Hackers attempted Mid-Air flight Hijack

In the past week, hackers targeted two El Al flights bound for Israel, attempting to hijack their communication networks and divert the aircraft, as reported by The Jerusalem Post. The flights were en route from Thailand to Israel’s Ben Gurion Airport. It is worth noting that no group has claimed responsibility for this hack.

In the most recent incident, Israel’s national airline confirmed that “hostile elements” attempted to take over the communication network of an El Al plane from Phuket, Thailand to Ben-Gurion Airport, causing it to divert from its destination. Hostile elements contacted pilots twice, once on a flight between Phuket and Ben-Gurion and once on a Bangkok flight.

The aircraft was reportedly flying over an area inhabited by Iranian-backed Houthis. Sources claim the hack may be the work of a Somaliland-based group. For your information, Somaliland is a state in the Horn of Africa.

El Al pilots became suspicious and decided to ignore the sudden change in instructions and switched to another communication channel to double-check their route with air traffic controllers. The airline confirmed that pilots are trained to spot and mitigate threats while in the air. According to the airline, the disruption did not affect the normal course of the flight due to the professionalism of the pilots. 

“The disruption did not affect the normal course of the flight thanks to the professionalism of the pilots who used the alternative means of communication and allowed the flight to continue on the planned route,” the airline’s statement read.

Aircraft safety should be a point of concern within the cybersecurity fraternity given the growing number of incidents targeting airlines. In September 2022, researchers at Necrum Security Labs discovered two critical vulnerabilities in Contec’s wireless LAN devices, specifically the Flexlan FXA3000 and FXA2000 series, which provide WiFi on airplanes.

The Japan-based Flexlan LAN devices in airplanes contained two critical vulnerabilities, CVE–2022–36158 and CVE–2022–36159, allowing hackers to hack the inflight entertainment system and other high-speed internet access points.

Then in January 2024, Pen Test Partners’ cybersecurity researchers identified a critical issue in Airbus’ Flysmart+ Manager suite, which was remediated 19 months after initial disclosure.

The app, according to Pen Test Partners, developed by Airbus-owned IT services company NAVBLUE, had a disabled security control, allowing insecure communication with servers, potentially allowing an attacker to modify aircraft performance data or adjust airport information.

EASA, the EU’s aviation safety agency, recently released the first Easy Access Rules for Information Security to enforce security best practices across various sectors, including suppliers, airlines, airports, communication infrastructure providers, and air towers.