The “fasten your seatbelts” signs turn off and you can finally recline, fold down the tray table, and switch on your notebook or tablet. Many airlines now even offer WiFi access in the cabin, so you can surf the Internet, post to Facebook, and write emails without restriction. Hard to believe, given that it wasn’t long ago that you couldn’t even leave your cell phone switched on during the flight. So, is it safe and secure to use WiFi and portable devices? There are two major aspects to this question:
- First, whether airplane systems are secure, even though WiFi radio waves are used to communicate and passengers have access to the digital infrastructure aboard the airplane.
- And second, whether passengers’ devices are also safe and secure, as they share the airplane WiFi network with all other users in the cabin.
Hacking airplane systems
A clear answer can be given to the first question, at least at the moment: Yes, the airplane is still safe and secure. The radio waves are irrelevant to the onboard electronics in terms of power and frequency, as the cockpit and internal technology have to be able to cope with completely different types of possible interference. In addition, there is no potential risk of airplane systems being hacked into. Every airplane manufacturer separates the in-flight entertainment and WiFi systems from the critical airplane systems. Furthermore, they use data and signal formats to communicate, which are incompatible with Ethernet; they also don’t use the TCP/IP protocol. Frequently, additional security functions are integrated into the systems, such as specific transmitter restrictions and extremely strict time intervals, within which data must be exchanged between communication partners. And even if there was a widespread failure of the electronics system, irrespective of what measures are taken to deal with it, all flight-critical systems have a mechanical backup – cable controls and hydraulic systems instead of servos and electronic actuators.
This doesn’t mean, however, that airplanes are immune to potential security loopholes. Researchers are repeatedly discovering weaknesses in various systems, such as those involved in satellite communications, which could theoretically be exploited. By exploiting this bug, false positioning data can be transmitted to the airplane while in flight causing a change of course; however, other experts have given the all-clear. Even if a person were able to exploit this security loophole, the pilots themselves could just simply make a course correction. Other means of communication are available in each passenger airplane which allow verification of positioning data and flight plans. On top of this, the flight-control center would also spot each course change and alarm the pilots.
The statistical probability of mounting such attacks successfully is far below the other typical causes of failure, technical or human error, which are also rare. Airplane manufacturers also want to save costs and are trying wherever possible to integrate standard IT components that transfer and process data using standard IT formats.
Airline operators have set out countless operational cases where digital data would improve services, shorten ground times, and resultingly save costs. Whether over the short term or long term, manufacturers will eventually meet these requests and integrate an ever greater amount of standard IT equipment into airplanes. Hopefully the security measures will be tightened to meet the aviation industry’s more stringent requirements.
Security measures above the clouds
So how about the information on your notebook or tablet? WiFi access aboard an airplane is just like a standard public hotspot – no difference from the one in the airport or at Starbucks. Those who use the WiFi network share the wireless network with all other users. Whether airplane manufacturers integrate specific security measures in their switches and routers is information that currently only they know. For this reason exactly, the same security measures that are also suitable at Starbucks or in the airport should apply: Either you encrypt all data traffic using a virtual private network (VPN), which companies usually install on professional users’ devices anyway, or you encrypt each app’s data. In the case of email, this can be done using encryption programs like Pretty Good Privacy (PGP), EnigMail or GnuPG. For browser-based communications, it can be achieved using Secure Sockets Layer (SSL) technology, usually identifiable by the little padlock icon in the address bar. Plug-ins for many browsers can also take care of this automatically if required, such as HTTPS Everywhere for Firefox and Chrome. Naturally, the internal firewall should be enabled on each device and the latest version of a security software solution such as Avira Antivirus Pro, Avira Internet Security Suite or Avira Free Antivirus should also be installed and active.