Update To: ‘It’s Only A Matter Of Time’ Before Cyber Terrorists HACK An Aircraft And Bring It Down — According To A New Study By The U.S. Department Of Homeland Security 

The comment below is from a major/experienced commercial airline pilot.  I am not a pilot and defer to his expertise — though the observation that “this could never happen,” often seems to surprise us in nasty ways we did not envision or anticipate.  With that said…….

“This could never happen….even if they hijacked the entertainment system, all we’d have to do it turn it off or pull the CB’s.

A pilot can always override the autopilot system and disconnect it one of several ways…take power off it and its just not capable any longer.

There have been several times i had to click off the auto pilot because it wasn’t doing what i either expected, or wanted it to do.

As of yet, we don’t allow artificial intelligence into the cockpit and hopefully never will 🙂 but I’m sure there are gamers out there and movie tykes concocting such notions.”

‘It’s Only A Matter Of Time’ Before Cyber Terrorists HACK An Aircraft And Bring It Down — According To A New Study By The U.S. Department Of Homeland Security 
     Numerous news outlets are citing documents obtained by the news cite – Motherboard – warning that “it is only a matter of time before cyber hackers breach the systems [network] of a commercial airliner and hijack the plane, potentially leading to a catastrophic disaster.”   The unnerving warning comes from a joint study by the  U.S. Department of Homeland Security (DHS), and researchers from the Pacific Northwest National Laboratory (PNNL), a research arm of the U.S. Department of Energy (DoE). 
     Joseph Cox, posted a June 6, 2018 article on the Motherboard website, writing that the warning above “was included in a recent presentation talking about efforts to uncover [digital] vulnerabilities in commercial aircraft.” and, whether these vulnerabilities are serious enough to cause a catastrophic event.  Mr. Cox adds that this latest research “builds on [previous] research in which a DHS research team was able to successfully, and remotely hack a Boeing 737.”         
     The 117 page report (see attachment/link provided above) contains “internal presentations and risk assessments,” warning that most commercial airliners in current use — have “little or no cyber security protections in place.”  Mr. Cox adds that “a separate 2017 document obtained by Motherboard concluded “early testing indicates that viable attack vectors exist that could impact [commercial] flight operations.”
     Mr. Cox notes that in 2016, DHS’s Science and Technology (S&T) Directorate established a multi-agency Working Group to understand the potential cyber terrorist threat to U.S. commercial aircraft. “That same year,” he adds, a “team of government, industry and academic officials demonstrated how to remotely hack a commercial aircraft in an non-laboratory setting.” The professional traded publication, Avionics, reported on this test last year. Robert Hickey, DHS S&T’s Aviation Program Manager told Motherboard that “the details of that hack are classified; but added, the team accessed the aircraft’s [avionics] systems through radio frequency communications (RF) and equipment that could be passed through airport security,” according to the original Avionics article.
     According to PNNL’s own presentation, dated January 10, 2018, the researchers “attempted to hack the aircraft [avionics] via the “WiFi Internet and information distribution system,”  Mr. Cox wrote, “one line in the presentation regarding the attempted hack stated: “Validated: Established actionable and unauthorized presence on one or more on-board systems.”  “However,” Mr. Cox added, “another line read “Disapproved (partial); unable to penetrate via selected access vector,” making exactly what PNNL achieved unclear.
     “In a 2015 application for a search warrant, and FBI agent wrote that security researcher Chris Roberts said in an interview that he had hacked the in-flight entertainment system of a [commercial] aircraft, overwrote code on the plane’s Thrust Management Computer — while on-board the flight; and, caused the plane to briefly change course,” Mr. Cox wrote. And, a 2015 U.S. Government Accountability Office (GAO) report concluded that “some Boeing and Airbus planes have WiFi networks for passengers that are connected to the avionics systems of those same aircraft.”     
     Any of us who fly commercially, owe a debt of gratitude to Chris Roberts, who has been pounding the table for the past three years about the potential for a terrorist to hack into a commercial airliner’s avionics system and deliberately crash the plane.  And, this is not a new story or revelation.  Marcel Rosenbach and Gerald Traufetter, writing on the Spiegel International Online, May 24, 2015, described how a then, 32 year-old Spanish, white hat cyber hacker had “purchased original parts from aviation suppliers on Ebay for just a few hundred dollars.  His goal, was to simulate the data exchange between current passenger-jet models, and air-traffic controllers on the ground — in order to search for possible backdoors.  His search was successful.  Very successful.”  “His central finding, which he continues to repeat to this day: “In modern airplanes, there are a whole series of backdoors, through which hackers can gain access to a variety of aircraft systems.”
     “The Spaniard’s name is Hugo Teso, and now he works for a data security firm based in Berlin,” Der Spiegel International Online noted at the time.  “For the past several years, he has been commissioned by various companies to try and break into their computers and networks.  But, because Teso is [also] a pilot; and, continues to hold a valid license, he has developed a reputation in the aviation industry as someone whose tech-security warnings should be taken seriously.”
     “Teso has demonstrated that you don’t even need a computer to hi-jack a plane remotely.  A smartphone, equipped with an app called — PlaneSploit — which Teso himself developed — could be enough.  In theory, cyber-terrorists could use such an app, or something similar, to take over a plane’s steering system; and, in a worst-case scenario, cause the plane to crash,” Mr. Rosenbach and mr. Traufetter wrote.
     My guess is that the major airlines are most certainly aware of this vulnerability; and, have likely been taking measures to mitigate and/or prevent this kind of horrific event.  But, how aware of this threat are the major foreign commercial airline companies?; and, are they also attempting to mitigate this threat?  How far along are they?  How big a problem is this?  This is one more reason it is important that we find the missing Malaysian commercial flight, MH370 which crashed somewhere in the Indian Ocean back in 2014. While the possibility and potential for this kind of terrible act has likely been substantially reduced since these original vulnerabilities were discovered some three/four years ago/or more — this threat has likely….not totally been eliminated.  As with anything that is connected to the Internet, one must always assume that your systems/networks can be breached/compromised.  Assuming otherwise…..invites disaster, and a potentially nasty strategic surprise.  As horror writer Stephen King once wrote:  “God punishes us for what we cannot imagine.”  RCP, fortunascorner.com

One comment

  1. I am really happy to say it’s an interesting post to read. I learn new information from your article; you are doing a great job. Keep it up.

Leave a Reply

Your email address will not be published. Required fields are marked *