WEBVTT - Hacked Aircraft

0:00:03.720 --> 0:00:06.600
<v Speaker 1>In a world of connected vehicles, the real drivers might

0:00:06.640 --> 0:00:10.160
<v Speaker 1>be the hackers. I'm Jonathan Strickland, and this is tech

0:00:10.200 --> 0:00:18.079
<v Speaker 1>stuff daily. In information security, there's a practice called penetration testing.

0:00:18.320 --> 0:00:21.159
<v Speaker 1>The concept is pretty simple. A hacker or team of

0:00:21.200 --> 0:00:23.799
<v Speaker 1>hackers attempts to gain entry into what is supposed to

0:00:23.800 --> 0:00:27.800
<v Speaker 1>be a secure system using various hacking techniques. The goals

0:00:27.840 --> 0:00:30.960
<v Speaker 1>to expose any security vulnerabilities that need to be patched

0:00:31.000 --> 0:00:35.200
<v Speaker 1>to make the system more impenetrable. Recently, a private company

0:00:35.240 --> 0:00:37.920
<v Speaker 1>working with the Department of Homeland Security revealed that it

0:00:37.960 --> 0:00:40.479
<v Speaker 1>was able to gain remote access to the on board

0:00:40.479 --> 0:00:44.239
<v Speaker 1>systems of a Boeing seven fifty seven back in six

0:00:44.840 --> 0:00:48.159
<v Speaker 1>at an airport in Atlantic City, New Jersey. While the

0:00:48.280 --> 0:00:51.240
<v Speaker 1>DHS says the hacking team couldn't get access to the

0:00:51.280 --> 0:00:55.840
<v Speaker 1>aircraft's flight control systems, this is still obviously a huge concern.

0:00:56.560 --> 0:01:00.400
<v Speaker 1>The Department of Homeland Security was understandably read sent to

0:01:00.480 --> 0:01:03.600
<v Speaker 1>share details of the successful attack. But here's what we

0:01:03.680 --> 0:01:06.360
<v Speaker 1>do know. The intruder was able to access certain on

0:01:06.520 --> 0:01:11.480
<v Speaker 1>board systems remotely via radio frequencies without having physical contact

0:01:11.480 --> 0:01:14.920
<v Speaker 1>with the plane. The intruder also didn't rely upon collusion.

0:01:15.040 --> 0:01:17.240
<v Speaker 1>There was no one on board the plane on the

0:01:17.280 --> 0:01:20.320
<v Speaker 1>intruder's side. In other words, so it sounds like this

0:01:20.400 --> 0:01:23.240
<v Speaker 1>researcher was able to use a fairly simple piece of

0:01:23.280 --> 0:01:27.080
<v Speaker 1>equipment that could pass through airport security and gain access

0:01:27.120 --> 0:01:31.640
<v Speaker 1>to the seven fifty seven's communication systems. According to the DHS,

0:01:31.680 --> 0:01:34.839
<v Speaker 1>that's all the researchers were able to take over, and

0:01:34.920 --> 0:01:38.520
<v Speaker 1>that is enough to be extremely troubling. But the DHS

0:01:38.560 --> 0:01:42.240
<v Speaker 1>stressed that the researchers could not affect the flight path, software,

0:01:42.520 --> 0:01:45.959
<v Speaker 1>or any of the actual controls of the aircraft. Typically,

0:01:46.200 --> 0:01:48.800
<v Speaker 1>aircraft network systems are designed in such a way to

0:01:48.840 --> 0:01:51.760
<v Speaker 1>prevent an intruder from getting to the avionics or flight

0:01:51.800 --> 0:01:55.280
<v Speaker 1>controls part of an aircraft system. Historically, the way to

0:01:55.320 --> 0:01:57.640
<v Speaker 1>do this was to have what is called an air gap.

0:01:58.040 --> 0:02:00.640
<v Speaker 1>An air gap is when you create either a computer

0:02:00.800 --> 0:02:04.520
<v Speaker 1>or network that has no connection to a larger outside network.

0:02:04.920 --> 0:02:08.120
<v Speaker 1>A PC with no wired or wireless connections to the

0:02:08.160 --> 0:02:10.840
<v Speaker 1>Internet would have an air gap. There's no way for

0:02:10.880 --> 0:02:13.320
<v Speaker 1>a hacker to connect to the machine without first gaining

0:02:13.360 --> 0:02:17.200
<v Speaker 1>physical access to it. Even with air gaps, you typically

0:02:17.200 --> 0:02:21.040
<v Speaker 1>have communications and avionics depending upon the same general network.

0:02:21.320 --> 0:02:23.919
<v Speaker 1>The two systems wouldn't have a direct line of communication

0:02:24.000 --> 0:02:27.240
<v Speaker 1>between them, but would refer to some form of common

0:02:27.240 --> 0:02:31.920
<v Speaker 1>communication interface. Air Gaps are more common between passenger networks

0:02:31.960 --> 0:02:34.640
<v Speaker 1>and critical systems. In other words, if you connect to

0:02:34.639 --> 0:02:37.680
<v Speaker 1>the in flight WiFi, you don't magically get access to

0:02:37.720 --> 0:02:41.760
<v Speaker 1>an aircraft's critical systems. That's generally considered a good thing.

0:02:42.120 --> 0:02:44.959
<v Speaker 1>As all sorts of vehicles have become more advanced and connected,

0:02:45.120 --> 0:02:49.000
<v Speaker 1>we've seen multiple examples of poor security implementations that could,

0:02:49.200 --> 0:02:52.440
<v Speaker 1>under the right circumstances, lead to catastrophe. A couple of

0:02:52.560 --> 0:02:55.440
<v Speaker 1>years ago, some security researchers demonstrated that they could hack

0:02:55.440 --> 0:02:59.919
<v Speaker 1>into certain Cherokee models remotely and affect the vehicle's behavior,

0:03:00.080 --> 0:03:03.920
<v Speaker 1>including the sound system, windshield wipers, and even the accelerator.

0:03:04.200 --> 0:03:07.840
<v Speaker 1>This was a fairly recent development. Previously, security experts needed

0:03:07.880 --> 0:03:10.200
<v Speaker 1>physical access to a vehicle in order to make a

0:03:10.280 --> 0:03:14.640
<v Speaker 1>wired connection between their computers and the cars onboard computer system.

0:03:14.800 --> 0:03:18.560
<v Speaker 1>As we've trended more toward a wireless infrastructure, opportunities to

0:03:18.680 --> 0:03:23.480
<v Speaker 1>exploit vulnerabilities have increased. So how do you fix it? Well?

0:03:23.520 --> 0:03:26.560
<v Speaker 1>In the case of cars, it requires massive recalls to

0:03:26.600 --> 0:03:29.680
<v Speaker 1>address hardware in some cases, but in others you can

0:03:29.760 --> 0:03:32.440
<v Speaker 1>fix it with a software patch, which, depending upon the

0:03:32.440 --> 0:03:35.680
<v Speaker 1>problem and the car manufacturer, might allow owners to download

0:03:35.680 --> 0:03:39.000
<v Speaker 1>the update directly to their vehicle without leaving the driveway.

0:03:39.040 --> 0:03:43.600
<v Speaker 1>But with planes, it's a little more complicated. According to

0:03:43.800 --> 0:03:46.760
<v Speaker 1>Robert Hickey, who is an aviation program manager at the

0:03:46.800 --> 0:03:51.200
<v Speaker 1>Department of Homeland Securities Science and Technology Director at Cybersecurity Division,

0:03:51.560 --> 0:03:54.839
<v Speaker 1>any fixed for Boeing aircraft would be both time consuming

0:03:54.960 --> 0:03:59.000
<v Speaker 1>and expensive. Specifically, he said quote the cost to change

0:03:59.040 --> 0:04:01.480
<v Speaker 1>one line of code on a piece of avionics equipment

0:04:01.520 --> 0:04:05.120
<v Speaker 1>is one million dollars and it takes a year to implement.

0:04:05.480 --> 0:04:08.360
<v Speaker 1>Hickey said that newer aircraft models have better security measures,

0:04:08.400 --> 0:04:12.480
<v Speaker 1>but that's not a huge comfort since the commercial aircraft

0:04:12.480 --> 0:04:15.680
<v Speaker 1>in operation are legacy models, which means they are older

0:04:15.720 --> 0:04:19.240
<v Speaker 1>models that lack the latest security measures. So in short,

0:04:19.560 --> 0:04:22.440
<v Speaker 1>there is a relatively simple hack that relies on radio

0:04:22.440 --> 0:04:26.359
<v Speaker 1>communications devices that anyone could get through airport security and

0:04:26.400 --> 0:04:30.159
<v Speaker 1>potentially compromise the communication system on an aircraft. Whether you

0:04:30.240 --> 0:04:32.680
<v Speaker 1>maintain control of the system once the aircraft moves out

0:04:32.720 --> 0:04:36.080
<v Speaker 1>of transmission range hasn't been discussed, and maybe that you'd

0:04:36.120 --> 0:04:39.240
<v Speaker 1>have enough influence to prompt to flight cancelation and that's it.

0:04:39.640 --> 0:04:43.120
<v Speaker 1>That's still incredibly disruptive. Of course, the larger fear is

0:04:43.160 --> 0:04:45.839
<v Speaker 1>that you'd have a perpetual back door into a plane's

0:04:45.880 --> 0:04:49.000
<v Speaker 1>onboard network, and there's always the concern that somehow in

0:04:49.040 --> 0:04:51.760
<v Speaker 1>the future hackers will find a way to affect avionics

0:04:51.839 --> 0:04:55.400
<v Speaker 1>and not just communications. There are hard lessons to learn

0:04:55.400 --> 0:04:57.560
<v Speaker 1>in the information age, and it seems like we must

0:04:57.640 --> 0:05:00.440
<v Speaker 1>relearn some of them every year. We have to keep

0:05:00.480 --> 0:05:03.200
<v Speaker 1>in mind that along with all the benefits wireless technologies

0:05:03.200 --> 0:05:06.280
<v Speaker 1>have to offer, there are potential drawbacks. If we keep

0:05:06.320 --> 0:05:08.839
<v Speaker 1>that in mind from the start, we're more likely able

0:05:08.839 --> 0:05:11.320
<v Speaker 1>to address design flaws before they become part of a

0:05:11.360 --> 0:05:14.520
<v Speaker 1>final product. That's all for today. To learn more about

0:05:14.600 --> 0:05:18.640
<v Speaker 1>internet security, avionics, the science of flight, and more, subscribe

0:05:18.680 --> 0:05:21.160
<v Speaker 1>to The Tech Stuff podcast. We publish on Wednesdays and

0:05:21.200 --> 0:05:23.240
<v Speaker 1>Fridays and do a deep dive in all things in

0:05:23.240 --> 0:05:25.720
<v Speaker 1>the world of technology. I'll see you against It.