John McAfee is one of the most influential commentators on cybersecurity anywhere in the world. His new venture — Future Tense Central — focuses on security and personal privacy-related products. McAfee provides regular insight on global hacking scandals and internet surveillance, and has become a hugely controversial figure following his time in Belize, where he claims to have exposed corruption at the highest level before fleeing the country amid accusations of murder (the Belize government is currently not pursuing any accusations against him).
Ever since my good friend and Chief Campaign Technology Advisor, Chris Roberts, brought the world’s attention to the fact that hackers can control commercial airliners through an airplane’s entertainment system, I have been in great demand among commercial airline manufacturers and airlines.
The first thing I tell such clients is that a hacker does not need to be physically on the airplane in order take over control. Anyone, anywhere in the world can hijack a commercial airliner if they have a laptop, or even a smartphone, and access to the Internet.
You may think that such a statement is far-fetched. But is it really? Hackers already proved that they could hack into a Jeep over the Internet and take full control away from the driver — demonstrating this by driving one into a ditch. Controlling an airliner is little more complex than controlling an automobile, and simpler in some respects, in fact. Downing an aircraft can easily be done by placing the airliner in a stall situation. Too steep of a climb or an insufficient airspeed is all that is necessary — it’s something every pilot fears (I have a private pilot’s license, and a stall, especially at low altitude, is the last thing in the world I would want to have to deal with).
“Our commercial aircraft could be downed over the Internet by a hacker sitting comfortably in his living room.”
The next airline hijacking will not be caused by someone physically on an airplane, risking their own life. No, it will be done by some kid in Asia bored with Grand Theft Auto and looking for something else exciting to do. We are skating on thin ice as a country. All of our defenses are focused on a direction from which no attack will ever come again. The attack will be a digital attack, and we have zero defenses against it. Looking in people’s luggage for box cutters, knives, and guns, while armed Federal agents accompany most flights, is nearly idiotic in light of what a single smartphone can do in the wrong hands.
We must smarten up, and we must do it immediately. U. S. industries have careened into the world of smart devices (yes, an airplane is a device) without any thought given to cyber-security. Even Brinks, one of the most prestigious safe manufacturers on the planet, made the same mistake that our commercial airline manufacturers made in the rush to market. And cyber-security was completely overlooked.
“We are skating on thin ice as a country.”
Airline companies occupy the same realm. They know enough cyber science to electronically control an airplane, and control it well, but clearly they know nothing of the modern nuances of cyber-security.
The software on these airliners needs to be re-architected, from the bottom up, with cyber-security as the prime concern. Only then will we we have a hope of security. It will cost billions. But what’s the alternative?
The TSA, as an agency designed to keep dangerous devices from finding their way on board an airplane, has to change its focus entirely. No one is going to risk boarding a plane with a dangerous device when they could stay home and do far more damage over the Internet. While watching their favorite program on TV. And munching on a snack.
Next week I will burst an even larger bubble involving airline travel. I provided software to detect IMSI Catchers (Stingray-like devices), to hundreds of international travelers flying Aeroflot, Aurora, Air China, and Shanghai Airlines. What they discovered will shock you.