If you thought it was scary when security researchers remotely hijacked a Jeep as it was driven down the freeway, consider this – now airplanes are getting hacked.
The US Department of Homeland Security has revealed that a Boeing 757 airliner was successfully hacked as it sat on the runway at the airport in Atlantic City, New Jersey on September 19, 2016.
But don’t panic too much. The hack of the legacy commercial airliner was an exercise conducted by a team of security professionals.
“I didn’t have anybody touching the airplane, I didn’t have an insider threat,” explained Robert Hickey, aviation programme manager within the DHS’s Cyber Security Division. “I stood off using typical stuff that could get through security ,and we were able to establish a presence on the systems of the aircraft.”
Hickey, who revealed the hack during a speech at the CyberSat Summit in Tysons Corner in Virginia, says that details of the hack are being kept classified. However, he did say it involved accessing and gaining control of the plane’s systems through radio frequency communications.
According to Avionics, Hickey believes airlines would suffer financially if they were forced to update their code to protect against similar attacks:
The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement. For Southwest Airlines, whose fleet is based on Boeing’s 737, it would “bankrupt” them if a cyber vulnerability was specific to systems on board 737s, he said, adding that other airlines that fly 737s would also see their earnings hurt.
The good news is that, according to Hickey, newer aircraft models have taken more notice of information security issues during their design, but it is still the case that many many legacy commercial (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/boeing-757-hacked/