BizJet Cybersecurity: What are the Main Threats?

Looking to keep protected from hackers aboard your private jet? Following are the top cybersecurity threats that passengers and crews should be aware of…

Business aircraft owners, pilots and passengers who think their personal devices can’t be hacked while they’re accessing the Internet onboard the aircraft in-flight or on the ground are deluding themselves. Travelers’ devices are just as vulnerable to cybersecurity breaches on board as they are at home or when accessing an open public network.

Nobody who owns, flies or travels in a business aircraft which has any form of cockpit or cabin connectivity should ever assume their personal electronic devices are immune to being compromised by hackers while they’re onboard.

The same cybersecurity threats that aircraft owners, pilots and passengers must guard against when accessing the internet at home are present in flight, at the FBO, and at the maintenance shop.

Business Aviation users and pilots are “an easy target”, warns Josh Wheeler, Senior Director, Entry into Service and Client Services for Satcom Direct.

Their association with business aircraft makes those people ‘high-profile’ as regards the attention of hackers, creating “a very large target on these individuals for phishing and malware campaigns, or even for finding out if their aircraft is going to a specific airport” — information that can be used to track the movements and habits of high-net worth or otherwise prominent individuals.

This was amply demonstrated recently when a teenager who knew the registrations of the aircraft involved used Internet flight tracking websites to track and publicly report the details of specific flights carrying Elon Musk and other highly visible personas, much to the embarrassment of, and possible personal danger to, those luminaries.

Travelers often assume they’re immune from any cybersecurity risk when taking a flight, simply because they’re using their devices while onboard an aircraft. “But there is a risk,” says Wheeler. “You’re susceptible whenever you are receiving and transmitting data,” no matter from where.

In fact, says Wheeler, hackers wanting to obtain personal financial and identity information from BizAv travelers’ devices, or to compromise the functioning of those devices in order to make subsequent ransom demands, often don’t even know the devices are being used onboard an aircraft. “They just see it as a device on a global network,” Wheeler says.

In certain parts of the world — China in particular, but also in various other locations in Asia, the Middle East and Eastern Europe — travelers have to be especially careful to ensure they maintain cyber-security, notes Wheeler. In such locations, “your risk profile jumps tremendously.

“In some countries, the risk of being compromised from a physical standpoint is greater than it being merely a random effort, because those nations are hostile to other countries,” he says. “They’re looking to compromise any asset in order to use it or to sell information.”

The Most Common Threat Types and Sources

The most common types of cyber-security threat faced by air travelers — pilots, aircraft owners, and passengers alike — are just the same as those everyone faces at home, according to Wheeler.

Email Phishing: Attempts to obtain sensitive personal identity and financial data for subsequent criminal exploitation are most frequently made by means of ‘phishing’ email campaigns — efforts to get people to open and interact with emails that may look as though they’re from genuine organizations such as banks and delivery companies — and other crooked initiatives to get people to download malware into their devices.

Responding to or downloading files from phishing emails or dodgy websites usually results in a world of trouble for those falling for the hackers’ scams.

So prevalent have phishing attempts become that today’s hackers aren’t even bothering most of the time to make their spoof emails look genuine, notes Wheeler. “We’re seeing a pattern. We’re seeing fewer good [phishing attempts] and they’re farther between.”

So cheap to buy is software that automatically generates and sends vast quantities of spoof emails to large lists of email addresses that many hackers are happy to play a low-percentage game.

Malware: Hackers use various other methods to obtain illicit access to air travelers’ devices. According to Wheeler, a common method of compromising device security is for hackers to load malware on to external USB memory sticks — often known as “thumb drives” — and then rely on the owners of the infected drives to insert the drives into their personal devices, immediately infecting the devices themselves.

This type of cybersecurity threat often finds its way onboard flight decks by maintenance mechanics unknowingly using infected USB sticks — or Internet Protocol-driven wireless downloading using a device logged into an open Wi-Fi network — to download aircraft condition-monitoring data at the MRO shop.

Flight decks can also be compromised by pilots innocently using compromised thumb drives or Wi-Fi via an open network to upload flight-planning information at the FBO.

Similarly, if an already infected device is plugged into the cabin or flight deck local area network (LAN) via its eight-pin RJ45 interface or Ethernet port, every device connected to that LAN can then be infected with the malware.

Infected USB sticks are also often brought onboard aircraft by children. Many owners let their children — and often their kids’ friends too — fly on their aircraft and, unknowingly, the youngsters bring onboard infected USB sticks and devices containing the video, audio and game content with which they want to entertain themselves during the flight.

When the children connect their devices to the aircraft’s cabin Wi-Fi network, the malware in their devices can immediately also infect the devices of everyone else traveling in the cabin.

The malware in the infected USB memory sticks often contains scripted files which act to provide the hackers with network discovery of all the devices linked to the aircraft’s cabin and/or flight deck Wi-Fi networks.

In doing so, the malware gives hackers the unique Media Access Control (MAC) hardware-identifier address and host name of every device onboard, as well as root access to each device’s operating system, potentially allowing the hackers to control all the devices remotely.

FBO and MRO Shop Risks: FBOs and MRO shops also often play host to another important cyber-security threat, purely because of the fact that they usually have open Wi-Fi networks — and so do many of the aircraft located in or around those facilities, says Wheeler.

Open Wi-Fi networks provide excellent opportunities for hackers to infect with malware every device connected to the network. All the devices not protected by a robust anti-virus firewall and malware-protection software are then ripe for exploitation.

The aircraft present at the MRO shop, or the FBO can provide the cyber-security problem itself, since, according to Wheeler, many owners and operators don’t change the passwords of their cabin and/or flight deck Wi-Fi networks.

Wheeler tells how, during a recent visit to an FBO facility, his device had automatically logged on to the cabin Wi-Fi network of one of the aircraft parked outside. He’d last boarded that airplane more than a year before at an entirely different location!

Based on Wheeler's experience of the passwords that business aircraft owners typically create for their cabin Wi-Fi networks, he strongly advises owners not to use the registration number of their aircraft, or even a doubled repeat of the registration number, anywhere in the passwords they devise.

Hackers know that the practice of adopting the aircraft's registration as its Wi-Fi passwords is so common among owners that they immediately try using the registration number as a first attempt at guessing the password. Failing that, they repeat the registration twice as a second guess.

Very often, Wheeler says, one of those first two attempts succeeds in giving them access to the cabin Wi-Fi network.

How is BizAv Mitigating the Risks

While the Business Aviation industry is gradually catching on to the fact that it has not adequately protected itself against cybersecurity threats, various manufacturers of routers, antennas, network hardware and even aircraft themselves have, as yet, done little to mitigate the problem, Wheeler claims.

As a result, “the aircraft router, modem, and potentially the antenna could be vulnerable” to being hacked.

The situation is somewhat better than it used to be, but makers of some legacy BizAv connectivity systems hard-coded unmodifiable system-admin passwords into their equipment. Nowadays those passwords are “very commonly known” and anyone with nefarious designs on the devices of Business Aviation users and pilots “can get into the networks easily,” says Wheeler.

Even today, one well-known Business Aircraft OEM always uses the same admin password for the cabin Wi-Fi network of every new aircraft it delivers to completion centers. While that widely known password can be changed, the OEM relies on the hope that the maintenance crews or pilots will change it for the owner of the aircraft. Wheeler says he has changed the network passwords of various business aircraft for the directors of maintenance and directors of operations.

In Summary…

Having identified the common threats that private jet passengers and crews face when it comes to cybersecurity in this article, read the 2nd edition of this series - Private Jet Connectivity: Top Cybersecurity Tips

More information from:

Gogo Business Aviation: https://gogoair.com
Satcom Direct: www.satcomdirect.com

Read more articles focusing on Jet Connectivity