DHS Hacked Airliner Systems

  • E-Mail this Article
  • View Printable Article
  • Text size:

    • A
    • A
    • A

The Department of Homeland Security has reportedly told a cyber security conference it was able to hack the internal systems of a Boeing 757 sitting on the ramp at Atlantic City Airport with no help from anyone on board or anywhere near the aircraft. “We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative penetration,” DHS cyber security expert Robert Hickey is quoted as saying by Avionics Today.  “[Which] means I didn’t have anybody touching the airplane, I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft.” Hickey was speaking at the CyberSat Summit in Virginia Nov. 8.

How the hack was done is classified but Hickey suggested it gave the hackers comprehensive access to the aircraft’s systems. Hickey noted that newer aircraft like the Boeing 737 MAX and 787 and Airbus’s new A350 have more robust security but 90 percent of the fleet has the same vulnerabilities as that 757. Two years ago a security researcher claimed to have gained access to an airliner's flight systems through its entertainment system but those claims were never verified.

Comments (7)

Something here does not add up. I find it hard to believe the FAA would certifiy an airplane where operating flight controls could be accessed outside the aircraft cockpit. We are not talking Windows software here. And if this article is true what good does it do to keep it classified? Somebody has to correct the issue, if it is true. A big if!

Posted by: matthew wagner | November 14, 2017 7:42 PM    Report this comment

Complete and utter lie by a department founded on a complete and utter lie.

I've worked avionics on commercial and corporate aircraft for well over 25 years. You cannot "penetrate" an aircraft. That whole statement is so vague to start with.

Establish a presence??? What?

You're not going to somehow send signals through shielded 429 data bus wiring and some how command action from the FCC's to the flight controls. You're not miraculously going be able to control the engines, pressurization, fuel systems, electrical power, or anything else.

Just "how" did he get in? VHF's? HF's? Did he somehow "back-feed" the ACARS and make one way transmit lines suddenly be able to not only go backwards, but make reporting circuits become control circuits. Heck, maybe he did all that through the TCAS system. Maybe I missed some alternate radio receiving components throughout all those years of climbing all over these things. I Know..... he must of broken in via the Radio Alt.

Was the aircraft even powered up? Did it do some jumping jacks?

What a load of crap.

Posted by: Mark Francis | November 14, 2017 9:54 PM    Report this comment

You might think twice about that "load of crap: opinion. The guys doing the hack on this airplane probably possess knowledge unknown to you in your 25 years of climbing all over an aircraft.

According to the article, the team includes Massachusetts Institute of Technology, the Energy Department's Pacific Northwest National Laboratory, University of California San Diego, Sierra Nevada, SRI International and QED Secure Solutions. QED is led by Johnathan Butts, a former Air Force officer who has done cyber vulnerability assessments of Minuteman III intercontinental ballistic missiles and B-52 bombers. I think it's safe to say these guys aren't exactly amateurs.

Posted by: Roger Major | November 15, 2017 10:45 AM    Report this comment

They might not be amateurs, but the level of systems that would need to be compromised would be extremely difficult. This is an old aircraft. There's hundreds of single direction 429 data-buses between components.

Now...... if they got to the FMS's (which "do" interact with with most sub-systems) then maybe they could actually control things.

You still have items like hydraulic pumps that must be manually turned on. They're not going to be able to do that by remote.

Visit rotate.aero

Posted by: Mark Francis | November 15, 2017 2:10 PM    Report this comment

I completely agree with Mr. Francis on this. Military aircraft are totally different from civilian airliners or business airplanes. Not only does someone have to flip a switch to turn on hydraulics, this applies to electrical systems as well. FMS' don't turn themselves on by themselves. If any of this were true how come the FAA has not put out an AD on this so this situation can be resolved? There are all kinds of procedures that flight crews train on for malfunctioning navigational, autopilot, and flight controls.

Posted by: matthew wagner | November 15, 2017 5:07 PM    Report this comment

I think this is just a bit of sensationalist news. Switches cannot be activated. Handles are not powered. Etc etc. Let them demo this in public. Nope.

Posted by: Mauro Hernandez | November 16, 2017 7:47 AM    Report this comment

DHS owned the plane the hack was attempted on?...hmmmm

Posted by: declan cannon | November 16, 2017 3:38 PM    Report this comment

Add your comments

Log In

You must be logged in to comment

Forgot password?

Register

Enter your information below to begin your FREE registration