DHS hacks 757 from gate

av8tr1

av8tr1

"Never tell me the odds!"
Interesting development. I missed out on Def Con 2017 but I heard this was a big topic on the floor this year. Apparently there were a number of groups trying to do this and no one as of yet was successful remotely until now. Time to put some firewalls on aircraft and this is probably going to give further support to that laptop ban we were concerned about earlier this year.

I'd like to know what subsystems they were able to get control of. You could do a lot of damage remotely.

https://www.avweb.com/avwebflash/news/DHS-Hacked-Airliner-Systems-229909-1.html

The Department of Homeland Security has reportedly told a cyber security conference it was able to hack the internal systems of a Boeing 757 sitting on the ramp at Atlantic City Airport with no help from anyone on board or anywhere near the aircraft. “We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative penetration,” DHS cyber security expert Robert Hickey is quoted as saying by Avionics Today. “[Which] means I didn’t have anybody touching the airplane, I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft.” Hickey was speaking at the CyberSat Summit in Virginia Nov. 8.
 
I thought all the systems were air-gapped and it wouldn't matter. Wonder what he really hacked into.
 
There can't be an air gap between the wifi and the plane's essential systems, unless someone in the cockpit is flipping a switch at 10k feet to turn on/off the GoGo?
 
gotWXdagain said:
There can't be an air gap between the wifi and the plane's essential systems, unless someone in the cockpit is flipping a switch at 10k feet to turn on/off the GoGo?
Click to expand...
I'd imagine a relay between whatever system is giving altitude info and the GoGo could seperate those systems.
 
gotWXdagain said:
There can't be an air gap between the wifi and the plane's essential systems, unless someone in the cockpit is flipping a switch at 10k feet to turn on/off the GoGo?
Click to expand...

Well, considering the three airplanes I’ve flown with GoGo WiFi on them, (MD88, 737, 757/767,) have NO essential systems that link to the WiFi, I’d be curious as to what was actually accomplished.
 
The guy from a while back claims to have issued a command to one of the engines to "climb" which I assume really means increase thrust. Which would put the aircraft out of trim or worse. But I would imagine (hope) that would be a significant in air event leading to an land as soon as practicable situation. But I don't fly anything with auto throttles.

Anyone want to chime in on what you would do if an engine suddenly spooled up on its own?
 
av8tr1 said:
The guy from a while back claims to have issued a command to one of the engines to "climb" which I assume really means increase thrust. Which would put the aircraft out of trim or worse. But I would imagine (hope) that would be a significant in air event leading to an land as soon as practicable situation. But I don't fly anything with auto throttles.

Anyone want to chime in on what you would do if an engine suddenly spooled up on its own?
Click to expand...

Uncommanded engine acceleration usually has an abnormal or emergency checklist associated with it. But I'd say there's somewhere between nil and zero chance that this guy actually accomplished that.
 
knot4u said:
I'd imagine a relay between whatever system is giving altitude info and the GoGo could seperate those systems.
Click to expand...

If it was a simple relay, it’d be super easy to separate the systems, however if the wifi router is run to the airplane’s computer box from a network cable and is activated via a set of computer scripts, a hacker could do alot of damage. I guess it depends on how software-dependent the airplane’s essential systems are.
 
I’m no computer/tech guru. I’m having a really hard time understanding how someone can “hack” a plane via WiFi? None of the systems are tied to the WiFi. I find it inconceivable that someone commanded the plane to climb. HOW?!? You can’t hack an fms from WiFi. The autopilot/throttle isn’t tied to WiFi. You might, somehow, be able to send screwie acars messages but the ACARS doesn’t control the plane.

I’m lost.
 
ATN_Pilot said:
What's an "airplane's computer box?"
Click to expand...

C'mon! That box where I punch buttons and make a magenta line appear. How else do you fly the plane?


fSV89.gif
 
gotWXdagain said:
If it was a simple relay, it’d be super easy to separate the systems, however if the wifi router is run to the airplane’s computer box from a network cable and is activated via a set of computer scripts, a hacker could do alot of damage. I guess it depends on how software-dependent the airplane’s essential systems are.
Click to expand...
Yes, a simple relay. I think GoGo is ground based so it shouldn't need any position info. The new really high end business jets are already capable of informing a crew that's at the hotel that a door, a cowl, or a service panel has been opened with a phone call followed by a text. Depending on what plan you want to subscribe to they can alert mechanics and a manufacturers analyst of any faults and parts will be ordered before the plane lands. Data uploads to the engine manufacturer are automatically sent via a cell signal upon landing. Soon the database updates will be done by wifi. It's almost a full time job just keeping up with all the subscriptions, passwords and other issues all of this connectivity brings with it.
 
You must log in or register to reply here.
Back
Top