"It is a matter of time before an airplane is hacked and manipulated" and American aviation authorities point out the high security risk

Bysebastien lebrigand

Prevent terrorism, border control, cyber security measures, etc.United States Department of Homeland SecurityFrom documents such as DHS, DHS sees civil aircraft being very vulnerable to cyber attacks and it is no longer a matter of time before a "catastrophic catastrophe" happens under a hacking attack It is clear that it is.

US Government Probes Airplane Vulnerabilities, Says Airline Hack Is 'Only a Matter of Time' - Motherboard
https://motherboard.vice.com/en_us/article/d3kwzx/documents-us-government-hacking-planes-dhs

This issue was reported in the American media that the DHS document was obtained through the American document disclosure lawMotherboardis. The document was created based on the case of successfully hacking "Boeing 737 aircraft" remotely, in an effort to clarify the vulnerability of widely operated commercial aircraft , A part of it is published on the following link.

DHS Document Release on Aviation Cybersecurity
https://www.documentcloud.org/documents/4495659-DHS-Document-Release-on-Aviation-Cybersecurity.html


Pacific Northwest National Laboratory belonging to the US Department of Energy (Pacific Northwest National Laboratory:PNNLIn the document that it was created, "The possibility of catastrophic disasters is inherently large in vehicles that fly in the sky", "It is a matter of time before the security breaches through aircraft is a matter of time", the aircraft Words that point out the vulnerability that exists in the list. Also obtained by MotherboardAnother DHS documentAlso in the initial test, it is pointed out that there is a viable attack vector (medium) that may affect the operation of the aircraft.


"Science & Technology Directorate (S & T)", the science and technology department of DHS, established a group composed of multiple organizations in 2016 to conduct aircraft cyber security vulnerability assessment. In the same year, stakeholders in the government, industry and academy world have successfully hacked a civilian aircraft "Boeing 757 aircraft" which is in the same environment as an actual society, which is not in the experimental environment. According to Robert Hicky, DHS S & T's aircraft program manager, the actual hacking procedure is naturally confidential, but as a means of doing so, the radio equipment installed in the aircraft, It is said that a device that can pass through the security gate of the airport is used.

Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says - Avionics
http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/


In addition, there is a similar description in the document obtained by Motherboard. As of 2016, a survey on the in-flight Wi-Fi and USB terminals of sheets that supply power, satellite communication system that communicates with artificial satellites, etc. was conducted It is a pattern that is.


In the latest study of PNNL, it is said that a survey is conducted to hack by invading from the "Wi-Fi device and information distribution device" installed in the aircraft. In the document it states that it has succeeded in establishing "usable and unauthenticated existence" in one or more of in-flight systems as verified items. On the other hand, however, it says that "it could not intrude via the selected access vector" as an item that could not be verified.

"DHS takes seriously about cyber security of aircraft and cooperates with both researchers and vendors to identify and mitigate vulnerabilities in the aviation industry, DHS commented on Motherboard for comment. Maker and airline company The airline industry, which includes a significant investment in cybersecurity, is building a robust test and maintenance procedure for risk management. "

In 2015, security experts hacked the in-flight entertainment system in the flight in flight under the name of the investigation, and from there the program code which adjusts the output of the jet engine of the aircraft was modified so that the actual course of the aircraft It has become obvious that it had changed slightly. DHS said in the data of 2016 that "The current civil aircraft backbone system is made up of a network based on good intentions and the cyber security measures for most commercial aircraft are very little or zero It is said that measures involving the entire industry are urgent.

Feds Say That Banned Researcher Commandeered a Plane | WIRED
https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/