Security Of In-Flight Entertainment Systems

With holiday travel around the corner, many news outlets are covering In-Flight Entertainment (IFE) system vulnerabilities. Right before many of us step onto airplanes, the media is rehashing the news from early 2015 about Chris Roberts, who claimed to have broken into an IFE on a United Airlines flight (this was debunked) in relation to recent discussions about more minor IFE vulnerabilities affecting personal financial data.

To ease fears and obtain a better understanding of this situation, let’s take a look at how the IFE actually works. A server located on commercial aircrafts known as the System Control Unit (SCU) maintains an individual connection between it and each passenger’s Seat Display Unit (SDU) throughout the cabin. Modern SDUs are typically touchscreen and often run on Linux or Android operating systems. Credit card reader may be located here or within the Personal Control Unit (PCU) handheld device.

The Cabin Management System (CMS) is what the flight attendants use to adjust the atmosphere within the cabin. This system is often connected to the IFE. Because of this, theoretically, elements such as speed, altitude displays, or even cabin lights, could potentially be manipulated in the cabin—not the cockpit. This has yet to happen, and still, all flight control systems are separate.

Pilot communications with the ground are also separate, occurring via the Aircraft Communications Addressing and Reporting System (ACARS). Airbus and Boeing also segregate Satellite Communications (SATCOM) from all other systems and have banned the distribution of SATCOM information. Both companies have also stated that their planes are constructed with flight controls and IFE systems completely isolated (including in-flight wifi), with pilots always acting as physical superusers over flight control systems.

According to a senior federal law enforcement official, no conclusive data exists which indicates a passenger can utilize an IFE system to gain access to any component of flight control mechanisms. In addition, United Airlines has stated that they are confident Roberts’ claims are unfounded.

So sit back, relax, and take the thought of your flight being hijacked by the person rapidly pressing on the IFE, off your mind.

Disclaimer: Never attempt to tamper with an IFE system or claim to have manipulated flight controls unless you’re interested in ending up on the No Fly list. The FAA has a zero tolerance policy for perceived threats. It’s not worth the risk, just ask Chris Roberts.

Learn More:

About Danielle Pucciarella-Galkova 11 Articles
Hi! I'm a Security Engineer at a startup in the Bay Area. I have a Master's in Cybersecurity and I love teaching about tech! Check out my YouTube channel ↓down there↓ :)

Be the first to comment

Leave a Reply