Sunday 16 March 2014

Was Flight MH370 Cyber Hijacked?

The disappearance of Flight MH370 is turning into one of the biggest mysteries of the age, the evidence is sketchy, everyone seems to have their theory, and the media are running riot with endless speculation. As a security professional I can’t help but wonder whether there was a cyber element to the incident, especially given the high amount of technology used in modern fly-by-wire jet planes like the Boeing 777-200ER.

Was Flight MH370 Cyber Jacked?

I have managed and consulted with many cyber security incidents over the years, but the following will be my own conjecture. When I usually deal cyber incidents, my golden rule is to only deal with the facts and the evidence, and saving any speculation for the Sherlock Holmes fan club. But with this incident I am allowing myself the luxury of exploring potential cyber attack possibilities with the MH370 flight disappearance, as over the week quite a few people have asked me whether the flight could have been hacked, the ‘cyber jacking’ speculation will only grow after today’s headlines in today's Sunday Newspapers.

So lets start with the facts, we now know flight MH370’s transponder and the Aircraft Communications Addressing and Reporting System (Acars) were both disabled while the aircraft was over the South China Sea, and after this the Boeing 777 changed direction, heading West.

Could the transponder and Acars been disabled by a Cyber attack?
It may well be possible to jam a transponder and Acars from within the aircraft cabin, preventing such devices from broadcasting by using fairly basic equipment to swamp these devices receiving and broadcasting frequencies with noise, a denial of service attack if you will. But I think such an attack could also interfere with other aircraft systems and jeopardise the likely objective of the hijack, which appears to be taking control of the aircraft. I believe it is far more rational that the transponder and Acars were disabled by human hand, as it is far simpler to do than a cyber attack, and it guarantees these systems are actually disabled, and then remain disabled indefinitely. The human disablement is given further credence when you consider control of the aircraft had been achieved by the attacker or attackers; as control of the aircraft is proven by the radical course change.

Could the aircraft be remote controlled due to a Cyber Attack?
A Boeing 777 cannot be remotely flown from the ground as far as anyone is aware, but we cannot rule out the possibility that someone sat in the cabin could use a laptop or mobile phone, to infiltrate the aircraft’s computer systems and take control of the aircraft.  A sophisticated fly-by-wire Boeing 777 is reliant on its computer systems to fly, and can fly completely unaided through the autopilot. Attacking the aircraft’s computer systems and changing the autopilot settings is a possibility, however the problem I have with this theory is that autopilot can be overridden by the pilot and co-pilot from within the cockpit. It is very unlikely a hack could lock out the pilot controls and prevent the pilot from radioing such a situation to air traffic controllers. The most plausible explanation is usually the simplest, namely the aircraft is physically controlled by whoever is sat in the cockpit. If you have technical theory on how such attacks could work, please post in the comments as I would be very interested to learn how it could be done, but please go beyond from just mentioning PlaneSploit, and describe how such tools could be used to lock the pilot out from the aircraft controls.

In my view based on the current evidence, I believe we are looking at a sophisticated plane hijack, by a person or persons who have a high degree of expertise in aviation, not cyber security. Although the investigation should not rule out a cyber attack element, I think it is far more plausible to switch off the aircraft tracking and to take control of the aircraft from sitting within the cockpit, than sitting in the cabin with a laptop or mobile phone. We’ll see if my speculation at this time of posting is correct or not over the coming days and weeks, or perhaps even months or years, but lets not give up hope for a positive outcome for the many involved.

No comments: