Tim Harwood | 30 May 2018
Hacking a plane from the ground
Just when you thought the biggest cyber security threats were to computers, hard drives, the cloud and personal electronic devices, who would have thought that it was possible to hack into an aeroplane?
The US Department of Homeland Security have recently been working with a team of aerospace experts to carry out a hacking of a Boeing 757 on the ground in New Jersey. The team were able to remotely hack into the IT systems on-board, which use a computerised 'fly-by-wire' system for control. Fly-by-wire technology replaced the mechanical flights controls with electronic interfaces allowing the flight controls to be converted into electronic signals that are then interpreted by the flight control computer system. Hacking of the 'fly by wire' system could allow hackers to control on-board controls from the ground while a plane is in flight.
The hacking test showcased that there is a security inadequacy in many modern planes that rely on their IT systems in order to stay airborne. Luckily this test was conducted in a controlled experiment led by the Department of Homeland security, however, the pilots were unaware of the experiment being conducted.
How is it possible?
The team were able to take advantage of the plane's own wireless communications in order to infiltrate the internal network. A key concern is the fact that it only took the team two days to develop and execute a strategy for hacking the Boeing 757, however, the resources that they utilised are classified - for obvious reasons. The thing that is most alarming, is that aviation and IT security experts were aware of the security flaws that were discovered. The cost of amending the computer systems on board could affect security improvements overall and could cost $1 million to change simply one line of code on a single aircraft.
One thing to note is that the mass production of Boeing 757s did end in 2014, however, it is still used by many companies around the globe. 90% of commercial aircrafts use models of the 757, yet not always the 'fly-by-wire' technology. Modern and current Boeing models are thought to be more secure than the 757 and it's lacking of certain security measures.
Now, this blog post was not intended to put anyone off flying, or decide to try to hack one for themselves. This was to showcase the length and diversity of cyber security threats and how they can affect more than just personal computers or data stored by organisations, they can peak at hacks like this.
Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.