Currently the world is in the grip of a mystery. What happened to Malaysia Airlines Flt. 370? Everything we know about the flight is as follows.
12:41 AM – Flight 370 departed Kuala Lumpur airport in route to Beijing with 227 passengers and 12 crew members. Among the passengers were two Iranian men with stolen passports. The aircraft was a Boeing 777-200ER. The flight was 2,700 miles and scheduled to land in Beijing at 6:30AM.
1:30 AM – 45 minutes after take-off air traffic controllers in Subang, just outside of Kuala Lumpur, reported contact with the flight was lost somewhere between Malaysia and Vietnam. At this time the aircraft transponder ceased operating.
2:40 AM – A senior Malaysian Air Force official reported that the last radar track showed Flt. 370 over the island of Pulau Perak in the Straits of Malacca. This location is hundreds of miles off course in the opposite direction of its intended destination. The validity of this information is unconfirmed. At this point radar contact was lost.
No one exactly knows what happened to Flt. 370 or where it eventually ended up.
We live in a technology driven age. Our technology has been our greatest blessing and now it may have become out greatest curse.
One of the greatest weaknesses of the technology age, specifically the age of wireless communication, is that it is vulnerable to interference. Sometimes this interference is natural such as solar flares or magnetic activity. Sometimes it’s man-made interference such a static electricity or other radio interference from the many transmitters that seem to be everywhere. And most sinister of all, intentional interception, disruption and manipulation of radio signals.
If you have ever flown on a commercial aircraft you know that flight attendants instruct the passengers to turn off all electronic devices during take-off and landing. Why? Because these instruments, such as cell phones, can interfere with aircraft equipment. This includes navigational equipment.
Many modern aircraft, including the Boeing 777, use an extensive array of computers and electronic gear. These modern aircraft no longer use the wires and pulleys to control the aircraft but instead use a computer controlled fly-by-wire technology. This technology actually takes the input from the pilots, through the aircraft controls and translates them into electronic signals that are transmitted to the wings and other control surfaces.
Modern aircraft are capable of flying with almost no human input using modern GPS technology and computer autopilots. That is the vulnerability I am about to examine.
Planesploit is an Android app that was created by Hugo Teso, a security researcher and commercial pilot. Teso claims his app can allow someone to take control of an aircraft from the ground. In March of 2013 at the Hack-In-The Box conference in Amsterdam Teso demonstrated his app. Using an Android phone, a radio transmitter, flight management software and his knowledge of hacking he changed the flight path of an aircraft. Teso showed that with enough skill and technology an aircraft can be hacked and controlled from outside the cockpit. “You can use this system to modify approximately everything related to the navigation of the plane,” Teso told Andy Greenberg of Forbes magazine, adding, “that includes a lot of nasty things.”
Theory – Iranian men boarded the aircraft with the other passengers using stolen passports. These men are highly trained hackers with specific knowledge of the control systems of the Boeing 777 that was Flt. 370. The men were carrying all the technology they needed to take over the aircraft by hacking into its computer system. How is this possible?
The Boeing 777 is capable of transmitting and receiving numerous signals carrying data back and forth to ground and satellite receivers and transmitters. As we know the aircraft is suspected of flying for up to four hours after all contact was lost. Data from the engines was being transmitted for that long to aircraft and engine manufacturers via satellite.
Once the flight was beyond range of ground radar the men went into action. Using their radio transmitters and software they began the process of isolating the plane from the outside world. They knew of the frequencies the aircraft received data on including navigation signals for the on board GPS. Utilizing this knowledge the men disabled the radio transceiver. This prevented the pilots from calling for help. The pilots probably realized something was wrong and were trying to correct the problem.
The men then disabled the transponder. Now the plane was completely isolated.
Once the aircraft communications was muted the men then hacked into the flight control systems and downloaded instructions into the autopilot telling the aircraft to change direction and fly away from the intended path. As part of the hack the men locked all control of the autopilot from the pilots and now had complete control of the aircraft. The pilots were probably working desperately to re-gain control of the aircraft but did not realize what was happening. In all likelihood the plane flew far into the Indian Ocean until it ran out of fuel and crashed.
I should point out that this capability does indeed exist and has been used before. In December of 2011 the Iranian government claimed to have hacked into the control systems of an unmanned U.S. aerial reconnaissance vehicle and safely landed it. The Iranians claimed the feat was accomplished by its cyber warfare unit. U.S. officials offered several reason as to how the drone ended up in Iranian hands including engine failure and computer and guidance systems malfunction resulting in the drone crashing.
The Federal Aviation Administration has said that Teso’s app could not work. In a statement to SecurityWeek.com the FAA stated, “The FAA is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer,” the statement said.
“The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware. The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain “full control of an aircraft” as the technology consultant has claimed.”
This statement was issued in 2013. But it does not take into account the fanatical determination of dedicated terrorist who used Teso’s app as a starting point.
This is only a theory. I am not an expert. I am not a conspiracy theorist. But it is very, very possible.