A Department of Homeland Security (DHS) official has admitted that he and a team of experts remotely hacked a Boeing 757 parked at a New Jersey airport.
Speaking at the 2017 CyberSat Summit in Tysons Corner in Virginia on Wednesday, DHS Cyber Security Division’s aviation program manager Robert Hickey confirmed that a team of academic, government and industry officials successfully hacked a commercial aircraft, in a non-laboratory setting last year.
“We got the airplane on September 19, 2016,” Hickey reportedly said, according to Avionics Today. “Two days later, I was successful in accomplishing a remote, non-cooperative, penetration.”
While details of the hack remain classified, Hickey confirmed that the hack took place by accessing the commercial aircraft’s “radio frequency communications.”
As far as a ‘remote, non-cooperative, penetration’ goes, Hickey explains:
[That] means I didn’t have anybody touching the airplane, I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft.
The DHS official went on to reveal that the aircraft used was a legacy Boeing 757 purchased by the DHS’ Science and Technology (S&T) branch, while the testing of the aircraft occurred on the ground at the airport in Atlantic City, New Jersey. “It’s not a big deal,” was the initial response that came from experts, according to Hickey. “We’ve known that for years,” they reportedly added, doing little to dissuade fears of the likelihood of a commercial aircraft hack.
For its part, Boeing has denied any vulnerabilities on their planes. Hickey claimed the very means to patch avionics subsystems on every aircraft across a fleet is cost-prohibitive, which means vulnerabilities remain unpatched even if they are discovered. Changing a single line of code on a piece of avionics equipment could cost $1 million with a further year to implement them. The likes of Southwest Airlines, whose fleet is comprised on Boeing 737 aircraft, could go bankrupt if a vulnerability is discovered specific to the model of planes, Hickey added.
While newer models of the aircraft and other commercial planes like the Boeing 787 and Airbus’ A350 are designed with security in mind, much of the skies are being occupied by legacy aircraft that still total 90% of the world’s commercial planes. These, remain vulnerable without newer protections.
Image credit: Pexels.