Information Security in In-Flight Entertainment Systems

In May 2015 a security researcher made headlines when he claimed to have controlled a United Airlines aircraft by hacking into their In-Flight Entertainment System. Subsequently Boeing issued a statement,“While these systems receive [plane] position data and have communication links, the design isolates them from the other systems on airplanes performing critical and essential functions.” Now it is generally accepted in the airline industry that a hacker cannot interfere with the flying of an aircraft even if he gets access to the IFE system. But is there anything within the IFE network itself that a hacker might find attractive?

Apparently these innocent looking entertainment systems carry enough sensitive and much sought-after information to make hackers interested. Let us look at some of these buckets of information.

The first and foremost is the entertainment media itself. Almost all the airlines carry early-window content- movies recently released in theatres. Given the advent of High Definition monitors in IFE systems it can be safely assumed that the IFE servers contain these movies in excellent quality resolution and there is a lot of it. A typical Emirates flight carries more than 2000 channels of movies, TV and music.

The second set of information that can be found on IFE systems is credit card data. Many international and domestic airlines allow passengers to pay for movies or food during the flight by swiping their credit cards. Not all airlines accept transactions onboard, but almost all in-seat systems come equipped with credit card swipe machines at each seat. Even though the number of transactions per flight can be very few, the numbers can be huge over a longer period of time. And the Target hacking in 2013 showed us how innovative and patient the hackers can be. In that case, the hackers had credit card data collected from all the POS systems to a single server with Target network. This data was sent out from this server periodically. It would not be difficult to imagine such a scenario in a flight.

The third set of information is personal information of passengers that is available as part of passenger manifest. Some of the IFE systems pull passenger manifests before takeoff and use it to provide personalized experience to passengers. The passenger manifests can contain passengers’ frequent flyer program account details.

Fourth set of sensitive information that can be present on IFE systems is any personal information entered by passengers. There are various ways by which airlines and their partners ask passengers for their email addresses, phone numbers etc. Surveys, third party apps, frequent flyer program registrations, shopping apps and so on. Apart from these, there are other features available on some IFE systems where passengers can exchange chat messages between seats or send emails and text messages to the ground.

Each of these categories of information is secured using various security mechanisms including encryption of data. Some using industry standards and some using case to case implementation based on perceived security threats. For example, managing credit card data requires vendors to have PCI DSS certifications. Similarly, to carry early release window content, the Studios expect stringent security audits. Other features might come with its own security measures as part of software product distributions.

Many corporates, including airlines, have well-defined information security policies. But these are mostly applicable to their websites, booking systems etc. The in-flight entertainment systems need a more fine-tuned definition of policies because of its unique nature of operations. Such information security policies should take into consideration three unique aspects of these systems. First, these systems are open to all. There is no access restriction once a person is onboard. Second, availability for long hours. On long haul flights, the systems are accessible for more than 10 hours. Third and most important aspect, there is always a long gap between designing a new IFE system and actual implementation of it. It can take years for a system to start flying after it was designed. This makes the system outdated during its very first flight.

In addition to these, the airlines have now started offering entertainment on passenger devices. That opens up new entry points into the systems as well as more devices to protect.

Given these challenges, it is important that any security policy defined specifically for an IFE system introduces checks and balances during each release process. It is also imperative that the systems are designed keeping data security risks in consideration.

When it comes to volume of sensitive data, IFE system is no bank or Facebook. But with millions of passengers flying daily it is no less important.

Mangesh Adgaonkar
Director, CoKinetic Systems India