1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DHS hacks 757 from gate

Discussion in 'General Topics' started by av8tr1, Nov 13, 2017.

  1. av8tr1

    av8tr1 "Never tell me the odds!"

    Joined:
    Oct 4, 2014
    Messages:
    2,332
    Likes Received:
    1,745
    Interesting development. I missed out on Def Con 2017 but I heard this was a big topic on the floor this year. Apparently there were a number of groups trying to do this and no one as of yet was successful remotely until now. Time to put some firewalls on aircraft and this is probably going to give further support to that laptop ban we were concerned about earlier this year.

    I'd like to know what subsystems they were able to get control of. You could do a lot of damage remotely.

    https://www.avweb.com/avwebflash/news/DHS-Hacked-Airliner-Systems-229909-1.html

    The Department of Homeland Security has reportedly told a cyber security conference it was able to hack the internal systems of a Boeing 757 sitting on the ramp at Atlantic City Airport with no help from anyone on board or anywhere near the aircraft. “We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative penetration,” DHS cyber security expert Robert Hickey is quoted as saying by Avionics Today. “[Which] means I didn’t have anybody touching the airplane, I didn’t have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft.” Hickey was speaking at the CyberSat Summit in Virginia Nov. 8.
     
    falconvalley likes this.
  2. Cessnaflyer

    Cessnaflyer Wooooooooooooooooooooooooooooooo

    Joined:
    Dec 9, 2006
    Messages:
    8,353
    Likes Received:
    2,568
    I thought all the systems were air-gapped and it wouldn't matter. Wonder what he really hacked into.
     
  3. ATN_Pilot

    ATN_Pilot Socialist Pig Member

    Joined:
    Jun 14, 2005
    Messages:
    22,032
    Likes Received:
    13,534
    I find this all really hard to believe. I'm no expert on 757 systems, but I can't imagine that there is any way to control any systems wirelessly. Perhaps you can view some system data through the ACARS, but not control anything.
     
  4. Soku39

    Soku39 Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    1,135
    Likes Received:
    699
    You mean that code from the mid 1980s, written with no thought given to cyber security is easily exploitable? I'm shocked.
     
    ppragman and av8tr1 like this.
  5. av8tr1

    av8tr1 "Never tell me the odds!"

    Joined:
    Oct 4, 2014
    Messages:
    2,332
    Likes Received:
    1,745
  6. NovemberEcho

    NovemberEcho Well-Known Member

    Joined:
    Jul 4, 2013
    Messages:
    4,472
    Likes Received:
    6,299
    Great. Now when y'all suddenly do weird stuff instead of "sorry the autopilot/fms is acting up" it's going to be "sorry we were hacked"
     
    tcco94, nibake and JordanD like this.
  7. gotWXdagain

    gotWXdagain Highly Visible Member

    Joined:
    Jan 17, 2009
    Messages:
    3,420
    Likes Received:
    2,791
    There can't be an air gap between the wifi and the plane's essential systems, unless someone in the cockpit is flipping a switch at 10k feet to turn on/off the GoGo?
     
  8. knot4u

    knot4u Repeat Offender

    Joined:
    Jul 18, 2010
    Messages:
    3,638
    Likes Received:
    2,435
    I'd imagine a relay between whatever system is giving altitude info and the GoGo could seperate those systems.
     
  9. Cptnchia

    Cptnchia Well-Known Member

    Joined:
    May 16, 2007
    Messages:
    8,517
    Likes Received:
    10,126
    Well, considering the three airplanes I’ve flown with GoGo WiFi on them, (MD88, 737, 757/767,) have NO essential systems that link to the WiFi, I’d be curious as to what was actually accomplished.
     
  10. av8tr1

    av8tr1 "Never tell me the odds!"

    Joined:
    Oct 4, 2014
    Messages:
    2,332
    Likes Received:
    1,745
    The guy from a while back claims to have issued a command to one of the engines to "climb" which I assume really means increase thrust. Which would put the aircraft out of trim or worse. But I would imagine (hope) that would be a significant in air event leading to an land as soon as practicable situation. But I don't fly anything with auto throttles.

    Anyone want to chime in on what you would do if an engine suddenly spooled up on its own?
     
  11. ATN_Pilot

    ATN_Pilot Socialist Pig Member

    Joined:
    Jun 14, 2005
    Messages:
    22,032
    Likes Received:
    13,534
    Uncommanded engine acceleration usually has an abnormal or emergency checklist associated with it. But I'd say there's somewhere between nil and zero chance that this guy actually accomplished that.
     
    ClarkGriswold, z987k and B767 like this.
  12. gotWXdagain

    gotWXdagain Highly Visible Member

    Joined:
    Jan 17, 2009
    Messages:
    3,420
    Likes Received:
    2,791
    If it was a simple relay, it’d be super easy to separate the systems, however if the wifi router is run to the airplane’s computer box from a network cable and is activated via a set of computer scripts, a hacker could do alot of damage. I guess it depends on how software-dependent the airplane’s essential systems are.
     
  13. ATN_Pilot

    ATN_Pilot Socialist Pig Member

    Joined:
    Jun 14, 2005
    Messages:
    22,032
    Likes Received:
    13,534
    What's an "airplane's computer box?"
     
    Cherokee_Cruiser likes this.
  14. B767

    B767 Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    2,076
    Likes Received:
    1,579
    I’m no computer/tech guru. I’m having a really hard time understanding how someone can “hack” a plane via WiFi? None of the systems are tied to the WiFi. I find it inconceivable that someone commanded the plane to climb. HOW?!? You can’t hack an fms from WiFi. The autopilot/throttle isn’t tied to WiFi. You might, somehow, be able to send screwie acars messages but the ACARS doesn’t control the plane.

    I’m lost.
     
    ClarkGriswold and ATN_Pilot like this.
  15. mshunter

    mshunter Well-Known Member

    Joined:
    Dec 11, 2008
    Messages:
    14,385
    Likes Received:
    5,274
    And people want to go with pilot-less airplanes. QFT!
     
  16. Soku39

    Soku39 Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    1,135
    Likes Received:
    699
    Well if control of the plane has been removed from the pilot, it kinda doesn't matter yes?
     
  17. mshunter

    mshunter Well-Known Member

    Joined:
    Dec 11, 2008
    Messages:
    14,385
    Likes Received:
    5,274
    If you take the pilot out of the equation, and only have a network, what makes anyone think that it won't happen?
     
  18. Cherokee_Cruiser

    Cherokee_Cruiser Well-Known Member

    Joined:
    Sep 23, 2001
    Messages:
    8,751
    Likes Received:
    3,849
    C'mon! That box where I punch buttons and make a magenta line appear. How else do you fly the plane?


    [​IMG]
     
    Toobdrvr and tcco94 like this.
  19. ATN_Pilot

    ATN_Pilot Socialist Pig Member

    Joined:
    Jun 14, 2005
    Messages:
    22,032
    Likes Received:
    13,534
    I know I've been out of the game for a little while now, but I don't remember this term. :)
     
  20. knot4u

    knot4u Repeat Offender

    Joined:
    Jul 18, 2010
    Messages:
    3,638
    Likes Received:
    2,435
    Yes, a simple relay. I think GoGo is ground based so it shouldn't need any position info. The new really high end business jets are already capable of informing a crew that's at the hotel that a door, a cowl, or a service panel has been opened with a phone call followed by a text. Depending on what plan you want to subscribe to they can alert mechanics and a manufacturers analyst of any faults and parts will be ordered before the plane lands. Data uploads to the engine manufacturer are automatically sent via a cell signal upon landing. Soon the database updates will be done by wifi. It's almost a full time job just keeping up with all the subscriptions, passwords and other issues all of this connectivity brings with it.
     
    Stone Cold likes this.

Share This Page