Department of Homeland Security official admits that a team of experts remotely hacked a Boeing 757.
It only took two days for Robert Hickey (aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate) and a team from the US Department of Homeland Security to hack a Boeing 757 using simple, readily available tools that would easily pass through security at any airport. Hickey’s researchers gained access to the controls of the plane without any form of physical proximity or contact.
In a scene straight out of Hollywood summer blockbuster action movie, god-willing starring Idris Elba, a “test hacking” demonstrates the very real threat from hackers looking for a massive payoff: airplanes. Imagine the scenario in which ransomware locks up a jetliner carrying hundreds of passengers, or an entire fleet of them. Thousands of people could plummet to their deaths at the same time if the ransom demand isn’t met.
US government uses Boeing 757s
OK, so the Boeing 757 is no longer in production, but is certainly still a part of the daily fleets of many airlines, including three of the largest in the world. The government even uses 757s: while the president’s personal jet is a 757, the vice president recently flew on a 757 during an official trip.
Nothing to see here
For its part, the Boeing company has reportedly announced a rebuttal, claiming a hacking like this is impossible and does not indicate any kind of cybersecurity vulnerability. (That’s what you’d expect the corporate bigwig to say, if this was actually a movie.) According to CBS, “Boeing observed the testing and was briefed on its results. In a statement, the company says, ‘We firmly believe that the test did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft.'”
It’s worth noting that this test event actually took place in 2016, but is only now coming to light. It does make you wonder what steps, if any, Boeing has taken to prevent further hacking of its vehicles; considering the vehement response from the company, it seems doubtful that any weight was given to patching security flaws.