For those of you who have been around the Denver cyber security scene, Chris Roberts is a bit of an icon. For those of you who do not know him, he is a white hat hacker who most recently got some undesired fame when he tweeted about hacking a Boeing 737 he was on. The FBI wasn’t amused (see article). The FBI “greeted” him when he landed and United banned him for life.
Well now the Department of Homeland Security is admitting that it was able to hack a Boeing 757 REMOTELY last year. Chris said his hack required him to be on the plane. A remote hack is much scarier because if you can do that, maybe you can hack any plane from anywhere in the world.
Boeing, of course, went on immediate damage control. They said they were aware of it and it wasn’t so bad because all they were able to hack was the plane’s communications system and not it’s flight controls. Well, that makes me feel better already.
As security people always say, hacks never get better, only worse. Maybe, today, all they can hack from half way around the world is the plane’s communications, but what will they be able to hack tomorrow?
Ponder this for a moment. If the TSA is focused on stopping you from bringing a nail scissors on to a plane but the hackers are attacking the plane from half way around the world………… Well, you get the idea.
Basically, they validated what Chris was saying last year and what we all suspected.
This does not mean that planes are going to start falling from the sky – it is statistically safer to fly than to drive. But what it does mean is that the manufacturer’s of airplanes are going to need to up their security game. Now that it has become public more money will be found.
No one wants people to be scared to fly. I am sure that the spin doctors are in full panic mode right now figuring out how to deal with this.
All of this is because there is so much software on an airplane these days. If you compare a third generation 737 with a current eighth generation 737, in many ways they are really two different airplanes.
This is definitely a story to watch. Why Congress could even get involved.
Information for this post came from Business Insider.