Boeing 757
November 14, 2017 by

US Homeland Security Team Remotely Hacked a Boeing 757

A Department of Homeland Security (DHS) official has admitted that he and a team of experts remotely hacked a Boeing 757 parked at a New Jersey airport.

Speaking at the 2017 CyberSat Summit in Tysons Corner in Virginia on Wednesday, DHS Cyber Security Division’s aviation program manager Robert Hickey confirmed that a team of academic, government and industry officials successfully hacked a commercial aircraft, in a non-laboratory setting last year.

“We got the airplane on September 19, 2016,” Hickey reportedly said, according to Avionics Today. “Two days later, I was successful in accomplishing a remote, non-cooperative, penetration.”

While details of the hack remain classified, Hickey confirmed that the hack took place by accessing the commercial aircraft’s “radio frequency communications.”

As far as a ‘remote, non-cooperative, penetration’ goes, Hickey explains:

[That] means I didn’t have anybody touching the airplane, I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft.

The DHS official went on to reveal that the aircraft used was a legacy Boeing 757 purchased by the DHS’ Science and Technology (S&T) branch, while the testing of the aircraft occurred on the ground at the airport in Atlantic City, New Jersey. “It’s not a big deal,” was the initial response that came from experts, according to Hickey. “We’ve known that for years,” they reportedly added, doing little to dissuade fears of the likelihood of a commercial aircraft hack.

For its part, Boeing has denied any vulnerabilities on their planes. Hickey claimed the very means to patch avionics subsystems on every aircraft across a fleet is cost-prohibitive, which means vulnerabilities remain unpatched even if they are discovered. Changing a single line of code on a piece of avionics equipment could cost $1 million with a further year to implement them. The likes of Southwest Airlines, whose fleet is comprised on Boeing 737 aircraft, could go bankrupt if a vulnerability is discovered specific to the model of planes, Hickey added.

While newer models of the aircraft and other commercial planes like the Boeing 787 and Airbus’ A350 are designed with security in mind, much of the skies are being occupied by legacy aircraft that still total 90% of the world’s commercial planes. These, remain vulnerable without newer protections.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

We Have “a Full Spectrum. Of Response Options” to Cyberattacks: DHS Secretary

The United States is not backing down in the escalating threat of cyberwarfare. Speaking at the RSA...

Read more arrow_forward

US Govt Warns Energy, Aviation Companies of Cybersecurity Threats

The US government has reportedly issued a rare public warning about targeted hacking campaigns...

Read more arrow_forward

Android, Linux Vulnerabilities Dominate the US-CERT Bulletin this Week

The most recent vulnerability summary bulletin by the Department of Homeland Security’s US-CERT...

Read more arrow_forward