Hackers can take over cars by hacking into their on board computer systems. Does it not stand to reason that they could do the same thing to an airplane? Maybe, maybe not, but a recent ruling by the FAA shows this was a concern for Boeing Model 777-200.
Over the last few years I have written several posts about whether hackers could take over the controls of cars by hacking them (here) and whether doing so would violate the Computer Fraud and Abuse Act. From the time of my first post on this subject in 2011 until now, this discussion has moved from the theoretical, of whether it was possible, to the certain. It is possible and this video shows how hackers do this to cars.
Now, with the search for answers to how the Malaysian Flight 370 jetliner — a huge Boeing 777-200 airplane — just disappeared without a trace, some are starting to question whether that jetliner could have been hacked. That is, whether it may have been taken over by hacking into its computer system, turning off its tracking devices, and diverting it to a secret location. Who knows, right?
I certainly do not profess to have any specialized knowledge about whether this is possible other than basic common sense that tells me if it can happen to a car, it can happen to an airplane.
One security researcher has purportedly demonstrated that it is possible to take control of an airplane’s navigation and cockpit systems with an Android smartphone app (Researcher takes controls of aircraft system with Android phone) but the FAA explained why the researcher’s test would not allow him to actually take over the controls of a real airplane as the researcher was using a simulator ( FAA: ‘No, you CAN’T hijack a plane with an Android app’ ).
Regardless, another very important piece of information has come to light. On November 18, 2013, the Federal Aviation Administration issued a ruling that addressed concerns it had about the Boeing Model 777-200′s computer system being vulnerable to unauthorized internal access: Special Conditions: Boeing Model 777-200, -300, and -300ER Series Airplanes; Aircraft Electronic System Security Protection From Unauthorized Internal Access The FAA’s Ruling contained the following discussion:
The integrated network configurations in the Boeing Model 777-200, -300, and -300ER series airplanes may enable increased connectivity with external network sources and will have more interconnected networks and systems, such as passenger entertainment and information services than previous airplane models. This may enable the exploitation of network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the airplanes and occupants. This potential exploitation of security vulnerabilities may result in intentional or unintentional destruction, disruption, degradation, or exploitation of data and systems critical to the safety and maintenance of the airplane. . . . [T]hese special conditions are being issued to ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections between the airplane information services domain, aircraft control domain, and the passenger entertainment services.
Did the FAA’s special conditions issued in the Ruling alleviate this concern and adequately protect against the risk? We may never know. But, what we do know, is that this was a concern …
About the author
Shawn Tuma is a lawyer who is experienced in advising clients on complex intellectual property issues such as trade secrets litigation and misappropriation of trade secrets (under common law and the Texas Uniform Trade Secrets Act), unfair competition, and cyber crimes such as the Computer Fraud and Abuse Act. He is a partner at BrittonTuma, a boutique business law firm with offices near the boarder of Frisco and Plano, Texas which is located minutes from the District Courts of Collin County, Texas and the Plano Court of the United States District Court, Eastern District of Texas. He represents clients in lawsuits across the Dallas / Fort Worth Metroplex including state and federal courts in Collin County, Denton County, Dallas County, and Tarrant County, which are all courts in which he regularly handles cases (as well as across the nation pro hac vice ). Tuma regularly serves as a consultant to other lawyers on issues within his area of expertise and also serves as local counsel for attorneys with cases in the District Courts of Collin County, Texas, the United States District Court, Eastern District of Texas, and the United States District Court, Northern District of Texas.