With today’s technology moving so quickly, it seems almost a given that passengers on board an aircraft ought to be able to connect to in-cabin WiFi, or at least in-flight entertainment (IFE) systems, with their personal devices.
But with this advancement in technology also comes increased risk. Connecting to public networks such as this opens devices up to attack. The question remains – are airlines ensuring that enough security is available to passengers when using onboard facilities?
According to CAPA – Centre for Aviation’s databases, more than 90 airlines around the globe now offer some form of IFE, on a variety of their aircraft, that connects personal devices to public networks.
Thales is a world-leading provider of onboard and ground systems for the civil aerospace market, providing systems and functions for all types of aircraft. The organisation provides world-class expertise in onboard electronics, and its product security officer, Samuel Miller, recently confirmed that while “no one is immune” from threats, the aviation sector is more process-driven to address security vulnerabilities quickly. Mr Miller commented on the susceptibility of inflight entertainment and connectivity (IFEC) systems to security breaches, saying: “Thales has a number of ‘layered protections’ within the IFEC system to protect from potential attackers who connect to access points on the aircraft”. He added that Thales is “continuously testing and updating and patching those controls to make sure that they can protect the IFE system appropriately”.
Panasonic North America director of security engineering and information security officer Michael Dierickx believes there are key differences in the ways that airline service and hardware providers go about outfitting systems on aircraft, making them less likely to be vulnerable than would be, for example, the public wireless hot spots in places like a coffee shop.
Mr Dierickx has said: “Our use of commercial-off-the-shelf products is limited. We customise and are never complacent, always protecting our assets, understanding new types of attacks and vulnerabilities for the hardware and software layer and deploying patches when necessary. There’s a lot of checks and balances and controls in place for what is allowed on board an aircraft and how it operates.”
There are other examples throughout the aviation industry of organisations working to increase security.
Lufthansa Technik (LHT) recently expanded its partnership with Inside Secure, a company specialising in security solutions for mobile and connected devices. Inside Secure will work with LHT to protect the Android and iOS applications of Lufthansa Technik’s wireless inflight entertainment ‘nice’ brand systems. The agreement enables passengers to use their own devices for secured playback of protected onboard movies and entertainment.