A group of researchers and private industry experts, along with DHS officials, remotely hacked a Boeing 757 airplane owned by the DHS that was parked at the airport in Atlantic City, New Jersey.
The team didn’t have physical access to the plan, the experts interacted with systems on the aircraft remotely via “radio frequency communications.”
The successful experiment took place in September 2016, pilots were not informed of the ongoing cyber attacks. In just two days, the reached their goal, but the details of the hack were not disclosed and will remain classified.
The experiment and its results were disclosed last week during the 2017 CyberSat Summit in Virginia. The test was revealed by Robert Hickey, aviation program manager with the Cyber Security Division of the DHS Science and Technology (S&T) Directorate.
Many aviation experts declared to be aware of the flaw exploited by Hickey and his team, but seven experienced pilots at American Airlines and Delta Air Lines airline companies had no knowledge of the issue when they were briefed in a March 2017 issue.
“All seven of them broke their jaw hitting the table when they said, ‘You guys have known about this for years and haven’t bothered to let us know because we depend on this stuff to be absolutely the bible,'” explained Hickey.
Even is the Boeing 757 in no more in production since 2004, but it’s still largely used by many companies, also President Donald Trump’s personal airplane is a Boeing 757.
Legacy aircraft, which make up more than 90% of the commercial planes actually in use, don’t have security protections differently by newer planes that are built with a security by design approach.
Patch management is a big problem in the avionics industry, the cost to change just one line of code on a piece of avionics equipment could reach $1 million, and it takes a year to implement.
For this reason, security updates are not so frequent.
Hacking airplane is not a novelty, in 2015, the FBI arrested the expert Chris Roberts who claimed to have hacked a commercial airplane while in flight accessing the plane’s systems by triggering a WiFi flaw in the in-flight entertainment system.
Modern aircraft are very sophisticated systems, but the massive introduction of technology could have the side effect to unload their surface of attack is the risk of airplane hacking is underestimated.
(Security Affairs – airplane hacking, Boing 757)