How are regional Civil Aviation Authorities in East Africa, including our own CAA secured to guard against such cyber attacks on air crafts? Next time you are on a flight, just know any thing is possible. A hacker could take control of your aeroplane and divert your trip or cause more complications. This is not to scare you.
On a recent trip to Nairobi city, our flight was delayed for over three hours. Mind you the normal flight from Entebbe to Nairobi takes just an hour. On this eventful day, we rotated the region several times and got so exhausted and worried that we might never land.
What made matters worse was the announcement by the pilot of the ‘expected turbulences’ and ‘that we fasten our seatbelts.’ That is the worst message you need while aboard. It was so scary that while coming back from Nairobi to Kampala, I almost took a bus for the return trip. Could hackers have been behind some of my escapades while in the ‘air’? I don’t want to imagine so.
Hugo Teso, a researcher told participants at Hack In The Box security conference that it is possible for a hacker to take control of aircraft system with an android smartphone. This is very scary news indeed.
Imagine travelling from London to New York, and your flight being intercepted by a rogue hacker who then redirects it to Tokyo instead. Even then, he might warn of possible bad weather in which case you have to delay to land risking running out of fuel and the likes. If you have been in long flights you know how this experience can be damn exhausting and frightening. Me too.
Unfortunately, that could be the reality. Hacker tools are becoming available and hackers are getting very sophisticated. When you visit www.cve.com orwww.securityfocus.com you really get scared: your IT people must be very brilliant and alert in order to protect your company from the internal and external cyber threats. Lots of zero day exploits make it difficult for any entity to think they are safe. Never. Each day bring new vulnerabilities and you must be alert to keep in charge.
With the increasing use of smart devises, on-line entertainment including internet access and mobile phone on board flights, the risks of cyber security to air craft safety are a reality. Competition is pushing everyone to the edge in the innovation arena and makers of flight management systems (FMS) are not spared. They have to make systems that are interoperable but also very easy to use. Hackers out there know that security hates ease of use. The more the system is easy to use, the more vulnerable it becomes.
According to the Hugo Teso, “by hijacking a protocol used to send data to commercial aircraft and exploiting bugs in flight management software, a hacker can send radio signals to planes that would cause them to execute arbitrary commands such as changes in direction, altitude, speed, and the pilots’ displays. Teso demonstrated an Android application he built that allowed him to redirect a virtual plane with just a tap on a map application running on his Samsung Galaxy phone.” Forbes report reads.
When Forbes contacted the researcher after the presentation, he told them that he was able to use the exploit “to modify approximately everything related to the navigation of the plane that includes a lot of nasty things.”
he added that Teso notified Federal Aviation Administration and the European Aviation Safety Administration and they are working with the affected aerospace companies to fix the vulnerability.
Don’t be too much worries, read the Forbes full report here, and see how FAA says that it is not possible.
Be the judge. What I know is that technology makes everything possible.