Hackers Ground Polish Airline, Raise Security Questions
On June 21 an unknown group of hackers managed to launch a DDoS attack on Polish airline LOT’s air traffic planning system, grounding an estimated 1,400 passengers at Frederic Chopin airport in Warsaw and cancelling 10 flights. The airline was unable to create new flight plans and therefore no flights were able to depart. A DDoS attack is one in which a computer or server is bombarded with “requests” and becomes overloaded, crippling the system entirely.
The airline underlined that the attack did not affect flights that were landing or currently in the air. This was not an attack on the systems on the plane but rather the computers that create the flight plans. LOT warned that this could potentially happen to other airlines.
The interesting twist in the story is that usually DDoS attacks are carried out on a public website. However, the LOT flight plan system doesn’t have one–the attack was directed at their system. Not much is known yet about who carried out the attack or how it specifically happened. It could even have been a mistake, however it seems more likely that this was intentional.
As planes and air travel become more and more connected to the internet, security questions and concerns have been rising. LOT executives stress that they use state of the art computer systems, and that this is a threat that could happen to any airline at any time. They made a point to aim for further investigation on the matter.
Could the computers of an airplane be accessed, however? An article by CNN states that “hundreds of planes flying commercially today could be vulnerable to having their onboard computers hacked and remotely taken over by someone using the plane’s passenger Wi-Fi network, or even by someone on the ground,” according to a Government Accountability Office report. The government watchdog group states that vulnerable planes include Boeing 787 Dreamliner, the Airbus A350 and A380 aircraft. They all have advanced cockpits that are also connected in some way to the plane’s onboard WiFi. Hackers could potentially access the cockpit controls through the WiFi connection and commandeer the aircraft, install viruses, or cause the onboard controls to malfunction. Boeing insists that there are redundancy systems in place and that the plane controls are separate from other systems on the plane. There are also features built in that would allow pilots to correct any errors or problems.
However, given the various feats we’ve seen from hackers in the past few years, it’s a scary prospect and one that should be carefully looked into.