The air travel industry claimed it couldn’t be done, but a Department of Homeland Security official proved the industry wrong: in 2016, he remotely hacked into a plane parked at an airport, using no insider help—and although he didn’t share exactly what systems he’d accessed, alarms have been raised.
Robert Hickey, a Department of Homeland Security official, beat the odds in 2016 and hacked into a Boeing plane parked at the Atlantic City airport. He wasn’t onboard the plane at the time, and he didn’t have any help. It was a standard hacking operation. He shared this information at a cyber security conference this year and, although he couldn’t share much about the systems he accessed, it has the air travel industry a bit on edge.
Being more integrated with digital systems has raised the stakes for the ability of hackers to break into aircraft controls.
“We have to admit that the threats and vulnerabilities have changed,” Matthieu Gualino, a security trainer for consultants at aviation safety regulator L.A. Conseils and ICAO, told the Financial Times. “We have had technology in the air for many years … [but] the rise of connected technologies leads to greater vulnerability.”
Both the United States and the United Kingdom governments have acknowledged security concerns. There were claims back in 2015 that a cyber security expert hacked into a plan and accessed the flight controls—but that hasn’t been proven. And for Boeing’s part, the company denies such cyber attacks are even possible.
“Critical flight systems cannot be accessed from an aeroplane’s non-critical systems,” Boeing told the Financial Times. “Multiple layers of protection, including software, hardware, and network architecture features, are designed to … guard against intrusion. Technical controls protecting flight critical systems … extend beyond traditional security measures found in ground-based environments.”