Modernizing Authentication — What It Takes to Transform Secure Access
More than 1,400 passengers were impacted.
"We're using state-of-the-art computer systems, so this could potentially be a threat to others in the industry," LOT spokesman Adrian Kubicki told BBC News.
In a statement published on the 21st, LOT explained, "Today afternoon LOT encountered IT attack, that affected our ground operation systems. As a result we’re not able to create flight plans and outbound flights from Warsaw are not able to depart. We’d like to underline, that it has no influence on plane systems. Aircrafts, that are already airborne will continue their flights. Planes with flight plans already filed will return to Warsaw normally."https://l1.cdn.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Wired's Kim Zetter notes that a similar incident appears to have taken place last month when all United Airlines flight in the U.S. were grounded for almost an hour due to a problem dispatching flight plans to pilots.
Industry expert Peter Lemme told Wired that the problem for both LOT and United may be that the protocol for delivering flight plans doesn't require authentication -- meaning a hacker cold easily send fake flight plans to pilots.
"There’s more we could do in this area as far as authenticating that the flight plan is coming from a legitimate source," Lemme told Wired. "Right now, [the system] is relatively trusting -- if it comes in and it’s properly formatted, the system will accept it."
Tenable Network Security strategist Cris Thomas told eSecurity Planet by email that it's important to understand that an airline flight computer is no different from any other computer. "As such the computer is susceptible to the same attacks, malware and other issues that plague every other computer and ideally should have the same security systems in place as well," he said.
It's not clear, Thomas noted, why the LOT systems were unusable for several hours on the 21st. "It is possible that LOT took the machines offline on purpose to help them institute the fixes," he said. "Unfortunately, there is a lack of technical information available about what exactly happened."
Regardless, Thomas said, the LOT attack isn't unique -- there have been many similar attacks targeting airports, airlines and related systems over the years. "These date back to at least 1997 at Worcester Airport in Massachusetts where a teenager disabled the phone system, radio communications, runway lights and other systems at the airport for six hours," he said.