This story doesn’t exactly sit well with me seeing as later this week I will hopping on a 787 Dreamliner to fly to India for a week. But I’ll put that aside for a moment. Apparently the folks at DHS wanted to find out what kind of threat a hacker could pose to an aircraft. Could they pwn it and cause havoc to the flying public? To find out, they purchased a 757 and went to town on it. Here’s what happened next:
A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a DHS official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia. “We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration. [Which] means I didn’t have anybody touching the airplane, I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft.” Hickey said the details of the hack and the work his team are doing are classified, but said they accessed the aircraft’s systems through radio frequency communications, adding that, based on the RF configuration of most aircraft, “you can come to grips pretty quickly where we went” on the aircraft. Patching avionics subsystem on every aircraft when a vulnerability is discovered is cost prohibitive, Hickey said. The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement. For Southwest Airlines, whose fleet is based on Boeing’s 737, it would “bankrupt” them. Hickey said newer models of 737s and other aircraft, like Boeing’s 787 and the Airbus Group A350, have been designed with security in mind, but that legacy aircraft, which make up more than 90% of the commercial planes in the sky, don’t have these protections.
So while I likely don’t have anything to worry about, a lot of people do quite clearly. Now that this is public, it will be interesting to see how airlines who run this older equipment along with companies like Airbus and Boeing deal with this. Because you can be sure that the bad guys will be looking at this too now that they know that this is possible.
Like this:
Like Loading...
Related
This entry was posted on November 15, 2017 at 11:31 am and is filed under Commentary with tags Homeland Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
DHS Buys A 757 To Figure Out How Pwnable Aircraft Can Be
This story doesn’t exactly sit well with me seeing as later this week I will hopping on a 787 Dreamliner to fly to India for a week. But I’ll put that aside for a moment. Apparently the folks at DHS wanted to find out what kind of threat a hacker could pose to an aircraft. Could they pwn it and cause havoc to the flying public? To find out, they purchased a 757 and went to town on it. Here’s what happened next:
A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a DHS official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia. “We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration. [Which] means I didn’t have anybody touching the airplane, I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft.” Hickey said the details of the hack and the work his team are doing are classified, but said they accessed the aircraft’s systems through radio frequency communications, adding that, based on the RF configuration of most aircraft, “you can come to grips pretty quickly where we went” on the aircraft. Patching avionics subsystem on every aircraft when a vulnerability is discovered is cost prohibitive, Hickey said. The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement. For Southwest Airlines, whose fleet is based on Boeing’s 737, it would “bankrupt” them. Hickey said newer models of 737s and other aircraft, like Boeing’s 787 and the Airbus Group A350, have been designed with security in mind, but that legacy aircraft, which make up more than 90% of the commercial planes in the sky, don’t have these protections.
So while I likely don’t have anything to worry about, a lot of people do quite clearly. Now that this is public, it will be interesting to see how airlines who run this older equipment along with companies like Airbus and Boeing deal with this. Because you can be sure that the bad guys will be looking at this too now that they know that this is possible.
Share this:
Like this:
Related
This entry was posted on November 15, 2017 at 11:31 am and is filed under Commentary with tags Homeland Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.