United Airlines announced a shift in its satellite internet provider service. The service currently utilizes GEO SATCOM providers, such as ViaSat, Panasonic, Thales, and IntelSat, but will begin an approximately three-year shift to Starlink (Rainbow 2024). The shift is intended to take advantage of Starlink’s high-speed, low-latency bandwidth and follow current airline market trends to provide new service options to customers, such as the ability to live-stream television or gaming. This shift in United does not replace ViaSat services, seen as the ‘gold standard’ in airline connectivity, but will likely challenge Panasonic and IntelSat.

While airline consumers are increasing demand for these services, the opportunities pose significant security challenges, particularly for aircraft that have traditionally been protected from airborne cybersecurity threats. A prime example of advancing cyber security threats to airplanes is the 2015 case of Chris Roberts, who claims to have hacked into in-flight entertainment software and reached the flight’s onboard computer to change engine output and monitor flight traffic (Perez 2015). Mr. Roberts could execute these operations by physically manipulating in-flight entertainment and charging hardware.

While the connection between hardware bypasses for flight control access and Starlink service on airlines is notional, it presents a significant risk factor for both airline providers and Starlink. The ability of a cyber actor on a commercial flight to gain trusted access to onboard systems either through hardware manipulation or bypassing captive portals and security could theoretically provide the opportunity to pivot into a trusted user status (possibly one used for the maintenance of systems) (Wright 2023). This status could enable longer-term collection by internet users of the same airplane or pathways to conduct cyber operations in international or foreign airspace, which could lead to geopolitical escalations or legal complications. Lastly, pending on configurations between United and Starlink, if an elevated user or admin account is left improperly secured, it could provide opportunities to pivot and execute cyber operations across the Starlink architecture, ranging from Mari -infections to the execution of Starlink-specific CVEs (Tieby, Nasser, & Elias 2024).

Perez, Evan. “FBI: Hacker Claimed to Have Taken over Flight’s Engine Controls.” CNN, May 17, 2015. https://www.cnn.com/2015/05/17/us/fbi-hacker-flight-computer-systems/index.html.

Rainbow, Jason. “United Airlines Bumps GEO Operators off Fleet for Starlink Wi-Fi.” SpaceNews (blog), September 13, 2024. https://spacenews.com/united-airlines-bumps-geo-operators-off-fleet-for-starlink-wi-fi/.

Tieby, Nasser, Joseph Khoury, and Elias Bou-Harb. “Characterizing and Analyzing LEO Satellite Cyber Landscape: A Starlink Case Study.” In ICC 2024 – IEEE International Conference on Communications, 1352–57, 2024. https://doi.org/10.1109/ICC51166.2024.10623029.

Wright, Rob. “Bypassing Captive Portals Such as GoGo Inflight Air To Get Free Wi-Fi.” root&beer, October 15, 2023. https://www.rootandbeer.com/bypassing-captive-portals-such-as/.

*The source in BOLD is the primary reading for this post*