Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Tuesday December 19 2017, @04:35PM   Printer-friendly
from the omg-dhs-is-doing-security dept.

Aviation Today reports that the Boeing 757 is vulnerable to remote, non-cooperative, penetration.

A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a U.S. Department of Homeland Security (DHS) official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia.

"We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration," said Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate.

"[Which] means I didn't have anybody touching the airplane, I didn't have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft." Hickey said the details of the hack and the work his team are doing are classified, but said they accessed the aircraft's systems through radio frequency communications, adding that, based on the RF configuration of most aircraft, "you can come to grips pretty quickly where we went" on the aircraft.
...
[...]in March 2017, at a technical exchange meeting, he said seven airline pilot captains from American Airlines and Delta Air Lines in the room had no clue.

"All seven of them broke their jaw hitting the table when they said, 'You guys have known about this for years and haven't bothered to let us know because we depend on this stuff to be absolutely the bible,'" Hickey said.

Better late than never, hope is still alive, right?

"And I look at all of those and say, 'If we're not looking at those from a different perspective, we're going to miss the boat,' no pun intended," Hickey said. He said he doesn't know the answers yet for aircraft cyber infrastructure, adding that it's not a policy issue yet because more research needs to be done on these systems to understand what the issues are. Patching avionics subsystem on every aircraft when a vulnerability is discovered is cost prohibitive, Hickey said.

The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement. For Southwest Airlines, whose fleet is based on Boeing's 737, it would "bankrupt" them if a cyber vulnerability was specific to systems on board 737s, he said, adding that other airlines that fly 737s would also see their earnings hurt. Hickey said newer models of 737s and other aircraft, like Boeing's 787 and the Airbus Group A350, have been designed with security in mind, but that legacy aircraft, which make up more than 90% of the commercial planes in the sky, don't have these protections.

Aircraft also represent different challenges for cybersecurity and traditional land-based networks, Hickey said. He said that whether it's the U.S. Air Force or the commercial sector, there are no maintenance crews that can deal with ferreting out cyber threats aboard an aircraft.

"They don't exist in the maintenance world," Hickey said, noting that when he was in the Air Force, he commanded a logistics group. Hickey was also an airline pilot for more than 20 years. The chief information officers of airlines "don't know how to chase a cyber spark through an airplane either," Hickey said. "Why? Because they have been dealing with, and they're programmed to, and they do a great job of, protecting the terrestrial-based networks. Airplanes are absolutely different — crazy different."

Oh, well, so long for hope, I guess there'll be no patch Tuesday for this one.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by Anonymous Coward on Tuesday December 19 2017, @05:03PM

    by Anonymous Coward on Tuesday December 19 2017, @05:03PM (#611868)

    Or dogmatically ignoring the whole thing while singing Amazing Grace with their fingers stuck in their ears...

    Starting Score:    0  points
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  

    Total Score:   2