If you thought it was scary when security researchers remotely hijacked a Jeep as it was driven down the freeway, consider this – now airplanes are getting hacked.
The US Department of Homeland Security has revealed that a Boeing 757 airliner was successfully hacked as it sat on the runway at the airport in Atlantic City, New Jersey on September 19, 2016.
But don’t panic too much. The hack of the legacy commercial airliner was an exercise conducted by a team of security professionals.
“I didn’t have anybody touching the airplane, I didn’t have an insider threat,” explained Robert Hickey, aviation programme manager within the DHS’s Cyber Security Division. “I stood off using typical stuff that could get through security ,and we were able to establish a presence on the systems of the aircraft.”
Hickey, who revealed the hack during a speech at the CyberSat Summit in Tysons Corner in Virginia, says that details of the hack are being kept classified. However, he did say it involved accessing and gaining control of the plane’s systems through radio frequency communications.
According to Avionics, Hickey believes airlines would suffer financially if they were forced to update their code to protect against similar attacks:
The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement. For Southwest Airlines, whose fleet is based on Boeing’s 737, it would “bankrupt” them if a cyber vulnerability was specific to systems on board 737s, he said, adding that other airlines that fly 737s would also see their earnings hurt.
The good news is that, according to Hickey, newer aircraft models have taken more notice of information security issues during their design, but it is still the case that many many legacy commercial aircraft in regular use have not been built with such threats in mind.
CBS News reported that Boeing, which had observed the hacking experiment and was briefed on the results, downplayed the risks:
“We firmly believe that the test did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft.”
The DHS’s investigation appears to have been inspired, in part at least, by controversial claims of plane-hacking made in 2015 by security researcher Chris Robert.