Did he or didn’t he?

That’s the question exercising IT and cyber anaylsts over the claims by hacker Chris Roberts that he accessed in-flight entertainment and flight systems from his seat. The claims have been derided by Boeing and aviation experts.

Whatever the outcome, it highlights that this is a major security concern. This hacker claimed to have gained control from his passenger seat; but many airlines have now introduced wifi to their aircraft too, a service that is gradually rolling-out globally. So could someone hack into an airliner’s controls from the ground via wifi? Or on-board the aircraft as claimed by Mr Roberts?

I’ve worked in software all my life, and my view is that any system can be hacked. We tend to think of software-based systems as something operated by computers, electronic devices, microprocessors etc. Thinking this way can lead us to lose sight of the fundamental fact that all systems are designed and built by human beings, and therefore subject to human error and oversight. Airliners have proved all-too horrifically to be one of the terrorist’s weapons of choice.

New aircraft designs use TCP/IP technology for the main aircraft backbone, connecting flight-critical avionics and passenger information and entertainment systems in a manner that virtually makes the aircraft an airborne, interconnected network domain server.

There are and should be very real security concerns with this. One key to mitigating the threat will be ensuring that all systems related to flying the aircraft are an “island” – i.e. completely isolated from the non-essential flying systems.

Although Mr Robert’s claims have been dismissed, it seems he may have highlighted a very real achilles heal in the systems. If he is to believed, the IES was in fact connected to the avionics. If that is the case, then a way-in could be found.