So far, there has been no public discussion about the possibility that the two recent crashes involving Boeing 737 Max 8 airplanes were caused by a cyber attack. Both crashes occurred shortly after takeoff in countries known for recent terrorist activity. We know that there are a number of factors that appear to play an important role in what transpired.
The downed planes were Boeing 737 Max 8’s. News reports indicate that the Maneuvering Characteristics Augmentation System (“MCAS”) experienced erroneous readings that caused the planes’ auto correction systems to send both planes into a downward descent shortly after take off. Both planes lacked the alert sensor that Boeing provides as an optional add on, which would have identified the problems and alerted the pilots. Pilot training appears to be a part of the problem. Just the day before the Lion Air plane crashed, that same plane experienced the same problem with MCAS, but because a more knowledgeable pilot onboard that same plane knew to disengage MCAS, the plane was able to escape the sensor induced downward descent.
Some point to Boeing as being responsible, but the media has yet to consider the potential that both of these aircraft accidents could have been caused by a cyber attack, using recently disclosed research to compromise the planes’ sensors.
As an interesting note, both crashes occurred in areas of hot-bed terrorist activity. Addis Ababa, Ethiopia, where this month’s crash took place, is on a UK Travel advisory list for past Terrorist activity.
Last year, ISIS launched terrorist attacks in Jakarta, Indonesia, according to the New York Times, where the first ever such crash of a Boeing 737 Max 8 took place.
Security researchers have demonstrated the ability for acoustical emanations to alter sensors on gyroscopes and other micro electro mechanical systems (“MEMS”) sensors such that they cause a malfunction. Essentially, the attack is akin to an opera singer who cracks a wine glass by belting out a tone that matches the resonant frequency of the wine glass. Targeted sound that matches the resonant frequency of the airplanes MEMS chips can cause malfunctioning to occur. To be successful, the attacker must know the resonant frequency of the chip and have close enough proximity to generate enough decibels of sound to cause interference with the target. Such interference could potentially be generated by a passenger on board the aircraft using readily available technology, or from the air via delivered via a drone or from a nearby attacker on the ground, or in the water.
Researchers from the University of Michigan published their findings in 2017 detailing how acoustical attacks can compromise MEMS sensors embedded in various devices, from smartphones, autonomous vehicles, to drones and more.
The University of Michigan researchers explain the ease and practicality of launching such an acoustical attack on a target as follows:
“Short answer: it depends on the target sensor and system. Launching a successful acoustic attack against an autonomous system to alter its behavior depends on three requirements:
- Delivery of high amplitude, and arbitrarily modulated, acoustic interference in close proximity to the target MEMS sensor
- Knowledge of the resonant frequency of the target MEMS sensor
- Knowledge of the sensor data processing and behavior controlling algorithm(s) of the target autonomous system”
As it pertains to the first point, both of the recent crashes occurred shortly after take off. A passenger, vehicle or drone carrying such a sonic device capable of impacting the sensor controlling the plane could have been responsible for such an attack. It is a distinct possibility that an attacker devised a sonic weapon that could cause acoustical interference with the MCAS sensor responsible for correcting tilt and preventing the stalling of the plane. No such crashes of Boeing 737 Max 8’s have occurred in the U.S., or any other major leading industrialized nation as of this date. Many leading Industrialized nations have taken strict measures to secure the ground and airspace surrounding airports against terrorist attacks.
With recently reported compromises of Boeing reported last year, it is possible that information pertaining to the resonant frequency of the MCAS sensor was released into the hands of terrorists. Also possible, someone working for an airline or having access to one of the Boeing 737 Max 8’s could have determined the resonant frequency of the MCAS through trial and error, or other means.
There has been no proof produced so far that shows these two unfortunate events were a direct result of terrorist activities.
In my opinion, it is best that the public consider this threat, evaluating and helping to ensure that such an attack does not happen in the future.
I think it would behoove Boeing to sponsor a hacking competition at DEFCON, or one of the other popular cyber security conferences, awarding prizes for any that are able to devise a successful attack on their MCAS sensors perhaps mounted on drones. This is good for many reasons. If no one is able to exploit the MCAS using sonic radio frequency emissions, the public will have much greater confidence that the 737 Max 8 problems were timely communicating the system’s malfunctioning to the pilots and effective training of the pilots to quickly mitigate such future problems.
The decision by the FAA to ground the 737 Max 8’s I believe was a smart one. Boeing has demonstrated responsible leadership in making prompt software changes and declaring its intent to include the formerly optional malfunction sensor as standard equipment on all 737 Max 8 airplanes moving forward. Boeing is already working on fixes to their software that will allegedly help prevent such a future situation. The airlines I am sure will take this time period to improve pilot training, while the plans continue undergoing scrutiny to prevent future mishaps that took down these two planes causing massive losses of lives.
Imagine for a moment had the FAA not grounded the planes, and the attack was by terrorists using a constructed sonic weapon. The risk of a coordinated attack domestically and internationally could have produced a result that would make 9/11 look small by comparison. There were roughly 376 Boeing Max 8’s delivered to date. If one tenth of this number were attacked simultaneously, and each plane had an average of 180 passengers on board, more than 6,000 passenger lives alone could be lost.
Inviting security researchers to publicly try to hack Boeing’s latest top seller, could be a key to Boeing helping to make the 737 Max 8 one of the safest planes around.
The Hacker / Cyber Security Conference known as DEFCON created a voting village in 2018, inviting more than 25,000 hackers to demonstrate how easy it is to hack election equipment. The end result of this exercise hopefully will lead to more secure elections. Boeing might also benefit from inviting this public scrutiny to help regain the public’s trust and confidence.
I can see that Boeing is taking smart measurable actions to help prevent what happened over the last half year in Ethiopia and Indonesia.