A team of government, industry and academic officials has demonstrated remote hacking of a commercial aircraft, a US Department of Homeland Security (DHS) official has revealed.
Robert Hickey, aviation program manager in the department’s cyber security division, told the 2017 CyberSat Summit near Washington DC the team had broken into the aircraft’s systems within two days of acquiring it.
‘We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,’ he said.
Technical details of the hack were not given, but it involved a Boeing 757 acquired by the DHS cyber security division and parked at an airport in Atlantic City, New Jersey.
‘I didn’t have anybody touching the airplane; I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft,’ Hickey said.
Hickey said newer aircraft, such as the Boeing 787 and Airbus A350 had been designed with security in mind, but older aircraft, which make up the majority of the airline fleet, had no such protections.
Boeing observed the test and was briefed on its results. The company said, ‘We firmly believe that the test did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft.’
Flight Safety Australia covers hacking in aviation in the lead story of its November–December edition.