hacker could exploit, such an attack remained “theoretically possible” because all networks were inherently insecure, he said.
“In the scheme of internet risks I worry about, it’s not very high,” he added.
Wi-fi is now common on many airlines, and most have relaxed the rules surrounding the use of gadgets during flights.