US Government Hacked a 757 on an Airport Runway Without the Pilot Knowing. How Long Before the Hack Is Public?

by Gary Leff

The U.S. Department of Homeland Security, while in the presence of Boeing officials, remotely hacked a Boeing 757 on the runway at the Atlantic City airport without the pilots knowing.

The team of researchers needed only two days in September 2016 to remotely hack into a 757 parked at the airport in Atlantic City, New Jersey.

Speaking at a conference this week, Robert Hickey of the Department of Homeland Security said his team used “typical stuff that could get through security” and hacked into the aircraft systems using “radio frequency communications.”


United Boeing 757

Of course they’re not releasing details of the hack. It’s not clear whether they managed a presence on the aircraft’s systems or actually had a way to influence those systems, altering controls or causing other risks to the safety of plane and passengers.

And they tell us not to worry, the hacking doesn’t actually reveal a threat.

Homeland Security says the recent testing was in an “artificial environment and risk reduction measures were already in place.”

Boeing observed the testing and was briefed on its results. In a statement, the company says, “We firmly believe that the test did not identify any cyber vulnerabilities in the 757, or any other boeing aircraft.”

You might think it’s fine for the US government to have this information, but once the government has the keys so does anyone that hacks the government. Just ask the NSA which had its Tailored Access Operations hacking programs stolen by the group Shadow Brokers.

The jolt to Mr. Williams from the Shadow Brokers’ riposte was part of a much broader earthquake that has shaken the N.S.A. to its core. Current and former agency officials say the Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the N.S.A., calling into question its ability to protect potent cyberweapons and its very value to national security. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own.

It’s great that the details of the hack were revealed to Boeing. It’s a problem when vulnerabilities are kept secret. It’s hard to trust assurances from the government and the business being hacked that there’s no risk.

There needs to be a limited amount of time to implement patches to hacks because there’s a limited amount of time in which vulnerability information is likely to remain secret and our safety cannot rely on hoping that hackers don’t steal the data.

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community InsideFlyer.com, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »

Comments

  1. 757’s are not even flown into the AC airport on any sort of regular basis due to Spirit being the sole airline operating out of the airport, and Spirit uses Airbus aircraft exclusively. The 757 in question must have been intentionally brought in to the airport for the sole purpose of this testing exercise, which most likely was being conducted at the FAA tech center located on site.

  2. “…his team used “typical stuff that could get through security” ”

    Ah, I see, here come the next round of security restrictions on what you can’t bring through.

  3. They “hacked” into the onboard entertainment and WiFi systems. Even aircraft systems that are tied into VHF comms have no way of controlling flight management, pressurization, engines etc.

    -current legacy airline pilot typed in 75/76

Comments are closed.