An aviation security researcher believes the attack on Polish airline LOT is the first indicator of a new trend in the cybersecurity realm.
Ruben Santamarta, principal security consultant for IOActive, is the author of research in the field of SATCOM and aviation security. In a whitepaper documenting his research (.PDF), Santamarta explained how satellite communications (SATCOM) -- used to support industries including aviation, the military and emergency services -- are often vulnerable to exploits and flaws including backdoors, hardcoded credentials, insecure protocols and weak encryption algorithms.
Outdated firmware is often an issue, as well as design flaws.
While it is not known how the recent attack on POL was able to take place, the incident does highlight how the aviation industry is now a target for cybercriminals.
On Sunday, the airline was forced to cancel a total of 10 flights and delay over a dozen after a successful cyberattack was launched against LOT's ground systems. The hackers were able to "temporarily paralyze" systems which, in turn, delayed passenger processing.
While the safety of outgoing flights was not compromised, it is concerning that digital attacks are being launched against industries responsible for the safety of the general public. Airline spokesman Adrian Kubicki said the attack was the "first of its kind," and according to commentary by Santamarta in a Q&A session with ZDNet, documented below, the incident is only the beginning of a new trend.
What do you think potentially took place in the attack against LOT over the weekend?
We don't have enough information so we may only speculate. According to the LOT's spokesman statements we may assume they were victims of a targeted attack, which is certainly disturbing. Initially, it seems that flights plan couldn't be generated which may indicate that key nodes in the back office were compromised.
The cyberattack on LOT systems over the weekend was called the "first of its kind" by the airline spokesman. Do you think we are likely to see more of these attacks in the future? What does this mean for passengers?
Sophisticated attacks do not happen by chance or fetichism. An airline's main business is to keep aircraft flying as long as possible, so when an incident forces LOT to keep its airplanes on the ground this basically means the company is facing huge economic losses as well as damages to its brand image. This attack was apparently successful so I would say we will see a trend rather than an isolated incident.
What are the main types of cyberthreats airlines should watch out for?
As like any other company, airlines should properly secure their IT systems, trying to mitigate as much as possible the risk derived from the human factor.
In your opinion, considering your research into SATCOM, what are the most vulnerable parts of airline systems?
As like any other company, airlines should properly secure their systems, trying to mitigate as much as possible the risk derived from the human factor. Ground systems and connectivity links between aircraft and the Airline's back office are an interesting target from the security perspective.
There are multiple systems at ground level that provide critical services for airlines and aircraft, in terms of operations, maintenance, safety and logistics. The first stage of an attack against an aircraft may begin on the ground.
Are other industries which rely on SATCOM facing the same threats as airlines?
They're facing the same threat although the impact may be different. Usually companies whose communications infrastructure relies on SATCOM perform critical operations.
What do vendors need to do now to protect themselves against cyberattack?
Take a proactive approach to secure their products: i.e introducing security in the design and checking for vulnerabilities at every stage, even once they have been deployed.