Airlines are vulnerable to hacking, says LOT Polish airlines
Hackers, given a chance, can take over the world. This is because they are able to hack in any machine that has an internet connection. Most recent cases that made headlines include the US Data breach, the adult dating site that was hacked exposing millions and the hacked billboard . In Poland many passengers were stranded after airlines were grounded from flying. The world’s busiest airport reported a cyber-attack over the weekend said the chief executive of Polish national carrier LOT said on Monday.
Poland’s domestic intelligence agency said it had been called in to investigate, but there was no word on who might be responsible for the attack, which disabled the system LOT uses for issuing flights plans. The attack is likely to bring renewed scrutiny to the question of whether the systems which help keep airliners safely in the air are adequately protected from hackers intent on causing havoc or even on bringing down a plane.
“This is an industry problem on a much wider scale, and for sure we have to give it more attention,” LOT chief executive Sebastian Mikosz told a news conference. “I expect it can happen to anyone anytime.”
The airline said there was never any danger to passengers from the attack since it did not affect systems used by aircraft while in the air. Poland’s LOT airline was forced to cancel around 10 foreign and domestic flights after hackers attacked its computers. Airline spokesman Adrian Kubicki said the hacker attack temporarily paralyzed LOT’s computers at Warsaw’s Frederic Chopin airport on Sunday, disrupting the processing of passengers for the flights. He said some 1,400 passengers, scheduled to fly to Hamburg, Dusseldorf, Copenhagen and domestic destinations, were affected by the cancellations.
The problem was eventually solved and flights scheduled to depart later Sunday could leave as planned. A commission will investigate the source of the attack, Kubicki said. A LOT spokesman said other airlines use comparable software systems. He said the problem was most likely caused by what is known as a Distributed Denial of Service (DDoS) attack when a hacker deluges an organisation’s system with so many communication requests that it overloads the server, and it can no longer carry out its normal functions.
“This was a capacity attack, which overloaded our network,” said the spokesman, Adrian Kubicki.
Ruben Santamarta, a researcher on airline’s cyber-security, said there were not enough details on the LOT attack to properly assess what happened. But he said it highlighted the vulnerability of passenger jets when they are on the tarmac preparing to fly.
“There are multiple systems at ground level that provide critical services for airlines and aircraft, in terms of operations, maintenance, safety and logistics,” said Santamarta, who is principal security consultant for Seattle-based security research firm IOActive.
Santamarta last year said he had figured out how to hack into the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems.
Most denial of service attacks use a publicly accessible Internet site as the channel through which to bombard their target. The Lot system has no public site.
“I am quite surprised that such sensitive systems dedicated to airline operations are exposed to the Internet to be exposed to denial of service attacks,” said Pierluigi Paganini, the chief information security officer of Naples-based Bit4Id reports India Today.
“Like many experts, I am waiting for more details to understand how this occurred,” he said.
Asked about whether the system was exposed to the Internet, Kubicki, the airline spokesman, said the hackers had acted illegally to interfere with the operation of the system, but he said they had not gained direct access to any of the data contained within it. “The key thing for an airline is the ability to apply certain emergency procedures in such situations and I think that we passed this test,” said Kubicki.
Hackers can either do good or endanger many people. In may this year a hacker destabilized a flight from his seat even after warning the airlines of vulnerability, the hacker removed the cover to the SEB that was installed under the passenger seat in front of him by wiggling and squeezing the box. He was able to gain access to the system using the Cat6 ethernet cable with a modified connector to connect his laptop computer to the IFE system while in flight. After gaining access to the IFE system, he overwrote code on the airplane’s Thrust Management Computer while aboard a flight. The hacker then successfully commanded the system he had accessed to issue the ‘CLB’ or climb command. He then used Vortex software after compromising the airplanes networks, he used the software to monitor traffic from the cockpit system.
Hacking can also be a lucrative job or hobby. A hacker was paid $100,000 by Microsoft for spotting a security flaw in Microsoft’s software. James Forshaw who heads a vulnerability research at Context Information Security was able to show Microsoft a vulnerability that enabled Microsoft develop defenses against entire classes of attack.
Related: North Korean Hackers are capable of causing a war