November 14, 2011, 11:18 AM — It appears, however unlikely it sounds, as if it may be possible to hack into the engine-control systems of some Boeing 747s through the passenger-accessible entertainment system.
If it's possible – and practical enough to actually be done without an unreasonable amount of time or equipment – the flaw could make completely irrelevant how much explosive a wannabe terrorist tries to conceal in his or her underwear.
The tip, which is making a somewhat delayed circuit of security-news blogs this week, comes from Craig S. Wright, who wrote on Sept. 24 that his IT-security auditing team found the flaw "a while back now," while checking the networks and circuitry in Boeing 747s.
Corey Doctorow at BoingBong.net picked it up the following day.
Wright's revelation comes in an odd form: an answer to another blogger's fact-checking of the assertion that industrial-control SCADA systems are not usually connected to the Internet and are, therefore, not easily hackable.
Not so, according to Wright, who runs his own security consulting business, Information Defense, in Bagnoo, New South Wales, Australia and is Director of the Australia/Asia-Pacific division of the security-professionals group Global Institute for Cybersecurity + Research. He blogs regularly here.
According to Wright's reply, most SCADA and other high-security systems used to be "air gapped" – that is, there was a gap between the nearest wire that could connect them to an outside network and the machine itself. They no long are, however.
Tell me again about hacking 747 engines?
As just an example of how long SCADA systems have been vulnerable, Wright mentions, halfway down the post, that he was on a team "a while back now" that discovered the IP-based video system could allow hackers to get at the SCADA systems that controlled far more important systems: