Polish Airport Hack a Reminder that Airlines are at Risk for Cyber Attacks

by Matt Klassen on June 23, 2015

Earlier this year as part of a piece on the security of the growing Internet of Things, writers here offered a speculative example of cyber-criminals gaining access to airlines, smart cars, and other aspects of our critical infrastructure and the damage that could potentially be done…turns out it wasn’t as speculative as we might have thought.

Although you may not have heard, over the weekend a cyber-attack at Poland’s busiest airport grounded aircraft and stranded passengers, exposing the vulnerability of the systems aircraft depend on to operate safely. Hackers used a Distributed Denial of Service (DDoS) attack, one that floods a server with so many information requests that it ultimately fails, targeted at the airport’s flight plan system.

While no passengers or aircraft were in danger, the chief executive of Polish national carrier LOT issued a dire warning that no airline is safe from these sorts of attacks, once again raising concerns about the protection surrounding the systems that allow aircraft and other critical connected technologies to operate safely and securely.

According to reports, around 1,400 passengers were delayed at Warsaw’s Chopin airport when the flight plan system went offline after its servers were overloaded by fraudulent information requests as part of a cyber-attack. The delay lasted for around five hours and as of Monday all operations had returned to normal. That said, it was a wake up call for the airline industry and for those investing in the Internet of Things.

“This is an industry problem on a much wider scale, and for sure we have to give it more attention,” LOT chief executive Sebastian Mikosz told a news conference regarding the cyber-intrusion. “I expect it can happen to anyone anytime.”

Although there are no reports of planes in the air being affected by this cyber-attack, it does once again raise concerns that this sort of attack may only be the beginning, as cyber-security professionals have already gone public with the vulnerabilities they know exist in aircraft systems.

According to principal security consultant for Seattle-based security research firm IOActiv and researcher on airline cyber-security Ruben Santamarta, while there isn’t enough information about this particular incident to make any strong conclusions yet, he noted that it highlights “the vulnerability of passenger jets when they are on the tarmac preparing to fly.”

“There are multiple systems at ground level that provide critical services for airlines and aircraft, in terms of operations, maintenance, safety and logistics,” said Santamarta, adding that he had already figured out a way to hack into airline satellite systems through onboard Wi-Fi and entertainment software.

In the end, while we can all rest easy that no one was hurt during this cyber-attack, I’ll admit it seems like only the beginning, meaning if airlines don’t heed the warning and increase their system security, a catastrophic incident likely won’t be far off.

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Matt Klassen. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Comments on this entry are closed.

Previous post:

Next post: