Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Transportation Privacy Security United States

Boeing 757 Testing Shows Airplanes Vulnerable To Hacking, DHS Says (aviationtoday.com) 140

schwit1 shares a report from Aviation Today: A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a DHS official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia. "We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration. [Which] means I didn't have anybody touching the airplane, I didn't have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft." Hickey said the details of the hack and the work his team are doing are classified, but said they accessed the aircraft's systems through radio frequency communications, adding that, based on the RF configuration of most aircraft, "you can come to grips pretty quickly where we went" on the aircraft. Patching avionics subsystem on every aircraft when a vulnerability is discovered is cost prohibitive, Hickey said. The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement. For Southwest Airlines, whose fleet is based on Boeing's 737, it would "bankrupt" them. Hickey said newer models of 737s and other aircraft, like Boeing's 787 and the Airbus Group A350, have been designed with security in mind, but that legacy aircraft, which make up more than 90% of the commercial planes in the sky, don't have these protections.
This discussion has been archived. No new comments can be posted.

Boeing 757 Testing Shows Airplanes Vulnerable To Hacking, DHS Says

Comments Filter:
  • by Joe_Dragon ( 2206452 ) on Wednesday November 15, 2017 @08:08AM (#55553481)

    why should Southwest Airlines pay? and not boeing?

    • And what's the price of a crash caused by hackers? Oh, right, that's not the same thing, the cost of a security fix is something you have to pay right now, while the price of a crash is only a potential cost in the future. Who cares about the latter even if it's orders of magnitude higher, right?

      • by DarkOx ( 621550 )

        risk = cost * probability

        Lets say you have $100 asset. There is a possibility a hacker could completely destroy it. You'd be out $100. I offer an indemnity policy to you. Your estimation of the risk says there is a 10% percent chance a hacker will destroy your asset. You would likely be willing to pay up to $10 for some protection. Much more than that and you would probably prefer to take your chances. That is the simplest situation.

        Now imagine instead of an indemnity, I am offering to do work to sec

        • Risk management is a big thing. However, for most companies, because the individual execs are so well shielded, even if a company causes loss in the thousands to tens of thousands of lives, it is pretty much impossible for the C-levels or even VPs to see any consequences. The banking industry in 2008 showed that with the megabuck bonuses after the recession.

          In reality, if a company has a $100 asset, the CxOs will say that paying $10 has no ROI to them. The $100 asset gets destroyed, and the business is t

          • by mlynx ( 812210 )
            Oh how I wish I had mod points today. This is so true.

            I was reading on another site someone that was arguing that corporations are ultimately still the people behind them. This example here is the clearest example against that notion that I've read in ages. Thank you for a nice insightful comment.

      • Especially considering that the cost would be high enough to make the airline fail, and being too big to fail as usual we get to foot the bill anyway, so why should the airline be concerned at all?

      • And what's the price of a crash caused by hackers? Oh, right, that's not the same thing, the cost of a security fix is something you have to pay right now, while the price of a crash is only a potential cost in the future. Who cares about the latter even if it's orders of magnitude higher, right?

        It's one thing when the first plane is hacked, and it results in a crash. It's another thing entirely when the 5th plane goes down within a week. Who needs a box cutter when you can terrorize using "typical stuff that could get through security".

        Not to mention the financial impact when no one in their right mind would fly on 90% of airline inventory . It would probably take less than a month to bankrupt most airlines in a scenario like that, along with a rather massive ripple effect crippling US Capitali

        • by DarkOx ( 621550 )

          Easy answer. No computing or radio devices permitted as carry on luggage. No laptops, cell phones, media players, medical equipment documented ahead of time and itemized.

          • and 2 free checked bags + full liability with that rule.

          • by shortscruffydave ( 638529 ) on Wednesday November 15, 2017 @09:52AM (#55554047)
            Problem with that is the number of devices with lithium-based batteries, which are not supposed to be carried in the hold - they are perceived as a fire risk, and if carried in the cabin then a fire can be detected more quickly
            • by dgatwood ( 11270 )

              And even if that weren't a serious safety risk, that would still be the dumbest, most invasive possible approach to fixing the problem. The smartest, least invasive approach would be to permanently shut down the in-flight Wi-Fi on planes that can't be secured. No access to the network = no ability to crack into the systems.

              Besides, anything you can do with a device on your person, you can also do with a device in the hold, using a timer or the built-in barometric pressure sensor. Banning devices from ca

              • by tlhIngan ( 30335 )

                And even if that weren't a serious safety risk, that would still be the dumbest, most invasive possible approach to fixing the problem. The smartest, least invasive approach would be to permanently shut down the in-flight Wi-Fi on planes that can't be secured. No access to the network = no ability to crack into the systems.

                Besides, anything you can do with a device on your person, you can also do with a device in the hold, using a timer or the built-in barometric pressure sensor. Banning devices from carry-

                • by dgatwood ( 11270 )

                  Why do you assume it's WiFi? It could be simple RF interference wreaking havoc. It affects older planes more than newer ones, which is a big clue, since older planes lack a lot of the high integration newer planes have. And newer planes are designed for a more modern world, where RF transmitters are common instead of rare - so modern planes can handle intentional RF transmitters much better (especially in an age with wireless headphones and such).

                  I'm not necessarily assuming Wi-Fi, but if they're talking ab

          • Easy answer. No computing or radio devices permitted as carry on luggage. No laptops, cell phones, media players, medical equipment documented ahead of time and itemized.

            We can't even get social media addicts to put their phone down to prevent killing people on the road, and you call this an "easy" answer?

            Good fucking luck with that.

            • If faced with being tossed to the local airport police and dragged off for a stint in the local pokey for a bit, most people will give up their devices.

              • by DarkOx ( 621550 )

                The first time TSA makes someone either trash a $800 iPhone or miss a $600 flight, and it hits the news people with very quickly learn to pack that stuff before headed to the airport

                • by rerogo ( 1839428 )

                  You'd think that, but thousands of people still forget to unload their handguns from their carry-on baggage every year[1]. Those cost on the same order as a cellphone and failure to remove them can result in jail time, not just missing a flight.

                  [1] Washintgon Post, August 2017 [washingtonpost.com]

              • If faced with being tossed to the local airport police and dragged off for a stint in the local pokey for a bit, most people will give up their devices.

                Ah, so threat of becoming a criminal with a record is now the only thing that would actually separate a human from their can't-live-without-it smartphone.

                Nope, no addiction to see here...everyone is fine...move along...

          • You can still stand out front of the airport, with likely the same effectiveness.
    • why should Southwest Airlines pay? and not boeing?

      Easy... They hope that Southwest will go back to Boeing and get the money back if Southwest is charged. They don't want to go directly to Boeing because (maybe) they don't want to ruin their relationship with Boeing. However, I doubt that Southwest would do what they hope -- getting all money back from Boeing. I believe Southwest will get the money back from both Boeing and passengers because they now have a reason to charge more (or CEO would get less bonus due to the loss).

    • by GuB-42 ( 2483988 )

      I believe that when there is a problem with a plane, the customer has to pay for the fix, just like with regular maintenance. Otherwise, if safety cannot be guaranteed, the plane is grounded.
      The idea is that by not requiring manufacturers to pay, it limits the incentives to hide defects.

      Now, that's for general aviation, I suppose the situation is not that simple with airlines buying dozens of multi-million dollar planes.

      • by dgatwood ( 11270 )

        And yet, when an automobile has a design flaw that causes a safety problem, NHTSA requires them to fix it at no cost to the customers. Some cars have seen many, many safety recalls. So at least anecdotally, it doesn't seem like forcing the manufacturers to pay for their own screw-ups results in more cover-ups.

        Also, because it is cheaper to fix things before they are deployed than to incur the cost of fixing them later, a manufacturer-pays policy has the added advantage of making the manufacturer be more

    • by AmiMoJo ( 196126 )

      As part of the maintenance contract with Boeing they would agree to cover costs like this. Business supply contracts are not like consumer law, they typically don't have warranties and the like.

      The airline could sue Boeing to make them pay for the fix, but after years in court and millions in legal fees they probably wouldn't win. After all, when other defects are found the airline usually pays the maintenance costs. At best the manufacturer might supply some free placements, but they aren't going to fit th

  • by Anonymous Coward

    This article claims that one line of code costs a million dollars to fix and would "bankrupt" Southwest.

    News flash: Southwest wouldn't be the ones fixing the fucking code! It would be the manufacturer who would then absorb that cost, not the airline. Besides, if this problem is valid the FAA and other regulators will be involved to force the manufacturer to address the issue.

    This article is a perfect example of why journalism is headed for self-destruction.

    • Besides, if this problem is valid the FAA and other regulators will be involved to force the manufacturer to address the issue.

      You'd think that's how it would work, right? Especially, with this now being made public, though the chances are, the FAA has their hands full with the twin perils of autonomous aerial vehicles and laser lights being shined into the cockpit.

      Look for their interest to be piqued after the first passenger plane lands outside of an airport because of this vulnerability.

    • This article claims that one line of code costs a million dollars to fix and would "bankrupt" Southwest.

      News flash: Southwest wouldn't be the ones fixing the fucking code! It would be the manufacturer who would then absorb that cost, not the airline. Besides, if this problem is valid the FAA and other regulators will be involved to force the manufacturer to address the issue.

      This article is a perfect example of why journalism is headed for self-destruction.

      Not to mention a lot of that is fixed costs. Changing 1 more line of code wouldn't cost $1 more but is also wouldn't cost $1M more.

    • This article claims that one line of code costs a million dollars to fix and would "bankrupt" Southwest.

      News flash: Southwest wouldn't be the ones fixing the fucking code! It would be the manufacturer who would then absorb that cost, not the airline. Besides, if this problem is valid the FAA and other regulators will be involved to force the manufacturer to address the issue.

      This article is a perfect example of why journalism is headed for self-destruction.

      OK, let's make the manufacturer fix this then.

      Effective immediately, 90% of US airline fleets are hereby grounded as they are unsafe. They are now part of a manufacturer recall.

      Hope that clarifies the impact.

      Oh, and speaking of self-destruction, airlines would most likely be bankrupt as a result of that course of action.

      • Effective immediately, 90% of US airline fleets are hereby grounded as they are unsafe.

        We've leapt from an opaque claim that some hacker has "establish[ed] a presence" to an "unsafe" fleet that requires immediate grounding? Add in the fact that in TFA it tells us that the experts said they knew about this for years and it isn't a big deal. I think "unsafe" would be a bit of a deal.

        This is like someone suddenly realizing that you can open an elevator access door from outside the elevator. Anyone who knows elevators knows this; it's only the ignorant who freak out when they learn this amazing

  • by Anonymous Coward

    >The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement.

    Useless metric spotted. The cost is very very very lousily correlated to the number of lines of code. The number of checks/tests to re-run is by far a better metric to estimate the cost. Most of the time one line of code or thousands just cost the same price.

    • by leonbev ( 111395 ) on Wednesday November 15, 2017 @08:48AM (#55553671) Journal

      With something like avionics software, it probably doesn't matter if one line or a thousand lines change... the entire application would need a full regression test for safety/certification purposes. That's where the million dollar estimate probably comes from.

      • This. OTOH Would be certainly expensive to implement some more security, but that's likely much less than if a plane is actually terro-hacked .
      • the entire application would need a full regression test for safety/certification purposes.

        It is a reasonable metric, but ridiculous application. Yes, recertifying the specific piece of avionics that is involved may cost $1 million when you consider the time and manpower involved. That may cover 1 or 1000 lines of code. It won't be Southwest that pays this, and maybe not even Boeing. It will be the manufacturer of the system that needs fixin'.

        But this is a ridiculous application of the metric when there is the claim that it would bankrupt Southwest to implement it. Implementing the change would

  • by Speare ( 84249 ) on Wednesday November 15, 2017 @08:21AM (#55553547) Homepage Journal
    I expect quite a few folks here are going to question the figure, "a million dollars per line changed."

    1. The airlines operate under a huge amount of regulatory oversight, and structure the development of avionics or engine control software accordingly. The terms ARP4754 and DO-178C are to aviation as ISO9002 is to business models. They provide guidelines on creating a rigorous development process, and regulators are keen to track how well companies develop logic and physical designs in line with best practices described by those guidelines.

    2. If you summarize DO-178C in one sentence, it might be "document the rationale for every change, and the means you employed to ensure it is the right change." Most companies follow a V-shaped change model where you trace from high level requirements to lower level requirements to implementation details, and then verify the code does what is expected and then validate that the requirements are being met (and the requirements are even proper in the first place). Once you have that framework in place, you have to document every step of the chain of review.

    3. For every change to a high level requirement, a low level requirement, an implementation, and sometimes even a change in a verification method, there typically has to be an independent review: you cannot trust the implementors to check that the change was appropriate and done correctly as it's easy to be blinded by your own thought process during development.

    So in a case like this, the customer needs to inject several new top-level requirement (which shockingly may not have been there in the first place), "the system shall be hardened against unauthorized changes in configuration/operation/state" and that has to flow down to subsystems "the component XYZ shall be hardened..." and that has to flow down a few more tiers before you even identify the protocols or chips or attack vectors to be changed. Then you have to verify the code change works in each component. Then a system-level review. Then a regulatory review to have the updated design certified as safe for test flight and finally safe for revenue service.

    Does this sound like a desktop software change control process? Sure, maybe you're really disciplined, but it's a matter of degree. It really can take fifty people or more, from regulators to systems engineers to coders to integration testers to work the process. And that all adds up in terms of time, opportunity costs, tools and tooling, lab test, systems test, hours and hours of live aircraft flight test, and so on.

    • by archer, the ( 887288 ) on Wednesday November 15, 2017 @08:37AM (#55553623)

      The summary said $1M for a one-line change. I took it to mean making a change, even one line, costs a minimum of $1M. Changing two consecutive lines might cost $1,001,000.

    • by tsqr ( 808554 ) on Wednesday November 15, 2017 @09:40AM (#55553969)

      I expect quite a few folks here are going to question the figure, "a million dollars per line changed."

      As well they should, because that isn't what he said. What he said was, "The cost to change one line of code on a piece of avionics equipment is $1 million". But everything else you said in your post is spot on. Most software developers have no idea what is involved in creating DAL-A safety critical software for commercial aviation, and would run screaming to the safety of their iOS development environment if they were tasked with doing it.

  • And again! (Score:5, Interesting)

    by jenningsthecat ( 1525947 ) on Wednesday November 15, 2017 @08:24AM (#55553559)

    Why in the HELL are critical avionics control systems networked in such a way that they can be accessed remotely by radio? FFS, what were they thinking? They design systems that are hardened against direct lightning strikes, but leave them vulnerable to a remote hack using a device that's probably not much more than a small computer and a glorified walkie talkie connected together. WTF?

    On an unrelated note, why is the page I'm typing this on a standalone text entry box without TFS available on it for reference? Is Slashdot Beta rearing its drooling imbecilic ugly head again?

    • by Anonymous Coward

      I suspect they were designed that way because the 757 was designed in the mid 1980's - when such exploits would have been impossible to carry out. (Had they even thought of that, which I doubt).

      So I would like you to come up with a completely new design for something extremely complex. Then wait 30 or 40 years and have a bunch of engineers with access to tools and methods that simply don't exist today start chipping away at your design.

      Why the hell indeed.

    • by Anonymous Coward

      They are not. Whole story is BS. Or at least over hyped. I can tell you for a fact that the critical flight control, navigation, and instrumentation on a 757 are not networked with anything. They may have been able to send the aircraft a ACARS message or break into the entertainment system, but they did not do anything nearly as dramatic as they are claiming.

    • by swb ( 14022 )

      It was designed in the 1980s and the last one was made in 2004.

      If I were to hazard a guess, it wasn't designed for remote radio configuration but became so due to some kinds of electronics add-ons or upgrades that created an unexpected vulnerability.

      I'd also guess that this problem, if its validated and well-understood from a capability and risk perspective, will just contribute to accelerating plane's economic end of life. I'd imagine some percentage of early 757s have already been retired or moved to fre

    • If the airplane isn't *fly by wire* there's not a lot to worry about. The autopilot can be turned off if it acts up for any reason.

      why is the page I'm typing this on a standalone text entry box without TFS available on it for reference?

      Maybe you opened the "reply" button in a new tab?

  • by Anonymous Coward

    > For Southwest Airlines, whose fleet is based on Boeing's 737, it would "bankrupt" them.

    Do you realize that Boeing-737, even in its latest -800/-900 incarnations, is NOT a fly-by-wire airplane? The flight control surfaces are mechanically connected to the yokes in the pilots hands and the pedals under their feet, using push-rods and hydraulic cylinders. The basic design of B-737 originates from circa 1963 and hasn't been radically changed since due to economic pressure from airlines, to whom new "type r

  • by 140Mandak262Jamuna ( 970587 ) on Wednesday November 15, 2017 @08:35AM (#55553607) Journal
    Terrorists are dumb. They will never hack at this level.

    But state actors and spy agencies, can. It is their bread and butter business. The danger is them giving these tools to the terrorists for political purposes and proliferation and mutation of the leaked hacking tools.

    • The idiots yelling "aloha snackbar" before blowing themselves up sure aren't Nobel prize material. But neither are the front line spies. And neither of them have to be.

      The mastermind can well be someone behind the lines, training the one executing the attack to use the tool they build. Push this button, push that one and 72 virgins (along with their mom's basement) are yours.

      • The mastermind can well be someone behind the lines ...

        Could be. But rarely the mastermind is a genius. The dynamics of terrorist organization, the membership it attracts, its reward system etc do not allow really smart clever genius level thinkers to rise up in the ranks. They routinely lose top leadership and a headless terrorist organization is ripe to be taken over by an evil genius level thinker. It is possible, but pretty soon some hot head assistant with delusions of grandeur will kill him and take it back to dumb angry emotional leadership path.

        The bo

    • Terrorists are dumb.

      That's what they want you to think.

      They will never hack at this level.

      Of course not, they don't need to either. Just pay someone or threaten to kill their family.

  • by Anonymous Coward on Wednesday November 15, 2017 @08:51AM (#55553695)

    The convenient excuse that the results of this hack are classified allows the author to make what would likely be a boring and unimportant story sensational. Exactly what systems did they access? A 757 is a pretty old aircraft. NONE of the flight critical systems are networked off the aircraft. I suspect they hackers got access to a non-critical system like ACARS or IFE. The $1M per SLOC is also very misleading. While the FIRST line of code might cost that much on a flight critical system, each successive line of of code is pretty much in line with a traditional software project. You can also spread that cost across the entire fleet of operating aircraft. And since the 757 and 767 systems are almost identical, that's a lot of airplanes that could be upgraded for a single price tag.

    • I was disappointed I had to go so far down the page to see someone comment on this. I followed the link specifically to see *what* was hacked and nothing was mentioned. There's a huge difference between being able turn off the "Fasten Seatbelts" lights, encouraging people to walk around during turbulence and dumping cabin pressure or altering flight controls.

      Even something vague like the area they accessed: communications, cabin systems, avionics would make it look less like something sensationalized to

      • There's a huge difference between being able turn off the "Fasten Seatbelts" lights, encouraging people to walk around during turbulence

        You don't need to encourage people to do that by turning off the seatbelt light, they'll do it whether the light is on or not. On a flight a few days ago, one idiot got up not once but twice to use the lavatory while we were on final descent. Both times the attendant walked by to lock the lav but didn't need to because the idiot was in it and the sign said "occupied". She thought it was empty and locked by another attendant. After she strapped in, the idiot returned to his seat, leaving the lav door ajar.

        A

    • The convenient excuse that the results of this hack are classified allows the author to make what would likely be a boring and unimportant story sensational. Exactly what systems did they access? A 757 is a pretty old aircraft. NONE of the flight critical systems are networked off the aircraft. I suspect they hackers got access to a non-critical system like ACARS or IFE. The $1M per SLOC is also very misleading. While the FIRST line of code might cost that much on a flight critical system, each successive line of of code is pretty much in line with a traditional software project. You can also spread that cost across the entire fleet of operating aircraft. And since the 757 and 767 systems are almost identical, that's a lot of airplanes that could be upgraded for a single price tag.

      They do mention maintenance crews and I do wonder about an impostor hooking up a hacking device to a maintenance interface. If this is left while the airplane is flying, it could try to put the aircraft into maintenance mode in flight. Though I think they already have software in place to try to prevent such a thing from being done by accident, and I would hope maintenance crews are fairly well monitored as they could do far worse with an explosive device attached somewhere you can't see it.

    • It takes several years of testing to ensure that the code is correct. The cost isn't just in writing the code.
  • Settings
    Bluetooth
    select Boing 737
    Connect

    http://www.vicclap.hu/static/p... [vicclap.hu]

  • Legacy aircraft have mechanical backup on the controls. The airplane is still flyable if the computer malfunctions. Hackers can still mess with the autopilot and navigation though.

  • ACARS (Score:4, Informative)

    by barbariccow ( 1476631 ) on Wednesday November 15, 2017 @10:38AM (#55554419)
    Probably just sent ACARS messages over RF and the airplane thought they were from the airport. These messages can include things automated acted upon like "Your plane's altitude has been detected at XX feet" or "Huge category-5 hurricane straight ahead, divert to ETOPS field". Not like they designed any of these protocols with security..
  • That will make one hellva model airplane!
  • ... operating exclusively DC-3s ...
  • I was successful in accomplishing a remote, non-cooperative, penetration.

    So it looks like Judge Roy Moore [nytimes.com] can find a back-up career if his run for Alabama Senator falls through - once these planes get to be 14 years old, of course.

    (More seriously, wouldn't a "cooperative" penetration be just like logging in and not an exploit/hack?)

  • The B757 never had WiFi or any other common networking on it. The closest thing might be ACARs, or one of the databus that aircraft use.

    The 737 classics that Southwest has, had WiFi added, but nothing connected in the cockpit. Even the 737-NGs had WiFi added, but again, nothing to the cockpit.

    The newer 737-MAX's are Boeings responsibility. So far Southwest doesn't have enough of them to threaten the company should the need to be retro-fitted.

    A fix to one line of code, would apply to several thousand aircraf

"You can't get very far in this world without your dossier being there first." -- Arthur Miller

Working...