Boeing 757
November 14, 2017 by

US Homeland Security Team Remotely Hacked a Boeing 757

A Department of Homeland Security (DHS) official has admitted that he and a team of experts remotely hacked a Boeing 757 parked at a New Jersey airport.

Speaking at the 2017 CyberSat Summit in Tysons Corner in Virginia on Wednesday, DHS Cyber Security Division’s aviation program manager Robert Hickey confirmed that a team of academic, government and industry officials successfully hacked a commercial aircraft, in a non-laboratory setting last year.

“We got the airplane on September 19, 2016,” Hickey reportedly said, according to Avionics Today. “Two days later, I was successful in accomplishing a remote, non-cooperative, penetration.”

While details of the hack remain classified, Hickey confirmed that the hack took place by accessing the commercial aircraft’s “radio frequency communications.”

As far as a ‘remote, non-cooperative, penetration’ goes, Hickey explains:

[That] means I didn’t have anybody touching the airplane, I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft.

The DHS official went on to reveal that the aircraft used was a legacy Boeing 757 purchased by the DHS’ Science and Technology (S&T) branch, while the testing of the aircraft occurred on the ground at the airport in Atlantic City, New Jersey. “It’s not a big deal,” was the initial response that came from experts, according to Hickey. “We’ve known that for years,” they reportedly added, doing little to dissuade fears of the likelihood of a commercial aircraft hack.

For its part, Boeing has denied any vulnerabilities on their planes. Hickey claimed the very means to patch avionics subsystems on every aircraft across a fleet is cost-prohibitive, which means vulnerabilities remain unpatched even if they are discovered. Changing a single line of code on a piece of avionics equipment could cost $1 million with a further year to implement them. The likes of Southwest Airlines, whose fleet is comprised on Boeing 737 aircraft, could go bankrupt if a vulnerability is discovered specific to the model of planes, Hickey added.

While newer models of the aircraft and other commercial planes like the Boeing 787 and Airbus’ A350 are designed with security in mind, much of the skies are being occupied by legacy aircraft that still total 90% of the world’s commercial planes. These, remain vulnerable without newer protections.

Image credit: Pexels.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

US Govt Warns Energy, Aviation Companies of Cybersecurity Threats

The US government has reportedly issued a rare public warning about targeted hacking campaigns...

Read more arrow_forward

Android, Linux Vulnerabilities Dominate the US-CERT Bulletin this Week

The most recent vulnerability summary bulletin by the Department of Homeland Security’s US-CERT...

Read more arrow_forward

Homeland Security Issues Threat Alert for WannaCry Ransomware

The first global ransomware campaign that disrupted several organizations including hospitals across...

Read more arrow_forward