GPS disruptions on certain flights led the EASA to suspect cyberattacks originating from Russia.
The dangers in the sky do not only come from technical failures, such as the Boeings described as “ defective » by its engineers. Sometimes a conflict that plays out on the ground can have repercussions above our heads.
These are fears expressed by the European Union Aviation Safety Agency, EASA, in an alert bulletin issued on its site in January 2024. This alert reports cyberattacks to which certain flights have reportedly been victims. destination of the United Kingdom, a country allied with Ukraine in the conflict between it and Russia since 2022. An alliance which fuels the agency’s suspicions of cyberattacks.
The dreaded spoofing of pilots, a favorite of hackers, probably used in cyberattacks on flights to the United Kingdom
Identity theft doesn’t just affect people. It can also target a GPS signal. And it is this technique that the EASA suspects of being used by sky hackers targeting the UK, such as in December 2023, when pilots flying over the Middle East region received erroneous GPS signals.
Spoofing, or identity theft, is a form of cyberattack that disrupts wireless communications systems such as Wi-Fi, Bluetooth and GPS. The goal of these attacks is to jam a network, preventing devices from communicating properly. This is typically done by using physical devices to flood a network with strong signals, disrupting normal operations.
There are several ways to carry out a spoofing attack. For example, a “constant jam” attack works by emitting a constant interference signal on the same frequency band as a Wi-Fi network. This can result in no available bandwidth for legitimate traffic, which results in a complete denial of service.
Another form of spoofing attack is “deceptive jamming”, which is typically used to jam GPS devices. These attacks use fake signals intended to imitate legitimate, expected signals on a network. In addition to disrupting operations, this information can be used to attempt to circumvent encryption or provide false information.
Finally, “responsive jamming” is another form of spoofing attack. Instead of sending a constant signal, an attacker waits until a legitimate signal is detected, then works to interrupt it and replace it with an interference signal using the same frequency. This technique is sometimes used in man-in-the-middle attacks on Wi-Fi networks.
46,000 flights experienced disruptions over the Baltic, Black Sea and Eastern Mediterranean between August 2024 and March 2024
However, Russia’s interference in navigation systems is nothing new. As an example and although it denies it, since 2015, the nation of Vladimir Putin has targeted the Donbass, in the east of Ukraine, with cyberattacks. But it was recent disruptions during the flight of a Royal Air Force plane that brought suspicions of Russian cyberattacks back to the table. The GPS coordinates of this British Army Air Force aircraft were jammed, causing severe disruptions to communications between flight and ground personnel at various international airports.
But more generally, according to researchers, the number of suspected Russian satellite attacks exceeded 350 per week in March 2024, which represents a significant increase compared to the less than 50 attacks per week recorded last year. former.
From August to March 2024, 46,000 flights are reported to have experienced satellite navigation problems over the Baltic region.
These flights included 2,309 Ryanair flights, 1,368 Wizz Air flights, 82 British Airways flights and four EasyJet flights.
The EASA recommends that pilots remain vigilant, but also consider alternative routes and maintain constant communication with ground personnel. If for the moment, the EASA does not directly accuse Russia, these incidents raise vigilance and lead airlines to an open-air cyberwar.
Source : Cybersecurity Insiders, EASA
1