Hacked Aircraft

to make the system more impenetrable. Recently, a private company working with the Department of Homeland Security revealed that it was able to gain remote access to the on board systems of a Boeing seven fifty seven back in six at an airport in Atlantic City, New Jersey. While the DHS says the hacking team couldn't get access to the aircraft's flight control systems, this is still obviously a huge concern. The Department of Homeland Security was understandably read sent to

share details of the successful attack. But here's what we do know. The intruder was able to access certain on board systems remotely via radio frequencies without having physical contact with the plane. The intruder also didn't rely upon collusion. There was no one on board the plane on the intruder's side. In other words, so it sounds like this researcher was able to use a fairly simple piece of equipment that could pass through airport security and gain access

to the seven fifty seven's communication systems. According to the DHS, that's all the researchers were able to take over, and that is enough to be extremely troubling. But the DHS stressed that the researchers could not affect the flight path, software, or any of the actual controls of the aircraft. Typically, aircraft network systems are designed in such a way to prevent an intruder from getting to the avionics or flight

controls part of an aircraft system. Historically, the way to do this was to have what is called an air gap. An air gap is when you create either a computer or network that has no connection to a larger outside network. A PC with no wired or wireless connections to the Internet would have an air gap. There's no way for a hacker to connect to the machine without first gaining

physical access to it. Even with air gaps, you typically have communications and avionics depending upon the same general network. The two systems wouldn't have a direct line of communication between them, but would refer to some form of common communication interface. Air Gaps are more common between passenger networks and critical systems. In other words, if you connect to the in flight WiFi, you don't magically get access to

an aircraft's critical systems. That's generally considered a good thing. As all sorts of vehicles have become more advanced and connected, we've seen multiple examples of poor security implementations that could, under the right circumstances, lead to catastrophe. A couple of years ago, some security researchers demonstrated that they could hack into certain Cherokee models remotely and affect the vehicle's behavior, including the sound system, windshield wipers, and even the accelerator.

This was a fairly recent development. Previously, security experts needed physical access to a vehicle in order to make a wired connection between their computers and the cars onboard computer system. As we've trended more toward a wireless infrastructure, opportunities to exploit vulnerabilities have increased. So how do you fix it? Well?

In the case of cars, it requires massive recalls to address hardware in some cases, but in others you can fix it with a software patch, which, depending upon the problem and the car manufacturer, might allow owners to download the update directly to their vehicle without leaving the driveway.

But with planes, it's a little more complicated. According to Robert Hickey, who is an aviation program manager at the Department of Homeland Securities Science and Technology Director at Cybersecurity Division, any fixed for Boeing aircraft would be both time consuming and expensive. Specifically, he said quote the cost to change one line of code on a piece of avionics equipment is one million dollars and it takes a year to implement.

Hickey said that newer aircraft models have better security measures, but that's not a huge comfort since the commercial aircraft in operation are legacy models, which means they are older models that lack the latest security measures. So in short, there is a relatively simple hack that relies on radio communications devices that anyone could get through airport security and

potentially compromise the communication system on an aircraft. Whether you maintain control of the system once the aircraft moves out of transmission range hasn't been discussed, and maybe that you'd have enough influence to prompt to flight cancelation and that's it.

That's still incredibly disruptive. Of course, the larger fear is that you'd have a perpetual back door into a plane's onboard network, and there's always the concern that somehow in the future hackers will find a way to affect avionics and not just communications. There are hard lessons to learn in the information age, and it seems like we must relearn some of them every year. We have to keep in mind that along with all the benefits wireless technologies

have to offer, there are potential drawbacks. If we keep that in mind from the start, we're more likely able to address design flaws before they become part of a final product. That's all for today. To learn more about internet security, avionics, the science of flight, and more, subscribe to The Tech Stuff podcast. We publish on Wednesdays and Fridays and do a deep dive in all things in the world of technology. I'll see you against It.