In security test, experts find Boeing 757 systems can be hacked

20 Nov 2017

In unsettling news about one of America's most widely-used jetliners, experts working with US Homeland Security in a test hacked into a Boeing 757. The team of researchers needed only two days in September 2016 to remotely hack into a 757 parked at the airport in Atlantic City, New Jersey.

This proves that the increasing use of electronics and internet connectivity in transportation vehicles is a double-edged sword. While new technology gives drivers and pilots more information and makes communication easier, it also leaves vehicles more vulnerable to cyber attacks.

While the hack occurred in September 2016, it wasn't revealed until DHS official Robert Hickey gave his keynote address at an aerospace security summit on 8 November.

Speaking at the conference, Hickey said his team used "typical stuff that could get through security" and hacked into the aircraft systems using "radio frequency communications".

Though the exact details of how he and his team managed to hack into the plane are classified, Hickey indicated that no one on his team was in physical contact with the aircraft or used any materials that would be flagged by security.

Boeing insists that the hack was limited to the aircraft's communication system and did not reach any of the controls or software that could alter its flight path. "We witnessed the test and can say unequivocally that there was no hack of the airplane's flight control systems," the company told the Daily Beast.

Still, this is alarming news for the aviation industry. The DHS and Transportation Security Administration have been aggressive in trying to prevent passengers from boarding aircraft with items that could put other passengers at risk, but if it becomes possible to control a plane's communication and flight capabilities from the ground, their existing security infrastructure may need a significant update, according to Business Insider.

"The 757 hasn't been in production since 2004, but the aging workhorse is still flown by major airlines like United, Delta and American," said Mark Rosenker, the former chair of the National Transportation Safety Board.

President Trump's personal jet is a 757. So is the plane Vice President Pence often uses, including on his recent trip to Texas.

The classified DHS testing followed a 2015 incident where a passenger told the FBI he had gained control of a plane's engine by hacking into the airline's in-flight entertainment system.

That same year, the Government Accountability Office warned about "potential malicious actors" accessing an airliner's Wi-Fi network.

Homeland Security says the recent testing was in an "artificial environment and risk reduction measures were already in place".

Boeing observed the testing and was briefed on its results. In a statement, the company says, "We firmly believe that the test did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft".

According to CBS, an official briefed on the testing does not believe it revealed an "extreme vulnerability" to airliners, since it required a very specific approach in a very specific way on an older aircraft with an older system. The official adds it was good information to have, "but I'm not afraid to fly".