Everything can be hacked, including an airplane
In our technology driven society we see constant developments in better, faster, safer and more powerful devices. Many of those devices come with a kind of networking capability such as medical devices. Think of pacemakers, insuline pumps, artificial sight systems. The reason for making these devices accessible remotely is understandable. The Pacemaker is a device that you wish to implant once and not remove every now and then in order to adapt its settings. In reality these systems are hacked in test environments.
We see scientists creating devices that can hack into a GPS system and make you see a complete different position then in reality. While you are nicely sitting in your office, your GPS tells you that you are actually walking on a highway.
Cars can be hacked using the different networking capabilities like Bluetooth, G3-G4 network and even using FM/AM availability in a car. Imagine you are sitting in your car, waiting for the red light to turn green and your speed-meter tells you are driving 80 km/h. This might look funny but imagine your speed meter telling you are driving 50 km/h while in reality you drive 60 km/h, less funny already. Even less funny is that in modern cars every vital part of the car is connected to the central computer. Implementing malware into this computer can serve to remotely engage your brakes or disengage them above a certain speed.IF scientists, who are supposed to be the “good guys” can figure this out, then the bad-guys can do this as well.
Security is in many situations a result of risk calculation
s rather then based on facts.
Risk calculations that are done to wage actual threats are dangerous because they are partly based on assumptions and events that have or have not occurred in the past. When dealing with a critical subject,
like an airplane, these assumptions keep getting us in trouble. Risks don’t take into account new ways of operating. Hacking an airplane is supposed to be virtually impossible. Onboard entertainment systems are not connected to flight control computers. This might be the case during construction.
Who is checking this? How can we ensure systems are still operating and connected the way they should be? Recent revelations, like the ones from the hacker Chris Roberts, suggest otherwise. Reactions from officials of airplane manufactures claim this is not possible. How do they know?
When dealing with vital infrastructure, compliance and regulations are often regarded as similar for security, in fact they are not. They offer our adversary possibilities in finding ways around them. Security should contain room for application of modern security methods and be more focussed integrally into society.
By Wilfred van Schuppen, CPP