US Government Probes Airplane Vulnerabilities

[DooKey]

The DHS and other government agencies are investigating the cybersecurity strength of the airline industry and commercial aircraft. As a matter of fact a DHS team was able to successfully remotely hack a Boeing 737. Further, the government has determined that aircraft have little to no cybersecurity protections in place and it's just a matter of time until a security breach occurs. Needless to say this could result in a catastrophic event. At this point in time nothing has occurred, but it's scary to think that one day we might see one of more aircraft taken over remotely and then we have 9/11 all over again.

The documents obtained by Motherboard suggest the DHS-backed team may have already conducted another test against an aircraft. Listed in a 2016 DHS presentation are several planned tests, including “external RF,” seemingly referring to the previously reported test. The document then mentions another test, this time focused on Wi-Fi and in-flight entertainment systems, and designated to the PNNL researchers.

 

[Rahh]

Their just now getting around to this?

Color me shocked....

 

[BitMaster]

who is surprised @ [H] ? I guess no one, not a single person.

 

[Galvin]

So planes are connected to the internet? Does anyone find this really dumb. Just as dumb as the electric grid on the internet.

 

[Spidey329]

So planes are connected to the internet? Does anyone find this really dumb. Just as dumb as the electric grid on the internet.

Well, they're connected via inflight WiFi. The surprising part is that entertainment and in-flight WiFi systems maybe connected to anything flight related, that's ridiculous. They should be air gapped for obvious reasons.

 

[Uvaman2]

Didn't they arrest the guy that said this was an issue and posted some messages as he supposedly hacked the plane during a flight?

 

[Advil]

This is a rehash of a couple of stories from over a year ago. As we can see, everything was ignored and nothing was done and now we get to start the cycle all over again like it didn't happen a couple of times before.

Aircraft systems that can have any affect on flight or navigation should be isolated from the outside world. Period. End of story. But if we go there we will have to admit the same thing about cars which will gore many oxen.

 

[Groo21]

Maybe we should keep this one on the down-low until we fix the holes....

 

[PaulP]

The articles are pretty light on detail, but so far I haven't seen any credible claims that flight control systems were breached. I'm glad they are testing and probing to find the weak points, and I don't have a problem reporting on this effort, but it is irresponsible to report that an "airplane" has been "hacked" since most people will assume the worst, not knowing that the entertainment system and flight control systems are separate.

 

[LigTasm]

Well, they're connected via inflight WiFi. The surprising part is that entertainment and in-flight WiFi systems maybe connected to anything flight related, that's ridiculous. They should be air gapped for obvious reasons.

They're not in any aircraft I ever worked on, and thats a whole lot of them. There was usually a single discrete output from the nav system to the entertainment for speed/heading/alt information but it was a one way only.

Any access to the computer systems required a laptop that had its MAC address specifically locked to the aircraft and a hard line coax connection that you need access to behind a locked panel. Flight systems are basically similar to ASICs, highly specialized racks of computers that don't run any OS you would recognize. Also painfully slow for anything besides the one task it was designed to do. Updating nav charts with a simple CDROM takes hours.

Hell, I can still get gogo inflight wifi for free if I wanted to because nobody ever changes the login info from default on the router, I guess that counts as "hacking" the plane.

 

[EODetroit]

The obvious solution is to get rid of wifi in the cockpits and airgap it from the rest of the plane.

 

[katanaD]

reading it on a different link.. someone did some looking into the "story"

seems they were able to hack into the in flight entertainment system.. and NOTHING else