In response to reports last week that passenger Wi-Fi networks make some planes vulnerable to hacking, the FBI and TSA have issued an alert to airlines advising them to be on the lookout for evidence of tampering or network intrusions.
The FBI and TSA note that they currently have no information to support claims that an attacker could commandeer a plane’s navigation system through the passenger Wi-Fi or IFE (In Flight Entertainment) networks, but they are taking the claims seriously. They are currently evaluating the evidence to determine if there is a credible threat posed by intrusions into the networks of passenger planes.
The alert, posted to the FBI’s InfraGard site as a private industry notification (or PIN), advises airline staff to be on the lookout for signs that any passengers might be trying to connect to the network ports located beneath their seats.
“Although the media claims remain theoretical and unproven, the media publicity associated with these statements may encourage actors to use the described intrusion methods,” the alert notes. “Attempting to gain unauthorized access to the onboard networks of a commercial aircraft violates federal law.”
The alert then describes the signs that flight crews should be looking for:
- Report any suspicious activity involving travelers connecting unknown cables or wires to the IFE system or unusual parts of the airplane seat.
- Report any evidence of suspicious behavior following a flight, such as
IFE systems that show evidence of tampering or the forced removal of
covers to network connection ports.
- Report any evidence of suspicious behavior concerning aviation wireless signals, including social media messages with threatening references to Onboard Network Systems, ADS-B, ACARS, and Air Traffic Control networks.
- Review network logs from aircraft to ensure any suspicious activity, such as network scanning or intrusion attempts, is captured for further analysis.
The FBI/TSA alert comes on the heels of a tweet sent out last week by security researcher Chris Roberts while aboard a United Airlines flight from Chicago to Syracuse. Roberts tweeted a joke about accessing his airplane’s network to see if he could play with passenger oxygen masks. He was met by FBI agents when he landed in Syracuse, who seized his laptop and other electronics.
Roberts sent out his joke tweet in response to a report released last week by the Government Accountability Office indicating that unsecured connections between the passenger Wi-Fi networks and the avionics systems on some Boeing and Airbus planes could make it possible for a hacker to gain access to navigational controls and commandeer a plane.
Roberts, a respected computer security professional, has done extensive research into the vulnerabilities of airplane networks and has spoken with Boeing and Airbus in the past about the vulnerabilities, but got little response from the airlines.
The tweet he sent from his United flight was a result of exasperation, he told WIRED, exasperation that his warnings over the years had not been heeded by the airlines.
Although Roberts has said that he did not access United’s network during his Chicago to Syracuse flight, and never intended to, he admitted to WIRED and the FBI that he has in the past connected to the network ports beneath his seat on more than a dozen flights, along with a fellow unnamed researcher. They did this to sniff traffic crossing the networks and uncover vulnerabilities, Roberts said.
The FBI/TSA alert to airlines to be vigilant about passenger activity appears to be a direct response to Roberts’s admission.