Hacking 90% of the Commercial Air Fleet

Short notice for the holiday travel season but 90% of the commercial air fleet can be hacked without insider or physical access.

Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says by Calvin Biesecker.

While the research is classified (making this a CTF type problem), Biesecker reports these broad hints:

“[Which] means I didn’t have anybody touching the airplane, I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft.” Hickey said the details of the hack and the work his team are doing are classified, but said they accessed the aircraft’s systems through radio frequency communications, adding that, based on the RF configuration of most aircraft, “you can come to grips pretty quickly where we went” on the aircraft.

The aircraft that DHS is using for its tests is a legacy Boeing 757 commercial plane purchased by the S&T branch. After his speech at the CyberSat Summit, Hickey told Avionics sister publication Defense Daily that the testing is with the aircraft on the ground at the airport in Atlantic City, New Jersey. The initial response from experts was, “’We’ve known that for years,’” and, “It’s not a big deal,” Hickey said.

But in March 2017, at a technical exchange meeting, he said seven airline pilot captains from American Airlines and Delta Air Lines in the room had no clue.

“All seven of them broke their jaw hitting the table when they said, ‘You guys have known about this for years and haven’t bothered to let us know because we depend on this stuff to be absolutely the bible,’” Hickey said.

Terminology for researching this issue can be found in Boeing 757 Operations Manual Volume 2, sections 5.40.1 and 5.50.1. Hardware for testing your hack can be found at one or more aircraft boneyards. Or you can always purchase new systems and advice.

No need to rush for fear of patching:

…Patching avionics subsystem on every aircraft when a vulnerability is discovered is cost prohibitive, Hickey said.

The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement. For Southwest Airlines, whose fleet is based on Boeing’s 737, it would “bankrupt” them if a cyber vulnerability was specific to systems on board 737s, he said, adding that other airlines that fly 737s would also see their earnings hurt. Hickey said newer models of 737s and other aircraft, like Boeing’s 787 and the Airbus Group A350, have been designed with security in mind, but that legacy aircraft, which make up more than 90% of the commercial planes in the sky, don’t have these protections.

Aircraft also represent different challenges for cybersecurity and traditional land-based networks, Hickey said. He said that whether it’s the U.S. Air Force or the commercial sector, there are no maintenance crews that can deal with ferreting out cyber threats aboard an aircraft.

No one checking for vulnerabilities and if discovered too expensive to fix?

Sounds like a hacker’s wet dream.

Have Orwell‘s pigs built their palaces out of straw?

PS: The meaning of “hack” when used by the DHS isn’t clear. It could mean bad temperature or location information, up to and including interference with flight control systems (highly unlikely). Interference with flight control systems is more likely to be a feature of the F-35.

Comments are closed.