The U.S. Department of Homeland Security, while in the presence of Boeing officials, remotely hacked a Boeing 757 on the runway at the Atlantic City airport without the pilots knowing.
The team of researchers needed only two days in September 2016 to remotely hack into a 757 parked at the airport in Atlantic City, New Jersey.
Speaking at a conference this week, Robert Hickey of the Department of Homeland Security said his team used “typical stuff that could get through security” and hacked into the aircraft systems using “radio frequency communications.”
United Boeing 757
Of course they’re not releasing details of the hack. It’s not clear whether they managed a presence on the aircraft’s systems or actually had a way to influence those systems, altering controls or causing other risks to the safety of plane and passengers.
And they tell us not to worry, the hacking doesn’t actually reveal a threat.
Homeland Security says the recent testing was in an “artificial environment and risk reduction measures were already in place.”
Boeing observed the testing and was briefed on its results. In a statement, the company says, “We firmly believe that the test did not identify any cyber vulnerabilities in the 757, or any other boeing aircraft.”
You might think it’s fine for the US government to have this information, but once the government has the keys so does anyone that hacks the government. Just ask the NSA which had its Tailored Access Operations hacking programs stolen by the group Shadow Brokers.
The jolt to Mr. Williams from the Shadow Brokers’ riposte was part of a much broader earthquake that has shaken the N.S.A. to its core. Current and former agency officials say the Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the N.S.A., calling into question its ability to protect potent cyberweapons and its very value to national security. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own.
It’s great that the details of the hack were revealed to Boeing. It’s a problem when vulnerabilities are kept secret. It’s hard to trust assurances from the government and the business being hacked that there’s no risk.
There needs to be a limited amount of time to implement patches to hacks because there’s a limited amount of time in which vulnerability information is likely to remain secret and our safety cannot rely on hoping that hackers don’t steal the data.