“Communications with pilots and their onboard equipment is largely unencrypted by design to avoid issues when seconds can mean life or death. In fact, this unencrypted communication has been exploited in the past by security researchers.”Lamar Bailey, Director of Security Research and Development at Tripwire, believes this lack of secure communication channels has held back any and all forms of remote aircraft control technology from being implemented. “The technology is nearly there, but it still has a ways to go to be secure,” Bailey observes. “Remote control of the plane is very much like remote control of a computer using RDP or SSH since a plane is just a big network of computers, only with lots of metal and passengers strapped to it. To protect the lives of everyone onboard, security needs to be a top concern when implementing remote control technology.” Fortunately, there are steps that can be taken to help secure this equipment. First, all communications should be protected by robust forms of encryption and authentication, as Smith points out: “I would hope that complete remote control of a civilian aircraft would implement some form of encryption. At the very least, the system would need to include both server-side and client-side certificate authentication to ensure only trusted sources are controlling the plane.” Bailey is of the same opinion: “The system will need to use top shelf data encryption, and the login procedure should be a lot stronger than the normal 10-character password.” Smart fail-safes that are built into the technology’s commands could also help bolster the technology’s security, Bailey notes. Such precautions could ensure that planes are only diverted to safe locations, such as airports, and are not able to ascend or descend above predetermined altitudes depending on the flight path. These measures notwithstanding, malicious actors could still find ways to exploit weaknesses in the technology, as well as other vulnerabilities found on airplanes more generally. As observed by Bailey, “What if the malicious actor was on the ground in the authorized remote control operations center? The core of the issue here is insider threat and the ability for a single actor to perform malicious acts.” Ken Westin, Senior Security Analyst at Tripwire, is also concerned about insider threats with respect to remote control:
“You may protect yourself from someone attacking from inside the plane, but you open the system to potential compromise from the outside world. There are a number of places that such a system could be compromised, and it could put all planes at risk.”As one might expect, the danger of insider threats extends well beyond remote control technology. For instance, David Stupples, professor for electronic and radio systems at City University London, explained in a recent article published on Deutsche Welle that malicious insiders can already hack an airplane either by creating an external data-line and using it to upload a virus into the aircraft’s computer systems during a software update, or by physically inserting malware into an airplane’s electronics bay via use of a USB stick. Given these persistent threats, the International Air Transport Association (IATA and a number of other bodies have signed an agreement to coordinate their efforts towards protecting aircraft against computer attacks. As their work gets underway, perhaps these organizations will decide to revisit the remote control technology that was first proposed nearly 10 years ago. Either way, it is our hope at Tripwire that the IATA and its partners will this use collaborative agreement as an opportunity to discuss security measures that will prevent tragedies like the Germanwings crash from ever happening again.