Around 1,400 unlucky travelers who were set to depart from Warsaw’s Frederic Chopin Airport on Sunday had their flights cancelled or delayed for hours, as the computer system that issues flight plans for Polish airline LOT was hacked.
It took some five hours to fix the problem, and in the meantime the passengers were either placed on other (non-LOT) flights or given vouchers to stay the night and depart the next morning, the BBC reports.
The attack prevented the company from creating flight plans, but the company was quick to reassure customers that it had not affected their airplanes’ systems. The attack also didn’t affect flights that were already in progress.
The airport’s systems and those of other airlines were not affected.
The inability to perform or validate data loading on aircraft (including flight plans), using the standard procedures, should make us think of another attack vector, possibly against the ground communication devices, according to Ruben Santamarta, principal security consultant for IOActive.
“There are multiple systems at ground level that provide critical services for airlines and aircraft, in terms of operations, maintenance, safety and logistics. The first stage of an attack against an aircraft may begin on the ground. However, in order to properly assess the impact and the target of this attack we still need more information, so every scenario is just speculation,” Santamarta added.
The authorities have been called in to investigate. “We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry,” commented LOT spokesman Adrian Kubicki.
It is still unknown who’s behind the attack.
The good news is that they planes’ computer systems were not affected. Researchers have been warning for years that it can be done, and various organizations and authorities have been disputing those claims.
Nevertheless, this attack shows that the compromise of less critical systems can still lead to considerable headaches and economic problems for airlines.