Hacking and Hijacking

As each day passes since the disappearance of Malaysian Airlines Flight 370, it becomes less likely we’ll ever know exactly what happened on board the Boeing 777 jet that abruptly changed course on its way to Beijing from Kuala Lumpur.

Investigators are focusing on mysterious activities in the jet’s cockpit, where electronic communications beacons apparently were manually shut off and a new course was entered into the plane’s flight control computer. According to the latest reports, this happened a few minutes before the final verbal message from Flight 370 to ground control in Malaysia, an eerily calm “goodnight” from whomever was flying the plane.

But what if the pilots had nothing to do with these manipulations and didn’t even realize anything was amiss? Could a passenger have accessed the flight control system from his seat and taken over without ever entering the cockpit? Is it possible a design flaw in the 777-200 left an opening for a hijacking hacker?

Far-fetched, you say? Well, it turns out that six years ago Boeing nearly rolled out a new jetliner with just such a design flaw.

Early in 2008, Boeing was ramping up production of its new 787 Dreamliner in anticipation of a commercial roll-out scheduled for July of that year. The only thing standing in the way of 787s joining the fleets of major airlines was certification by the Federal Aviation Administration that the aircraft was ready for commercial use.

On Jan. 2, 2008, in a notification published in the Federal Register, the FAA told Boeing it was required to make sure that computers governing flight control systems on the new 787 were not vulnerable to hacking from passengers using in-flight Internet access, a new service Boeing was introducing with the 787.

According to a report in SCmagazineUS.com, a leading Internet security publication, the computer network in the passenger compartment of the 787 was the first in the industry designed to give passengers in-flight Web access. However, according to the FAA notification, Boeing had designed the system so that the 787’s flight control, navigation and communications systems were connected to the same network.

“These novel or unusual design features are associated with the connectivity of the passenger domain computer systems to the airplane’s critical systems and data networks. For these design features, the applicable airworthiness regulations do not contain adequate or appropriate safety standards for protection and security [of systems and networks] against unauthorized data,” the FAA notification stated.

In other words, if the flight controls and passenger Internet service are connected to the same network, this may enable a passenger to hack into the controls.

In its notification, FAA issued final “special conditions” for certification of the 787 requiring Boeing to ensure that the aircraft’s design prevented “all inadvertent or malicious changes to, and all adverse impacts upon, all systems, network, hardware, software and data in the Aircraft Control Domain and in the Airline Information Domain from all points within the Passenger Information and Entertainment Domain.”

We don’t know what possessed Boeing to take a one-network-fits-all approach to its design of the 787 systems (we suspect bringing down the cost of building the aircraft had something to do with it), but the concern about this design was so great that the Airline Pilots Association (ALPA) asked the FAA to order Boeing to provide 787 flight crews with “backup means” to disable passengers’ ability to connect with the aircraft’s computer system.

According to the SC.com report, the FAA declined to issue the order requested by ALPA, stating that it “would prefer not to dictate specific design features to [Boeing] but rather to allow [it] the flexibility to determine the appropriate security protections and means to address all potential vulnerabilities and risks posed by allowing this access.” FAA noted that the special conditions imposed in its notification did not preclude Boeing from acting on its own to provide pilots with a manual or automatic override of passengers’ access to the computer system.

The FAA’s 2008 notification to Boeing regarding the 787 was criticized at the time by Boeing’s main competitor, Airbus, which also was racing to introduce in-flight Web service for passengers on its commercial jets.

Airbus complained that FAA’s special conditions for the 787 implied a “zero tolerance” that was “impossible” to comply with, according to the SC.com report. The European aircraft giant said it preferred “a less categorical requirement which allows more flexibility and does not prevent possible residual vulnerabilities if they are assessed as acceptable from a safety point of view.”

It might be useful here to point out that, before the 9/11 attacks, carrying a box cutter onto an airplane had been “assessed as acceptable from a safety point of view.”

We don’t know how Boeing addressed the network security issue on the 787 or whether their fix completely eliminated the possibility that someone could hack into the aircraft’s flight control system from the passenger compartment. We also don’t know whether the long-range 777-200 commercial jets Boeing built in the mid-2000s (Malaysian Airlines Flight 370 was one) incorporated network technology developed in tandem with the 787 system.

But we do know that an airplane is missing, someone was monkeying around with the controls and some of the best aviation investigators in the world can’t figure out exactly how or why they did it.

Perhaps it’s time to stop treating in-flight Internet service for passengers as an “acceptable vulnerability” and move it into the “prohibited” category, next to the box cutters and other dual-purpose devices that aren’t allowed on board an aircraft.