Boeing 757 Hacked By DHS In Cybersecurity Test

A group of security researchers from private industry, universities, and the Department of Homeland Security (DHS), were able to successfully hack a Boeing 757 remotely in a non-laboratory setting. The test was done last year but was only recently made public at the 2017 CyberSat Summit in Virginia.

Radio Frequency Hack

Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate, said that the researchers were able to access the aircraft’s systems through radio frequency communications:

“We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,” said Hickey at the CyberSat Summit.“[Which] means I didn’t have anybody touching the airplane, I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft,” he added.

Perhaps the scariest part about this hack was that it took the researchers only two days to come up with it. The DHS seems to have become interested in the attack when a hacker claimed to have been able to take over a plane’s engine controls while in flight, back in 2015. In the same year, the Government Accountability Office warned about "potential malicious actors" accessing an airliner's Wi-Fi network.

Additional Details

The DHS told Tom’s Hardware that Hickey’s comments “lacked some important context.” According to the DHS, even though the test was not done in a laboratory setting, it was done in an artificial testing environment that had “risk reduction measures” in place. In translation, that means it wasn’t tested under a real-world scenario.

However, this doesn’t necessarily mean that this particular hack couldn’t happen in a real-world scenario, just that the hack hasn’t yet been tested in one yet..

When we contacted Boeing, the company outright denied that its 757 suffers from any cybersecurity vulnerability:

The Boeing Company has worked closely for many years with DHS, the FAA, other government agencies, our suppliers and customers to ensure the cybersecurity of our aircraft and will continue to do so.Boeing observed the test referenced in the Aviation Today article, and we were briefed on the results. We firmly believe that the test did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft.Boeing is confident in the cyber-security measures of its airplanes. Multiple layers of protection, including software, hardware, network architecture features, and governance are designed to ensure the security of all critical flight systems from intrusion.Boeing’s cyber-security measures have been subjected to rigorous testing, including through the FAA’s certification process, and our airplanes meet or exceed all applicable regulatory standards.

Thus, Boeing denies there is any vulnerability in its planes, and the details of the test remain classified. Until they are made public, we can’t know for sure how likely the tested hack is to happen in a real-world scenario, too.

High Cost To Fix Airplane Bugs

Hickey noted at the CyberSat Summit that it’s almost prohibitively expensive for airline companies to patch their plane’s systems. According to him, changing one line of code across their planes costs $1 million and takes a year to implement.

The good news is that the Boeing 757 plane has not been in production since 2004. The bad news is that legacy aircraft from both Boeing and Airbus, which includes the Boeing 757, make up more than 90% of the commercial planes that are still in use today.

It’s only newer planes such as the Boeing 787 and Airbus A350 that have been designed with security in mind. However, the Boeing 787 may have issues of its own, as two Cambridge experts discovered a “back door” in the plane's chip five years ago. They warned that this could allow attackers to take over the planes.

As a general rule of thumb in security, the more connected a device is, the more likely it is that it will be hacked. Connecting something to the internet gives attackers from all over the world the opportunity to access the systems when they wouldn’t normally be able to do it without that connection.

It’s probably now time for airplane companies to start taking software security more seriously, especially because it costs so much to fix a mistake after the planes are already out there and in use. Additionally, not all future research will be hidden behind security classification, so sooner or later they will have to tackle their security issues in public, too.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • Alex Atkin UK
    Why is the WiFi connected in any way shape or form to the on-board computers anyway? Surely they should be completely independent systems?
  • g-unit1111
    Can it be hacked? Is it hooked to Wifi? If so yes.
  • COLGeek
    Re-look at the article. This does not appear to be a wi-fi hack, rather it seems to be via a different RF source (planes had lots of radios).
  • JonDol
    Yeah, they denied there are any security problems but so was Netgear about some routers/switches and so was Canon until someone has shown Doom running on the printer's screen.
  • quallen
    actually its already been noted the Wi-Fi is indirectly connected to the same network as the avionics so it can access the planes antennas
  • fmichaelmiller
    ...changing one line of code across their planes costs $1 million and takes a year to implement...

    So does changing 2 lines of code, or 2,000, or 20,000
  • g-unit1111
    20375720 said:
    Re-look at the article. This does not appear to be a wi-fi hack, rather it seems to be via a different RF source (planes had lots of radios).

    Oh mine was meant to be a joke comment.
  • mrmez
    20375542 said:
    Can it be hacked? Is it hooked to Wifi? If so yes.

    Even if it is wifi, what is "IT"?

    My car has wifi, but it's not self driving etc. So technically you can hack my car.
    That sounds extremely dangerous until you find the most you can do is play some audio/video.

    The article doesn't say what they can actually control or interfere with once hacked.
  • cytreck
    Hacking an aircraft single RF system is easy. You just need the appropriate test equipment.
    What those scientist did most likely is to synchronize all the different external navigation RF test equipment into a coherent entity and prove they can inject a different navigation signal and fool the aircraft to go where they wanted to.

    For this to happen in real life situation with a flying aircraft is something else
    All vital systems in any human carrying vehicle (land, sea, and air) should be 100% independent and have absolutely no external connections, such that all interaction must be done with a physical connection and at one single point inside (and under a lock if possible with a real key). This will prevent any external interference through wireless connections. I never believe or trusted any "over the air" updates!

    I am tired and frustrated after reading so many "hacking" events since I was a Systems Engineer and a founder of a local ISP, having all the security as my responsibility, too. I changed the password every week, using over 30 character strings and done at the physical site. No one could break it after twenty two years!