Boeing 757 hacked on the tarmac by Department of Homeland Security in 'controlled experiment'

Pilots not told that they were being targeted in DHS penetration test

A team of aerospace experts working with the US Department of Homeland Security to conduct a controlled hacking of a Boeing 757 on the ground at an Airport in Atlantic City, New Jersey.

The team of academics and industry experts were able to remotely crack the IT systems of the 757, which uses a form of computerised fly-by-wire system for control. The test demonstrates the inadequacy of security in many modern plans that, nevertheless, rely on IT to stay airborne.

The controlled experiment led by the Department of Homeland Security was conducted in September 2016, with the pilots unaware of the experiment taking place.

The researchers exploited the plane's own wireless communications to penetrate its internal network. Robert Hickey, aviation program manager working at the company's Cyber Security Division, detailed the experiment during a keynote speech at the CyberSat Summit 2017.

He said that the researchers only needed two days to develop and execute a hacking strategy, but they relied on a "classified" pool of resources.

Aviation and IT security experts were, apparently, aware of the security flaws discovered by DHS. However, pilots working for normal airline companies weren't briefed until March 2017.

According to aviation news site Aviation Today, Hickey said: "All seven of them broke their jaw hitting the table when they said.

"You guys have known about this for years and haven't bothered to let us know because we depend on this stuff to be absolutely the bible."

Despite the fact that mass production of the 757 ended in 2014, it's still used by companies across the world. Around 90 per cent of commercial planes consist of such legacy models, although not all utilise fly-by-wire avionics.

However, the cost of amending computer systems on board aircraft might hamper efforts at improving security. According to Aviation Today, it can cost $1m and take a year to change just one line of code in one aircraft.

While older models, like the 757, might lack appropriate security, more modern and current production models ought to be more secure, added Hickey.