When a ransomware attack recently crippled check-in systems across major European airports, thousands of passengers were stranded in chaos. Just months earlier, the Scattered Spider group launched back-to-back breaches on airline networks using sophisticated social engineering and multi-factor authentication bypass techniques. These incidents were disruptive enough on the ground. Imagine if the next one doesn’t stop at the terminal and reaches the cockpit mid-flight.
That scenario isn’t far-fetched, writes Hexnode’s CEO, Apu Pavithran.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
Aviation is under relentless pressure from cyber adversaries, and the industry’s digital transformation has opened new attack surfaces. Among the most overlooked? Electronic Flight Bags (EFBs)–devices that began as a simple fix to replace bulky paper manuals but have quietly evolved into indispensable operational systems. Today, pilots rely on them to plan, calculate, and adapt in real time. Yet, for all their criticality, EFBs still operate in a security gray area.
The overlooked risk of EFBs
Installed EFBs are physically integrated into the aircraft’s avionics stack and protected by the flight deck’s built-in security layers. They rarely leave the aircraft. Portable EFBs are a different story altogether. These are off-the-shelf tablet devices that travel with the crew, moving from cockpits to hotel rooms to airport lounges, all without the cockpit-grade protections.
iPads dominate the portable EFB space, making up around 80% of setups, largely due to Apple’s walled-garden ecosystem. Still, Android and Windows tablets are still widely used where flexibility and budget are higher priorities. Regardless of the platform, none of these devices are inherently secure. Without stringent policies, access controls, and network restrictions, they’re wide open to compromise.
Despite handling critical tasks like weight, balance, performance data, and corporate access that directly affect flight safety, portable EFBs often receive far less security scrutiny than onboard systems. This is especially true among carriers operating with limited IT resources.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataOut of the cockpit, into the wild
The moment a portable EFB leaves the cockpit, it exits its safety bubble. From hotel Wi-Fi to public hotspots, these devices wander through unsecured digital territory. It takes only small tweaks like tampered runway length or weight inputs to affect take-off decisions. In high-stress conditions like bad weather or heavy workloads, small errors can snowball into serious risks.
We saw this play out with the FlySmart+ Manager EFB app, which lacked encrypted communication and certificate validation. This vulnerability allowed attackers on the same public network, say a hotel Wi-Fi, to intercept or modify SQLite database files containing critical flight data.
The Federal Aviation Administration (FAA) and The European Aviation Safety Agency (EASA) have issued guidelines, but they’re high-level frameworks. Translating them into hardened, day-to-day security still falls on airline IT teams and pilots.
Security that flies in sync with pilots
Securing portable EFBs isn’t a solo mission. OEMs play a role in building secure-by-design devices. Regulators set the foundation. But it’s ultimately on the airlines to tailor those guidelines to fit their unique operations and realities.
That begins with staying on top of updates. These devices can’t sit around waiting for the next routine update cycle. Airlines need reliable ways to deploy security patches quickly and confidently across their fleets. Centralized tools like mobile device management platforms can help, especially those with automated patching that can quietly push updates in the background without disrupting pilot workflows.
Operators also need to know what’s happening on every device. That means visibility into where the tablet is, what apps are running, and whether it’s compliant. That level of oversight helps enforce basic data hygiene like making sure only approved apps are installed, updates are current, and network access is limited to only trusted connections. And if a device goes missing or is left behind, there should be a way to lock or wipe it remotely without delay.
All that groundwork means little if it gets tangled in complexity. Pilots already have enough on their plates and can’t afford to fumble with multiple passwords. Streamlined systems like single sign-on offer frictionless access while keeping credentials airtight.
In the end, the goal isn’t to lock everything down, but to design security that’s practical and flexible enough to fit real-world operations. Admins need to strike the right balance, as too many restrictions can interfere with pilots’ workflows, and too few can invite risks. Finding that sweet spot where security stays invisible but effective is where real resilience begins.
