As the search for the missing Malaysia Airlines Flight MH370 continues, investigators have come across some startling evidence that the plane could have been hijacked using a mobile phone or even a USB stick. The theory comes from a British anti-terrorism expert who says cyber terrorists could have used a series of “codes” to hack the plane’s in-flight entertainment system and infiltrate the security software.
According to Sally Leivesley, a former scientific adviser to the UK’s Home Office, the Boeing 777’s speed, direction and altitude could have been changed using radio signals sent from a small device. The theory comes after investigators determined that someone with knowledge of the plane’s system intentionally flew the jet off course.
“It might well be the world’s first cyber hijack,” Leivesley told the U.K.’s Sunday Express. “This is a very early version of what I would call a smart plane, a fly-by-wire aircraft controlled by electronic signals.”
Leivesley said that the evidence increasingly indicates that someone took over the plane’s controls “in a deceptive manner” and overwhelmed the plane’s system either remotely or from a seat on the plane.
“There appears to be an element of planning from someone with a very sophisticated systems engineering understanding,” she said. “When the plane is air-side, you can insert a set of commands and codes that may initiate, on signal, a set of processes.”
Investigators have also proposed that the pilots themselves could have switched the plane’s communication equipment off and redirected the plane west, but officials say it would have been very difficult for them to make the plane disappear from radar. Commercial aviation pilots who spoke with NPR said shutting down the system, which is designed to automatically communicate with ground control stations, is far more complicated than throwing a single switch.
“They said you'd have to go through big checklists, you'd have to possibly pull circuit breakers if you wanted to deactivate [all the communications equipment],” NPR’s Geoff Brumfiel told “All Things Considered” host Robert Siegel. “So, to do this, you'd have to have some degree of premeditation and a lot of knowledge of the aircraft.”
Further evidence supporting the cyber hijack theory comes from the fact that Boeing had previously expressed concern over the security of the plane’s systems, and had even contacted the U.S. Federal Aviation Administration for permission to change some of the onboard equipment. In August 2012, Boeing applied to have additional security installed aboard several of its 777 series aircraft.
Boeing was concerned that the aircrafts’ inflight entertainment system, which includes USB connections, could allow hackers to access a plane’s computer. The Federal Aviation Administration granted Boeing permission to change its inflight systems five months ago.
"The integrated network configurations in the Boeing Model 777-200, -300, and -300ER series airplanes may enable increased connectivity with external network sources and will have more interconnected networks and systems, such as passenger entertainment and information services than previous airplane models,” the U.S. Federal Register stated in a Nov. 2013 report. “This may enable the exploitation of network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the airplanes and occupants."
Last year, a Spanish researcher showed it was possible to hack a plane using a mobile phone. According to WTOP, during a presentation in April 2013 at the Hack-In-The-Box security summit in Amsterdam, Hugo Teso allegedly proved that with an Android smartphone, a specific “attack code” and an Android app called PlaneSploit, he could hijack both a plane’s system as well as the pilot’s display.
The FAA quickly denied Teso’s assertion that he could remotely commandeer a plane.
"The described technique cannot engage or control the aircraft's autopilot system using the FMS or prevent a pilot from overriding the autopilot," the FAA said in a statement following Teso’s demonstration. "Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."