Could your plane be hacked?

By Bruce Schneier

Updated 1358 GMT (2158 HKT) April 16, 2015

Chat with us in Facebook Messenger. Find out what's happening in the world as it unfolds.

The rise of social media and mobile devices mean businesses are more vulnerable to hacking. In a bid to keep information secure, a new wave of body-centric devices are replacing passwords. The Nymi, pictured, authenticates identity by measuring your heartbeat.
Photos: How your body will be your password
Use your pulse as your password? The rise of social media and mobile devices mean businesses are more vulnerable to hacking. In a bid to keep information secure, a new wave of body-centric devices are replacing passwords. The Nymi, pictured, authenticates identity by measuring your heartbeat.
Hide Caption
1 of 10
Created by biomentrics technology company Bionym, The Nymi has a built-in sensor that detects the unique electrical pulse produced by your heartbeat. "By using this type of technology, we can establish a very high level of trust because it's so closely tied to the body," says Kevin Martin, CEO and founder of Bionym.
Photos: How your body will be your password
The NymiCreated by biomentrics technology company Bionym, The Nymi has a built-in sensor that detects the unique electrical pulse produced by your heartbeat. "By using this type of technology, we can establish a very high level of trust because it's so closely tied to the body," says Kevin Martin, CEO and founder of Bionym.
Hide Caption
2 of 10
Unveiled in 2014 by eyeLock -- an iris-based identity technology company -- Myris is a palm-size device that scans the unique features of your eye.
Photos: How your body will be your password
MyrisUnveiled in 2014 by eyeLock -- an iris-based identity technology company -- Myris is a palm-size device that scans the unique features of your eye.
Hide Caption
3 of 10
Fitted with a small mirror and camera, the Myris is able to scan the unique colors and vein patterns in your iris. Storing this information within its hardware, the Myris is able to identify its user accurately. EyeLock even claims that the device cannot be fooled by a video or photograph of your eye.
Photos: How your body will be your password
MyrisFitted with a small mirror and camera, the Myris is able to scan the unique colors and vein patterns in your iris. Storing this information within its hardware, the Myris is able to identify its user accurately. EyeLock even claims that the device cannot be fooled by a video or photograph of your eye.
Hide Caption
4 of 10
Using palm vein recognition, Quixter identifies users by scanning vein patterns with an infrared light. Quixter only works when blood is flowing through the veins, so there's no need to worry about someone cutting your hand off.
Photos: How your body will be your password
QuixterUsing palm vein recognition, Quixter identifies users by scanning vein patterns with an infrared light. Quixter only works when blood is flowing through the veins, so there's no need to worry about someone cutting your hand off.
Hide Caption
5 of 10
An identity and access management platform for the "post-password era," LaunchKey is part of a wave of mobile-based authentication apps that do away with passwords -- most of which are tied to personal information.
Photos: How your body will be your password
LaunchKeyAn identity and access management platform for the "post-password era," LaunchKey is part of a wave of mobile-based authentication apps that do away with passwords -- most of which are tied to personal information.
Hide Caption
6 of 10
The launchKey app allows for password-free login capabilities on your mobile phone, allowing users to access websites and applications by simply swiping the mobile phone interface. Security is provided by the simple fact that the mobile phone is in your possession -- a key deterrent for hackers.
Photos: How your body will be your password
LaunchKeyThe launchKey app allows for password-free login capabilities on your mobile phone, allowing users to access websites and applications by simply swiping the mobile phone interface. Security is provided by the simple fact that the mobile phone is in your possession -- a key deterrent for hackers.
Hide Caption
7 of 10
In light of these more secure developments, it looks as though fingerprint identification will be a thing of the past. Seeing as our fingerprints are left on a variety of surfaces on a day-to-day basis, iris scanners and heartbeat monitors could be a promising alternative.
Photos: How your body will be your password
Adios to fingerprints? In light of these more secure developments, it looks as though fingerprint identification will be a thing of the past. Seeing as our fingerprints are left on a variety of surfaces on a day-to-day basis, iris scanners and heartbeat monitors could be a promising alternative.
Hide Caption
8 of 10
While identity authentication is becoming more secure, many companies are looking to streamline transactions. Barclaycard's bPay wristband does away with PIN numbers and credit cards, allowing wearers to make contactless payments for items under £20 ($30).
Photos: How your body will be your password
Barclaycard bPay While identity authentication is becoming more secure, many companies are looking to streamline transactions. Barclaycard's bPay wristband does away with PIN numbers and credit cards, allowing wearers to make contactless payments for items under £20 ($30).
Hide Caption
9 of 10
Does your phone double up as a travel card? Digital communications company EE announced in 2014 that customers can use their mobile devices to travel on London bus routes.
Photos: How your body will be your password
EE Cash on TapDoes your phone double up as a travel card? Digital communications company EE announced in 2014 that customers can use their mobile devices to travel on London bus routes.
Hide Caption
10 of 10
cyber security bionym cyber security bionym 2eyelock cybersecurity eyelock cybersecurity 1new payment technologies quixterlaunchkey cyber security carcyber security launchkeyiphone fingerprintbpay cybersecurity 2new payment methods ee cash on tap

Story highlights

  • Bruce Schneier says plane being hacked is not his biggest concern
  • As computers key to infrastructure become connected, vulnerability to cyberattack grows, he says
  • Schneier: We have to build security into everything that is going to be connected to Internet

Bruce Schneier is a security technologist and author. He is the chief technology officer of Resilient Systems, and his latest book is "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World." He blogs at schneier.com and tweets @schneierblog. The views expressed are his own.

(CNN)Imagine this: A terrorist hacks into a commercial airplane from the ground, takes over the controls from the pilots and flies the plane into the ground. It sounds like the plot of some "Die Hard" reboot, but it's actually one of the possible scenarios outlined in a new Government Accountability Office report on security vulnerabilities in modern airplanes.

It's certainly possible, but in the scheme of Internet risks I worry about, it's not very high. I'm more worried about the more pedestrian attacks against more common Internet-connected devices. I'm more worried, for example, about a multination cyber arms race that stockpiles capabilities such as this, and prioritizes attack over defense in an effort to gain relative advantage. I worry about the democratization of cyberattack techniques, and who might have the capabilities currently reserved for nation-states. And I worry about a future a decade from now if these problems aren't addressed.
    Bruce Schneier
    Bruce Schneier
    First, the airplanes. The problem the GAO identifies is one computer security experts have talked about for years. Newer planes such as the Boeing 787 Dreamliner and the Airbus A350 and A380 have a single network that is used both by pilots to fly the plane and passengers for their Wi-Fi connections. The risk is that a hacker sitting in the back of the plane, or even one on the ground, could use the Wi-Fi connection to hack into the avionics and then remotely fly the plane.
    The report doesn't explain how someone could do this, and there are currently no known vulnerabilities that a hacker could exploit. But all systems are vulnerable -- we simply don't have the engineering expertise to design and build perfectly secure computers and networks