As if U.S. airline passengers didn’t already have enough to worry about, the FBI has warned airline companies to be on the alert for hackers intruding on to plane Wi-Fi networks. The warning, also issued by the Transportation Security Administration (TSA), comes after a respected cybersecurity researcher tweeted a joke about how easy it would be to infiltrate the Wi-Fi network on the United Airlines plane he was traveling on.
The notification stresses that neither the FBI nor the TSA have information indicating that a hacker plans to take control of a plane’s navigation system, though they are seriously investigating warnings from Chris Roberts, a researcher at One World Labs who has researched airline networks since 2009. Roberts referenced taking over a plane’s engine-indicating and crew-alerting system (EICAS), which provide pilots with information about fuel levels, oil pressure and other critical data.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)
â€” Chris Roberts (@Sidragon1) April 15, 2015
Roberts found FBI agents waiting at the gate when he landed after the Denver to Syracuse flight. He has since been barred from boarding a flight to the U.K. and has found himself in the center of the debate over what constitutes a credible threat to a passenger plane.
“Although the media claims remain theoretical and unproven, the media publicity associated with these statements may encourage actors to use the described intrusion methods,” states the warning posted on the FBI’s InfraGard site, as quoted by Wired magazine. “Attempting to gain unauthorized access to the onboard networks of a commercial airliner violates federal law.”
The alert goes on to advise airline employees to review logs of network activity, report suspicious or threatening behavior involving aviation and to examine in-flight entertainment systems for evidence of tampering.
“The risk is that a hacker sitting in the back of a plane, or even one on the ground, could use the Wi-Fi connection to hack into the avionics and then remotely fly the plane,” security research Bruce Schneier wrote in a blog post before adding the possibility is only that, a possibility. “In the scheme of Internet risks I worry about, it’s not very high.”
Roberts’ tweet came less than two months after the Government Accountability Office blasted the lax cybersecurity measures that the Federal Aviation Administration relies on. The FAA hasn’t updated its information security protection strategy since 2012, and even those mandates fall short of a 2002 law.