Can Public Transportation Be Hacked?

hackplaneWith the increase in internet connectivity in cars, planes, and trains, the question has been raised now and then about how “hackable” these systems are now that they are connected to the internet at large.  There have been a couple of stories in the media, including someone that had claimed to have hacked into a commercial airplane through the on-board wi-fi, and a story in Wired where a Jeep was hacked remotely through its internet connectivity features and full control of many of the car’s systems were taken over by the hackers.

Both stories raise concerns over how secure the creators of these onboard systems have made them.  Hackers will get into anything they can, and it just depends on whether the hacker wants to be malicious or not.  With the advent of cyber terror ushered in by ISIS, the concerns have reached a new level.  Could terrorists hijack a plane, for instance, through the internet?

It’s certainly a legitimate concern.  According to an article on CNN,

the [vulnerable] planes include the Boeing 787 Dreamliner, the Airbus A350 and A380 aircraft, and all have advanced cockpits that are wired into the same Wi-Fi system used by passengers…

The government investigators who wrote the report say it is theoretically possible for someone with just a laptop to:

— Commandeer the aircraft

— Put a virus into flight control computers

— Jeopardize the safety of the flight by taking control of computers

— Take over the warning systems or even navigation systems

Obviously all of this is very worrisome to airline passengers.  It’s a new front in the airline security chain of command, and some people worry that the FAA and airline industry as a whole might not move fast enough before an attack/hack is carried out.

Another concern is that even a website visited by a passenger using the onboard WiFi could load malware into the plane’s systems and compromise security.

The hack of the Jeep is another interesting story where there was a clear hole in the system allowing the hackers to take control of the car.  It was considered a “zero-day” hack, unknown to anyone else except the hackers that worked on the issue.  It’s certainly a wakeup call to auto manufacturers to ensure a greater level of security, and perhaps a separation between the systems that govern the car itself and those systems that are connected to the internet.

Car and plane systems seem rudimentary at best, not needing traditional anti-malware software (and lacking the operating systems to run those programs anyway).  However skilled hackers can still take control.

As mentioned in an earlier article, however, governments are responding to the increased technological capabilities of ISIS by beefing up the cyber-security arms of the government as well as working with teams of hackers such as GhostSecurity.

Do you think that planes should just shield themselves from the internet entirely?  Is onboard WiFi worth the risk of a terrorist taking control of the plane?  The risk to passenger cars seems a bit less risky as the targets are much smaller — the risk seems to be mitigated by the fact that there are SO MANY cars out there.  However that wouldn’t stop a hacker from trying to hijack the car of a well known personality or celebrity or government official.