| Peer-Reviewed

Hacking an Aircraft: Hacking the In-flight Entertainment System

Received: 9 May 2022     Accepted: 30 May 2022     Published: 14 June 2022
Views:       Downloads:
Abstract

When it comes to systems that rely on computers and communications, we describe security as the prevention of intentional and, to a large extent, unintentional misuse that could compromise desired system behavior. In the context of existing safety, development, and certification, this study provides a practical understanding of how cyber security effects airplane computer system architecture. There's more to aviation than planes. It is backed up by the necessary ground infrastructure and equipment, as well as a large-scale computer network. Operations using computer networks to disrupt, deny, degrade, or destroy information housed in computers and computer networks, or the machines and networks themselves, are known as virtual attacks against the computer network. This paper discusses some of the most important security concerns that occur when it comes to aviation safety and reliability. We believe that many of the past accidents may have been perpetrated deliberately, and that some of them could be replicated maliciously now. We begin by looking at common security weaknesses and threats in aviation and its supporting infrastructure, as well as recalling some prior occurrences. Then we analyze what catastrophes are probable, if not inevitable, and what we might do in response.

Published in Advances in Networks (Volume 10, Issue 1)
DOI 10.11648/j.net.20221001.12
Page(s) 7-14
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2022. Published by Science Publishing Group

Keywords

Aviation, Information Security, Cyber Attack

References
[1] C. Royalty, “Cyber Security for Aeronautical Networked Platforms - What does it mean to me in commercial aviation design?,” 2012, doi: 10.2514/6.2012-2417.
[2] S. Tomáš, K. Ivan, and S. Stanislav, “Present and potential security threats posed to civil aviation,” Incas Bull., vol. 4, no. 2, pp. 169–175, 2012, doi: 10.13111/2066-8201.2012.4.2.17.
[3] M. L. Olive, R. T. Oishi, and S. Arentz, “Commercial aircraft information security-an overview of ARINC report 811,” AIAA/IEEE Digit. Avion. Syst. Conf. - Proc., pp. 1–12, 2006, doi: 10.1109/DASC.2006.313761.
[4] C. A. Wargo and C. Dhas, “Security consideratiolis for the e-enabled aircraft,” IEEE Aerosp. Conf. Proc., vol. 4, pp. 1533–1550, 2003, doi: 10.1109/AERO.2003.1235083.
[5] N. Thanthry and R. Pendse, “Aviation data networks: Security issues and network architecture,” IEEE Aerosp. Electron. Syst. Mag., vol. 20, no. 6, pp. 3–8, 2005, doi: 10.1109/MAES.2005.1453803.
[6] R. Robinson, M. Li, and K. Sampigethaya, “Electronic Distribution of Airplane Software and the Impact of Information Security on Airplane Safety ƒ A irplane A ssets D istribution S ystem ƒ Assessment according to the Common Criteria ƒ Conclusion,” no. September, pp. 1–18, 2007.
[7] S. K. P. Alampalayam and S. Srinivasan, “Intrusion Recovery Framework for Tactical Mobile Ad hoc Networks Intrusion Recovery Framework for Tactical Mobile Ad hoc Networks,” no. May, 2014.
[8] S. A. Kumar, “Classification and Review of Security Schemes in Mobile Computing,” Wirel. Sens. Netw., vol. 02, no. 06, pp. 419–440, 2010, doi: 10.4236/wsn.2010.26054.
[9] S. a Lintelman, K. Sampigethaya, M. Li, R. Poovendran, and R. V Robinson, “High Assurance Aerospace CPS & Implications for the Automotive Industry,” Proc. Natl. Work. High Confid. Automotice Cyber-Physical Syst., 2008.
[10] R. Poovendran and D. Von Oheimb, “Network-Enabled Commercial Airplane Operations,” pp. 1–7.
[11] “FAA: Slammer didn’t hurt us, but other attacks coming | Network World.” https://www.networkworld.com/article/2339600/faa--slammer-didn-t-hurt-us--but-other-attacks-coming.html (accessed Apr. 16, 2022).
[12] “US air traffic faces ‘serious harm’ from cyber attackers • The Register.” https://www.theregister.com/2009/05/07/air_traffic_cyber_attack/ (accessed Apr. 16, 2022).
[13] “Report: Hackers broke into FAA air traffic control systems - CNET.” https://www.cnet.com/news/privacy/report-hackers-broke-into-faa-air-traffic-control-systems/ (accessed Apr. 16, 2022).
[14] “Istanbul Ataturk International AirportSecurity Affairs.” https://securityaffairs.co/wordpress/16721/hacking/istanbul-ataturk-international-airport-targeted-by-cyber-attack.html (accessed Apr. 16, 2022).
[15] “Phishing Scam Targeted 75 US Airports.” https://www.informationweek.com/cybersecurity/phishing-scam-targeted-75-us-airports (accessed Apr. 16, 2022).
[16] “Attack On LOT Polish Airline Grounds 10 Flights.” https://www.forbes.com/sites/thomasbrewster/2015/06/22/lot-airline-hacked/?sh=403709d0124e (accessed Apr. 16, 2022).
[17] “Main Cyber-Security Challenges in Aviation.” https://www.aerotime.aero/articles/25150-main-cyber-security-challenges-in-aviation (accessed Apr. 16, 2022).
[18] “Ukraine says to review cyber defenses after airport targeted from Russia | Reuters.” https://www.reuters.com/article/us-ukraine-cybersecurity-malware-idUSKCN0UW0R0 (accessed Apr. 16, 2022).
[19] “Cathay Pacific Cyber Attack Is World’s Biggest Airline Data Breach.” https://www.insurancejournal.com/news/international/2018/10/26/505699.htm (accessed Apr. 16, 2022).
[20] “British Airways Says ‘Sophisicated’ Hacker Stole Data on 380,000 Customers.” https://www.insurancejournal.com/news/international/2018/09/10/500566.htm (accessed Apr. 16, 2022).
[21] “Delta, Sears Report Data Breach by Service Provider.” https://www.insurancejournal.com/news/national/2018/04/05/485440.htm (accessed Apr. 16, 2022).
[22] “Brit airport pulls flight info system offline after attack by ‘online crims’ • The Register.” https://www.theregister.com/2018/09/17/bristol_airport_cyber_attack/ (accessed Apr. 16, 2022).
[23] “Air Canada suffers major app data breach of 20,000 customers - Digital Journal.” https://www.digitaljournal.com/business/air-canada-in-major-app-data-breach/article/530763 (accessed Apr. 16, 2022).
[24] “Boeing hit by WannaCry virus, but says attack caused little damage | The Seattle Times.” https://www.seattletimes.com/business/boeing-aerospace/boeing-hit-by-wannacry-virus-fears-it-could-cripple-some-jet-production/ (accessed Apr. 16, 2022).
[25] “Airbus Statement on Cyber Incident | Airbus.” https://www.airbus.com/en/newsroom/press-releases/2019-01-airbus-statement-on-cyber-incident (accessed Apr. 16, 2022).
[26] “Ransomware attack on Albany Airport on Christmas 2019 - Cybersecurity Insiders.” https://www.cybersecurity-insiders.com/ransomware-attack-on-albany-airport-on-christmas-2019/ (accessed Apr. 16, 2022).
[27] “Air NZ faces data breach after staff accounts phished.” https://securitybrief.co.nz/story/air-nz-faces-data-breach-after-staff-accounts-phished (accessed Apr. 16, 2022).
[28] “DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla | Threatpost.” https://threatpost.com/doppelpaymer-ransomware-used-to-steal-data-from-supplier-to-spacex-tesla/153393/ (accessed Apr. 16, 2022).
[29] “Ransomware attack hits ST Engineering’s USA aerospace unit | News | Flight Global.” https://www.flightglobal.com/aerospace/ransomware-attack-hits-st-engineerings-usa-aerospace-unit/138722.article (accessed Apr. 16, 2022).
[30] “Airline software super-bug: Flight loads miscalculated because women using ‘Miss’ were treated as children • The Register.” https://www.theregister.com/2021/04/08/tui_software_mistake/ (accessed Apr. 16, 2022).
[31] “Chris Roberts who ‘hacked a commercial flight’ also hacked the ISS | Daily Mail Online.” https://www.dailymail.co.uk/news/article-3090288/Security-expert-admitted-FBI-took-control-commercial-flight-bragged-hacker-convention-2012-playing-International-Space-Station-getting-yelled-NASA.html (accessed Apr. 16, 2022).
[32] “Air France plane carrying 228 people disappears in storm over the Atlantic.” https://www.smh.com.au/world/air-france-plane-carrying-228-people-disappears-in-storm-over-the-atlantic-20090601-bsua.html (accessed Apr. 16, 2022).
[33] Y. G. Sun, L. Wang, and W. X. Chen, “A sensor of aero-engine real-time fault detection system based on ARM9,” Adv. Mater. Res., vol. 591–593, pp. 1470–1474, 2012, doi: 10.4028/www.scientific.net/AMR.591-593.1470.
[34] T. Humphreys, “Statement on the vulnerability of civil unmanned aerial vehicles and other systems to civil GPS spoofing,” Univ. Texas Austin (July 18, 2012), 2012.
[35] S. A. P. Kumar and B. Xu, “Vulnerability Assessment for Security in Aviation Cyber-Physical Systems,” 2017, doi: 10.1109/CSCloud.2017.17.
[36] Conventions, “Aviation Security : The Role of IFALPA and its Member Associations,” no. December, pp. 1–2, 2021.
[37] “ICAO Standards | IHS Markit.” https://ihsmarkit.com/products/icao-standards.html (accessed Apr. 16, 2022).
Cite This Article
  • APA Style

    Eman Ali Metwally, Haytham Tarek Mohammed. (2022). Hacking an Aircraft: Hacking the In-flight Entertainment System. Advances in Networks, 10(1), 7-14. https://doi.org/10.11648/j.net.20221001.12

    Copy | Download

    ACS Style

    Eman Ali Metwally; Haytham Tarek Mohammed. Hacking an Aircraft: Hacking the In-flight Entertainment System. Adv. Netw. 2022, 10(1), 7-14. doi: 10.11648/j.net.20221001.12

    Copy | Download

    AMA Style

    Eman Ali Metwally, Haytham Tarek Mohammed. Hacking an Aircraft: Hacking the In-flight Entertainment System. Adv Netw. 2022;10(1):7-14. doi: 10.11648/j.net.20221001.12

    Copy | Download

  • @article{10.11648/j.net.20221001.12,
      author = {Eman Ali Metwally and Haytham Tarek Mohammed},
      title = {Hacking an Aircraft: Hacking the In-flight Entertainment System},
      journal = {Advances in Networks},
      volume = {10},
      number = {1},
      pages = {7-14},
      doi = {10.11648/j.net.20221001.12},
      url = {https://doi.org/10.11648/j.net.20221001.12},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.net.20221001.12},
      abstract = {When it comes to systems that rely on computers and communications, we describe security as the prevention of intentional and, to a large extent, unintentional misuse that could compromise desired system behavior. In the context of existing safety, development, and certification, this study provides a practical understanding of how cyber security effects airplane computer system architecture. There's more to aviation than planes. It is backed up by the necessary ground infrastructure and equipment, as well as a large-scale computer network. Operations using computer networks to disrupt, deny, degrade, or destroy information housed in computers and computer networks, or the machines and networks themselves, are known as virtual attacks against the computer network. This paper discusses some of the most important security concerns that occur when it comes to aviation safety and reliability. We believe that many of the past accidents may have been perpetrated deliberately, and that some of them could be replicated maliciously now. We begin by looking at common security weaknesses and threats in aviation and its supporting infrastructure, as well as recalling some prior occurrences. Then we analyze what catastrophes are probable, if not inevitable, and what we might do in response.},
     year = {2022}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Hacking an Aircraft: Hacking the In-flight Entertainment System
    AU  - Eman Ali Metwally
    AU  - Haytham Tarek Mohammed
    Y1  - 2022/06/14
    PY  - 2022
    N1  - https://doi.org/10.11648/j.net.20221001.12
    DO  - 10.11648/j.net.20221001.12
    T2  - Advances in Networks
    JF  - Advances in Networks
    JO  - Advances in Networks
    SP  - 7
    EP  - 14
    PB  - Science Publishing Group
    SN  - 2326-9782
    UR  - https://doi.org/10.11648/j.net.20221001.12
    AB  - When it comes to systems that rely on computers and communications, we describe security as the prevention of intentional and, to a large extent, unintentional misuse that could compromise desired system behavior. In the context of existing safety, development, and certification, this study provides a practical understanding of how cyber security effects airplane computer system architecture. There's more to aviation than planes. It is backed up by the necessary ground infrastructure and equipment, as well as a large-scale computer network. Operations using computer networks to disrupt, deny, degrade, or destroy information housed in computers and computer networks, or the machines and networks themselves, are known as virtual attacks against the computer network. This paper discusses some of the most important security concerns that occur when it comes to aviation safety and reliability. We believe that many of the past accidents may have been perpetrated deliberately, and that some of them could be replicated maliciously now. We begin by looking at common security weaknesses and threats in aviation and its supporting infrastructure, as well as recalling some prior occurrences. Then we analyze what catastrophes are probable, if not inevitable, and what we might do in response.
    VL  - 10
    IS  - 1
    ER  - 

    Copy | Download

Author Information
  • Faculty of Computers and Information Science, Mansoura University, Mansoura, Egypt

  • Faculty of Computers and Information Science, Mansoura University, Mansoura, Egypt

  • Sections