Wednesday, November 15, 2017

Hack the friendly skys

Well, this isn't good news:
At least some commercial aircraft are vulnerable to wireless hacking, a US Department of Homeland Security official has admitted. 
A plane was compromised as it sat on the tarmac at a New Jersey airport by a team of boffins from the worlds of government, industry and academia, we're told. During the hack – the details of which are classified – experts accessed systems on the Boeing 757 via radio-frequency communications. 
“We got the airplane on September 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,” said Robert Hickey, aviation program manager within the cyber-security division of the DHS's science and technology directorate, while speaking at the CyberSat Summit in Virginia earlier this month.
It seems that security guys have known about this problem for a while but this info hasn't gotten out to pilots until now.


Anonymous said...

What is not mentioned in the linked article (or the one that it references) is what they were able to access/effect once they penetrated the network. From my perspective that is THE key piece of information.

To present a tortured metaphor, if the aircraft's network is my house, are they simply claiming they can see inside by peeking in the windows because I didn't close the curtains, or are they saying they can open the unlocked window, climb in, and make themselves a sandwich in my kitchen?

The fact that updating these safety critical systems is both very expensive and time-consuming is a very important one to point out, and it will certainly impact the cost vs risk assessment involved in addressing any vulnerabilities after the fact.

Unknown said...

As Old Windways noted, the most important piece of information is what they got to see and do once they “accessed” the network. On a 757 I suspect it wasn’t very much. It used an ARINC 429 bus which would have limited what they could do, without physical access, as grounding pins are part of the box identification.

Old NFO said...

75's aren't the issue, per se... Now if that had been an Airbus, which is also VERY vulnerable, they could have rolled it over and had their way with it... And NOT in a good way...