AVAIATION SECURITYCybertech Startup Aims to Keep Aircraft Safe

By Zachy Hennessey

Published 5 April 2024

As hackers get more daring and sophisticated, and even try to hijack airplanes, it’s increasingly vital to keep our aircraft safe from attack. Cybertech startup Cyviation aims to do just that.

If you’ve ever taken a nice plane ride, you’ll know that modern aircraft are marvels of technology and convenience (in stark contrast to the preflight experience of shuffling through the airport like cattle with a neck pillow, waiting endlessly to board the fancy flying tube).

While the latest modes of airborne travel are equipped with sophisticated systems that streamline operations, enhance efficiency and improve passenger experience, their increased dependence on digital systems increases vulnerability to cyberattacks.

In recent years, incidents of cyberattacks targeting the aviation industry have underscored the urgency of improving aircraft cybersecurity measures.

From flight disruptions due to malware infections to potential hijacking scenarios orchestrated by malicious actors — such as took place earlier in February, when hackers attempted to take over two El Al planes flying over Somalia — the ramifications of such attacks are far-reaching and potentially catastrophic.

Cyviation, an Israeli cybersecurity company focusing on aircraft protection, has been at the forefront of this battle since its inception in October 2021. 

Initially conceived as a nonprofit venture with Israel Aerospace Industries as a shareholder, Cyviation swiftly transitioned into a private entity with a mission to enhance flight safety through cyber defense.

Cyviation CEO Avi Tenenbaum highlights the prevalence of outdated systems still in use onboard commercial aircraft designed decades before the advent of cyber threats.

“We need to change the whole concept and make it cyber-by-design, because you cannot do patches and patches and patches on equipment that is very old,” he says. 

“Some commercial aircraft in flight today are using Windows 7 or even [1993’s] Windows NT, all kinds of things that have zero cybersecurity.”

Tenenbaum details the various attack vectors Cyviation has identified. One primary risk is passengers’ data held by the aircraft’s in-flight entertainment systems, which can include credit card information or other sensitive material.

The average attacker will go for ransomware. The data is really not secured on the aircraft and therefore there is a good incentive for attackers to get access to it,” he says, noting that while it’s not trivial to gain access to this information, in many cases it’s a very lucrative endeavor for hackers.

Cockpit Risks
“Then you have the cockpit,” Tenenbaum continues, elaborating on cyberattacks that pose a threat to pilots, such as GPS spoofing — deceiving GPS receivers by broadcasting false signals that mimic authentic ones from satellites.