Is it really possible to hack a 747's engines in-flight?

Apparently it's possible through the IP video system. But don't put it high on your worry list.

It appears, however unlikely it sounds, as if it may be possible to hack into the engine-control systems of some Boeing 747s through the passenger-accessible entertainment system.

If it's possible – and practical enough to actually be done without an unreasonable amount of time or equipment – the flaw could make completely irrelevant how much explosive a wannabe terrorist tries to conceal in his or her underwear.

The tip, which is making a somewhat delayed circuit of security-news blogs this week, comes from Craig S. Wright, who wrote on Sept. 24 that his IT-security auditing team found the flaw "a while back now," while checking the networks and circuitry in Boeing 747s.

Corey Doctorow at BoingBong.net picked it up the following day.

Wright's revelation comes in an odd form: an answer to another blogger's fact-checking of the assertion that industrial-control SCADA systems are not usually connected to the Internet and are, therefore, not easily hackable.

Not so, according to Wright, who runs his own security consulting business, Information Defense, in Bagnoo, New South Wales, Australia and is Director of the Australia/Asia-Pacific division of the security-professionals group Global Institute for Cybersecurity + Research. He blogs regularly here.

According to Wright's reply, most SCADA and other high-security systems used to be "air gapped" – that is, there was a gap between the nearest wire that could connect them to an outside network and the machine itself. They no long are, however.

Tell me again about hacking 747 engines?

As just an example of how long SCADA systems have been vulnerable, Wright mentions, halfway down the post, that he was on a team "a while back now" that discovered the IP-based video system could allow hackers to get at the SCADA systems that controlled far more important systems:

"They [Boeing] had added a new video system that ran over IP. They segregated this from the control systems using layer 2 - VLANs. We managed to break the VLANs and access other systems and with source routing could access the Engine management systems.

For those who do not know, 747's are big flying Unix hosts. At the time, the engine management system on this particular airline was Solaris based. The patching was well behind and they used telnet as SSH broke the menus and the budget did not extend to fixing this. The engineers could actually access the engine management system of a 747 in route. If issues are noted, they can re-tune the engine in air.

The issue here is that all that separated the engine control systems and the open network was NAT based filters. There were (and as far as I know this is true today), no extrusion controls. They filter incoming traffic, but all outgoing traffic is allowed. For those who engage in Pen Testing and know what a shoveled shell is... I need not say more." – Craig S. Wright, Information Defense, Sept. 24, 2011.

So far this is all unconfirmed by Boeing – and my call can't be the only one in line to be answered or ignored. It's not unreasonable to think it may be true.

In 2010 the FAA published requirements that Boeing document the potential that its model 747-8 and 747-8F could be hacked, after imposing similar requirements on its earlier, smaller, most-advanced 787 jet in 2008.

Airbus has faced similar questions about the hacking risk in its A350 and A380 passenger liners.

So, next time you fly, let the TSA worry about who may be wearing explosive shoes or underwear.

You keep your eyes peeled for someone working a little too hard at connecting with the onboard network.

Don't worry about onboard hacking from the usual sources of system penetrations, though. Cracking engine systems from inside a plane during flight may earn bragging rights for those driven by ego. The chance to post "Target down" comes with too much risk the hacker will join it very shortly.

There's also not much chance to monetize the access, so most of the commercial hacking outfits wouldn't be interested, either.

It's entirely possible that someone smart enough to crack the engine systems could build a program to automate the whole thing and hand off the suicide mission to some other volunteer.

Anyone willing to pack their underwear with explosives for any reason, let alone board a plane in that condition, wouldn't think twice about playing hacker video games to bring the plane down.

So it may be possible, but the chance of it happening is whittled down considerably by Occams's Razor.

If all you want to do is bring down the plane you're riding in, there must be plenty of ways that are easier and more reliable.

If you were the volunteer, you wouldn't want to have to go back to your controller in the international terrorist conspiracy and admit the plot failed because the networking driver on your laptop got corrupted while you were playing Modern Warfare 3 in the hotel room the night before.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies