TechCrunch Disrupt Europe 2014: Photos, commentary and the Startup Battlefield LIVE

Feedback

Is it possible Malaysia Airlines Flight MH370 was hijacked by cyber attack?

SecurityFeatures
by Paul Cooper
, 12 Mar 2014Features
Is it possible Malaysia Airlines Flight MH370 was hijacked by cyber attack?

Malaysia Airlines Flight MH370, a Boeing 777 with 239 passengers and crew on board, departed Kuala Lumpur in Malaysia on 8 March at 12:21am local time en route to Beijing.

At around 01:05am, in clear weather just off the coast of Vietnam, it disappeared without a trace.

As multinational rescue crews scramble to find any sign of the plane over an area covering two enormous corridors of land and sea, and the mystery of the stolen passports, we at ITProPortal examine the evidence that the disappearance could be a frightening new turn in the development of cyber weapons.

This might seem far-fetched. In fact, it is far-fetched. But as our world increasingly relies on Internet-connected devices, the number of attack vectors has increased accordingly – and if there's one thing our regular readers will know, it's that the crackpot theories of today too often become the imminent threats of tomorrow.

Let's put our tinfoil hats on and take a look at all the possibilities.

Hacking the ADS-B network

There's certainly something very weird going on with the disappearance of Flight MH370. In the early hours of 12 March, the Malaysian military confirmed reports that there was a possible radar sighting of MH370 on Malaysia's West coast, hundreds of miles away from where it lost radio contact with controllers.

The sighting was 45 minutes after the aircraft vanished from air traffic control screens midway between Malaysia's east coast and Vietnam.

In October last year, security firm Trend Micro astounded authorities by exposing major flaws in one of the world's largest GPS tracking networks.

White hat hackers working for Trend were able to control certain providers of the Automatic Identification System (AIS), the guidance system used by around 400,000 ships around the world, and required by law to be equipped on all ships with a gross weight of over 300 tonnes.

With only a £600 piece of equipment, Trend were able to manipulate the path of vessels to such an extent that they were able to write the word "pwned" with the course of one vessel off the coast of Italy.

Another experiment allowed the team to make a real tugboat travelling down the Mississippi disappear and reappear on a lake in Dallas, over 340 miles away.

Security concerns surrounding civilian maritime GPS have been raised in the past, when a £49.5 million yacht was lured off course by a team of Texas researchers, who fed incorrect GPS coordinates to the captain. They also managed to convince the ship's GPS that it was underwater.

Could some variant on the AIS hack be behind the mysterious disappearance of Flight MH370?

Flights are tracked globally by an enormous worldwide network not dissimilar to the AIS. Flight tracking services like Flightradar24 and FlightAware use more than 3,000 land-based Automatic dependent surveillance-broadcast (ADS-B) receivers to create their flight maps.

The ADS-B transponder in the plane's black box periodically transmits to these receivers, ensuring that the system can pinpoint the exact location of any large aircraft around the globe.

While the systems operate in very similar ways, the major difference is the cost of the equipment required. While the AIS is meant to be accessible to most ship owners, the equipment used to transmit flight data is considerably more expensive.

Not too expensive for a nation state, you might think.

For instance, could everyone's least favourite rogue state, North Korea, be experimenting with bringing down, hijacking or even stealing passenger aircraft and causing them to disappear from the guidance systems?

Or some kind of vastly-overfunded and largely unaccountable spy agency, say?

It's certainly not likely, even if we wedge those tinfoil hats down over our eyes and ears, we have to acknowledge that there's a simpler explanation.

That is, that the ADS-B's guidance coverage becomes very patchy once aircraft travel a certain distance from receivers.

"Due to the high frequency used (1090-MHz) the coverage from each receiver is limited to about 150-250 miles in all directions depending on location," one ASD-B company, Flightradar, told the press.

"The farther away from the receiver an aircraft is flying, the higher it must fly to be covered by the receiver. The distance limit makes it very hard to get ADS-B coverage over oceans."

Flight MH370 disappeared 120 nautical miles, or 138 miles (222.24km) off the east coast of the Malaysian town of Kota Bharu, and significantly further from the closest ADS-B relay.

What's more, ADS-B coverage for Malaysia and Southeast Asia in general is quite poor, as can be seen from this coverage map

Indeed, Ho Chi Minh City, near where flight MH370 is thought to have gone down, is listed by FlightAware as one of the world's "major metropolitan areas that currently lack significant coverage".

So maybe cracks are starting to appear in the tinfoil – but the mysterious second radar sighting by the military has yet to be explained.

Bringing down a plane through hacking

Back in April, a German security consultant and ex commercial pilot Hugo Teso had aviation agencies on his trail after developing an Android app that he claimed could remotely attack and take full control of an aircraft.

The presentation called 'Aircraft Hacking: Practical Aero Series' by Hugo Teso became the highlight of the Hack In The Box security conference in Amsterdam, terrifying most of those who had presumably flown in to attend the event.

Teso claimed he had developed the terrifying ability to make aircraft "dance to his tune."

The problem was, it wasn't true. Teso was basing his findings on the training software use by trainee air traffic controllers, and not the actual operational software.

"This presentation was based on a PC training simulator and did not reveal potential vulnerabilities on actual flying systems," an EASA statement said. "There are major differences between a PC based training FMs [flight management system] software and an embedded FMS software."

The version Teso used does not include the same overwriting protection and redundancies that certified flight software does, the agency said.

The FAA agreed, saying in a statement that it has "determined that the hacking technique described ... does not pose a flight safety concern because it does not work on certified flight hardware."

Teso's technology, in fact, cannot engage or control the plane's autopilot or prevent a pilot from overriding the autopilot, the FAA said. "Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."

The possibility is again pretty remote – but many of the guidance and control systems created for modern aircraft were designed before the possibility of hacking over the network was totally appreciated. While it may not have happened this time, we hope that aircraft manufacturers and aviation authorities are taking the threat as seriously as they can.

Update: The water has been muddied still further by the disclosure that 20 passengers on board were employed by Freescale, a semiconductor company that also carries out defence contracts for the US Department of Defence. A coincidence? Probably. But it's had the effect of stirring up the Internet's conspiracy community no end.

But where is the black box?

This has been one of the most persistent mysteries surrounding the disappearance of flight MH370.

There are two "indestructible" shoebox-sized devices located towards the tail of most aircraft, which aid aviation companies in determining the cause of an accident.

One is a digital flight data recorder (FDR) which records parametric data such as airspeed, altitude, heading, pitch and instrumental readings such as cabin pressure and engine temperature.

The other device is the cockpit voice recorder (CVR), which records dialogue and radio communication in the cockpit.

When submerged in water, the black boxes are designed to begin "pinging" with underwater locator beacons, which help recovery teams to pinpoint their location. However, black boxes are certainly not as indestructible as they're often painted to be – just very, very hardwearing.

There are countless examples of black boxes being recovered split in two, or completely destroyed. For instance, neither of the flight recorders for the American And United Airlines flights that crashed into the World Trade Centre on September 11th 2001 were ever recovered.

So far, no ping has been detected from MH370's flight recorder. This could mean either that the plane didn't crash over water, or that at least the locator component of the black box has been catastrophically damaged.

It's not impossible that the flight recorder will eventually be recovered. In the 2009 Air France Flight 447 disaster, the data recorders were not found until nearly two years after the accident, after an extensive search which cost millions of dollars. However, the list of unrecovered flight recorders gets longer with almost every disaster. 

The deepest a flight recorder has been recovered was the case of South African Airways Flight 295, where the cockpit voice recorder was recovered 16,000 feet (4,900 m) under the ocean.

Conclusion

Rather frustratingly, this isn't the kind of accident that readily yields conclusive answers. Like the debris of these lost aircraft, recent history is littered with unanswered questions that spawn a series of compelling conspiracy theories.

As more information comes out over the next days and weeks and months, we may get closer to the truth of what happened to flight MH370 – but we may never really know what happened to the passenger aircraft and the 239 people who disappeared along with it.

Read more: The year the NSA hacked the world: A PRISM timeline

Topics
blog comments powered by Disqus