Even airplanes are vulnerable to hacking. And a Boeing 757 parked at the Atlantic City airport, New Jersey was remotely hacked by a group of hackers at the Department of Homeland Security on Sept. 19, 2016.
During a speech at the 2017 CyberSat Summit in Tysons Corner, Virginia held last week, Robert Hickey, the aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate revealed this alarming news about the hack.
He said “We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration. [Which] means I didn’t have anybody touching the airplane, I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft.”
Although the technical details of the hack are classified, Hickey revealed that the hack was accomplished using the aircraft’s radio frequency communications. He also mentioned that their tests were carried out on a legacy Boeing 757 commercial plane purchased by the S&T branch which was on the ground at the airport in Atlantic City, New Jersey and it wasn’t in the sky.
Hickey said that the initial reaction from the experts of his team was “We’ve known that for years,” and, “It’s not a big deal”.
However, the technical pilot captains from American Airlines and Delta Air Lines had no clue about the vulnerabilities in the airplane. And when they were informed about the situation in March 2017 their reaction was “You guys have known about this for years and haven’t bothered to let us know because we depend on this stuff to be absolutely the bible”.
He also added that 90% of the commercial planes in the sky do not have protections and only the new models of 737s newer models of 737s and other aircrafts like Boeing’s 787 and the Airbus Group A350, have been designed with security in mind.
When Boeing was informed about the hack by the security researchers, the response was “We firmly believe that the test did not identify any cyber vulnerabilities in the 757 or any other Boeing aircraft.”
Well, this isn’t the first test to hack an airplane, two years ago a security researcher, Chris Roberts claimed that he gained access to an aircraft through the in-flight entertainment system. However, there is no evidence of his claims of the hack.