This hack was not conducted in a laboratory, but on a 757 gathered at the airport in Atlantic City, N.J. And the real hack happened over a year ago. We are only now listening to it thanks to a keynote given by Robert Hickey, flight curriculum manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate.
“We got the aircraft on Sept. 19, 2016. Two days later, I was delighted in accomplishing a remote, non-supportive, penetration,” Hickey said in an article in Avionics Today. “That means I didn’t have anybody affecting the airplane; I didn’t have an insider threat. I stood off using normal stuff that could get through security, and we were able to build a presence on the systems of the aircraft.”
While the aspects of the hack are classified, Hickey acknowledged that his team of industry experts and academics pulled it off by accessing the 757’s “radio incidence communications.”
You might recognize when a governmental watchdog confirmed that the interconnectedness of modern commercial airliners could “possibly provide unauthorized remote access to aircraft avionics systems.” The matter was that a hacker could go through the Wi-Fi passenger network to hijack a plane while it was in flight.
And in a 2015 report by the U.S. Government Accountability Office, the bureau warned, “Internet connectivity in the cabin should be thought a direct link between the aircraft and the outside world, which adds potential malicious actors.”
At the time, U.S. Rep. Peter DeFazio (D-Ore.) said, the “FAA must focus on aircraft certification examples that would prevent a terrorist with a laptop in the cabin or on the area from taking control of an airplane over the passenger Wi-Fi system.”
The same year, security researcher Chris Roberts departed up in hot water with the feds after tweeting about hacking the United Airlines plane he was flying on. The FBI claimed Roberts said he took restraint of the navigation.
A Hack In The Box giving by Hugo Teso in 2013 suggested that thanks to the lack of authentication features in the protocol Aircraft Communications Approaching and Report System (ACARS), an airliner could be constrained via an Android app. Flight management software organizations, as well as the FAA, disputed Teso’s claims.