Hacking a plane from the ground
Just when you thought the biggest cyber security threats were to computers, hard drives, the cloud and personal electronic devices, who would have thought that it was possible to hack into an aeroplane?
The US Department of Homeland Security have recently been working with a team of aerospace experts to carry out a hacking of a Boeing 757 on the ground in New Jersey. The team were able to remotely hack into the IT systems on-board, which use a computerised 'fly-by-wire' system for control. Fly-by-wire technology replaced the mechanical flights controls with electronic interfaces allowing the flight controls to be converted into electronic signals that are then interpreted by the flight control computer system. Hacking of the 'fly by wire' system could allow hackers to control on-board controls from the ground while a plane is in flight.
The hacking test showcased that there is a security inadequacy in many modern planes that rely on their IT systems in order to stay airborne. Luckily this test was conducted in a controlled experiment led by the Department of Homeland security, however, the pilots were unaware of the experiment being conducted.
How is it possible?
The team were able to take advantage of the plane's own wireless communications in order to infiltrate the internal network. A key concern is the fact that it only took the team two days to develop and execute a strategy for hacking the Boeing 757, however, the resources that they utilised are classified - for obvious reasons. The thing that is most alarming, is that aviation and IT security experts were aware of the security flaws that were discovered. The cost of amending the computer systems on board could affect security improvements overall and could cost $1 million to change simply one line of code on a single aircraft.
One thing to note is that the mass production of Boeing 757s did end in 2014, however, it is still used by many companies around the globe. 90% of commercial aircrafts use models of the 757, yet not always the 'fly-by-wire' technology. Modern and current Boeing models are thought to be more secure than the 757 and it's lacking of certain security measures.
Now, this blog post was not intended to put anyone off flying, or decide to try to hack one for themselves. This was to showcase the length and diversity of cyber security threats and how they can affect more than just personal computers or data stored by organisations, they can peak at hacks like this.
Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.
Tim Harwood is a veteran of the security world and has been providing information security guidance and expertise to Corporate clients, the UK Government and the UK military for over 30 years. As Director of Siker (Part of Harwood Security and Training Consultancy), he provides direction for the company which he founded in 2013. Tim’s professional background includes security capability strategy planning and development, information security capability framework design and implementation and security awareness strategy design and implementation. He has developed a security professional development framework for a global top ten oil and gas company, delivered training as a member of the SANS faculty and, as a thought leader, regularly presents at summits and conferences. In 2013, he participated as a Subject Matter Expert for the design of new certifications and training courses e.g. the GICSP certification.