Last week Boeing announced the release of a software update to address a potential hack with possible safety implications. But what was it?
The idea that a rogue hacker could take over a flight by interfering with an aircraft’s electronics, isn’t new. It has been the subject of many movies and TV shows over the years. The real-world aircraft systems are, thankfully, much harder to tamper with. You might have Wi-Fi in the passenger cabin, but it can’t “talk” to the pilot’s equipment.
However, there are other systems that Airbus, Boeing, and other pilots use – and this hack was about such a system. A hack to these systems may not sound as impressive, but they are systems that pilots use and depend on. This hack involves devices that pilots often use to calculate their aircraft’s performance in the specific conditions of each flight.
A Vulnerable Device?
Commercial pilots call these devices “Electronic Flight Bags”, or EFBs. The rest of us would likely refer to most of them as “iPads”. And if this doesn’t sound very exciting, think again. By their nature, these devices are easier to hack than other aircraft equipment – something that Boeing has to take into account. Some aircraft use dedicated portable devices (instead of commercial tablets) in the same role.
A group of security researchers stated last week that they identified a “digital vulnerability” in these devices and their software. Someone with adequate knowledge of this could modify data in the systems, leading pilots to make critical miscalculations. Crews have to double-check these calculations, using other aircraft systems. But under the right (wrong?) circumstances, a hack could have placed Boeing aircraft and crews in jeopardy.
In its report, cybersecurity firm Pen Test Partners noted:
“If data modification occurs, and the resulting miscalculations are not detected during the crew’s required cross check or verification process, an aircraft could land on a runway too short, or take off at incorrect speeds potentially resulting in a tail strike or runway excursion.”
Boeing EFB Hack – A Likely Problem?
However, it is worth making a couple of points about the real threat level that this hack could have posed for Boeing crews. Firstly, we are using the past tense because Boeing has already resolved this problem. Secondly, Boeing said that it was unaware of any aircraft and/or crew that actually faced this problem.
Finally, for someone to hack such an EFB for a Boeing aircraft, this person would need to have physical access to the device. This and other factors mean that the actual risk of such a hack happening was quite low, even before the fix. Even if a hacker managed it and the crew somehow missed it, “pilots are trained to handle unusual situations”, said the report.
Given the security nature of this matter, neither Boeing nor Pen Test Partners elaborated further on the nature of this potential hack. For pilots, Electronic Flight Bags are replacing a ton of paperwork, plus they handle a lot of calculations that pilots would previously do with pen and paper. Arguably, the risk of making an error in such manual calculations far outweighs any risk from such hacking.
