Could Terrorists Hack an Airplane? The Government Just Did.
Bad guys can attack them with off-the-shelf devices that may seem harmless but are, in fact, lethal weapons of an entirely new kind.
- This leads to what is potentially the gravest potential threat posed by hacking—in effect, opening the possibility of remotely hijacking the controls from the pilots.
Hacking experts having been warning for years that it's too easy to breach a cockpit's defenses. Now an alarming government test proves their point.
CLIVE IRVING JOSEPH COX 11.17.17 5:00 AM ET
Could terrorists hijack an airliner remotely by hacking into its cockpit controls, putting its fate in their hands?
This question is being asked because of the revelation that a team of cyber experts at the Department of Homeland Security successfully hacked into the avionics of a commercial airplane parked at an airport as part of a test.
The problem is that nobody with knowledge of aviation cyber security is sure of how vulnerable airplanes are to such an attack—and some believe that the DHS test has simply added to the confusion and created needless alarm.
A Boeing spokesman told The Daily Beast: "We witnessed the test and can say unequivocally that there was no hack of the airplane's flight control systems."
Information about the extent of the test is restricted and there is a strong feeling among hacking experts that the full extent of the threat will remain underestimated—as they claim it has been for years.
The issue ignited after Robert Hickey, from the Cyber Security Division of the DHS, told a meeting of cyber experts in Virginia that his team had "accomplished a remote, non-cooperative penetration" of a Boeing 757, owned by the department, while it was parked at Atlantic City airport.
Although the 757 is basically a 1970s design, hundreds of them are still flown by American carriers—and nine are operated by the U.S. Air Force for use by diplomats and officials including one used by the secretary of State—as well as Donald Trump's personal jet that he used prominently during the presidential campaign.
Hickey said that his team's work is classified but he revealed enough at the CyberSat Summit in Tysons Corner, Virginia, to make it clear that hacking the airplane had been swift and relatively simple and involved "typical stuff that could get through security."
"The aviation industry, including manufacturers and airlines, has invested heavily in cybersecurity and built robust testing and maintenance procedures to manage risk."
This is not the picture given by Hickey. He said that neither the airlines nor the Air Force had maintenance crews capable of detecting cyber threats to an airplane.
More on this soon on Fliegerfaust. Remember to stay in the know with our Fliegerfaust Free Newsletter.