Time for the tinfoil helmets as somehow in one of the most traveled & tracked areas of the world we can’t find a massive flying office block
Boeing 777 fully integrated networking!
Interestingly enough the Boeing 777 does have a fully integrated data network on board for which it needed permission from the FAA to belatedly retrofit a firewall to keep secure systems, well… secure! From the FAA in the USA: Special Conditions: Boeing Model 777-200, -300, and -300ER Series Airplanes; Aircraft Electronic System Security Protection From Unauthorized Internal Access
“The proposed architecture is novel or unusual for commercial transport airplanes by enabling connection to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane. This proposed data network and design integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems. Furthermore, regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be caused by unauthorized access to aircraft data buses and servers.”
“The proposed architecture and network configuration may be used for, or interfaced with, a diverse set of functions, including:
1. Flight-safety related control and navigation systems,
2. Operator business and administrative support (operator information services),
3. Passenger information systems, and,
4. Access by systems internal to the airplane.
Boeing got permission from the FAA to install the firewall and all appears to be right.
So could an aircraft be hacked?
Well there isn’t a metasploit module that will do it but Stuxnet has shown that state actors can go to extraordinary lengths to insert viruses into other states’ infrastructure. So it’s not beyond the bounds of belief that governments would have the technology to do such a thing. Insert a USB pen into the media system and infect the plane seems almost too simple but if the systems are all networked it could be done.
Hacking it with an Android App?
A security researcher called Hugo Teso has written an Android App to hack a plane through it’s Automatic Dependent Surveillance-Broadcast (ADS-B) & Aircraft Communications Addressing and Reporting System (ACARS). Both of these technologies are massively insecure and are susceptible to a number of passive and active attacks. His actual implementation has been decried by the FAA and pilots but the basic fact remains that conceptually it is possible and therefore with enough time & money it will be actually possible
The Aircraft Communications Addressing and Reporting System (ACARS) lets Airplanes home bases know how they are feeling. It provides a 4 times a flight download of full systems data and a constant stream of other sub-system information, see this New Scientist article
The Automatic Dependent Surveillance-Broadcast (ADS-B), sends information about each aircraft (identification, current position, altitude, and so on) through an on-board transmitter to air traffic controllers, and allows aircraft equipped with the technology to receive flight, traffic and weather information about other aircraft currently in the air in their vicinity