Malaysia Airlines Flight MH370: Could Jet's System Have Been Hacked?

A document filed on the US Federal Register website indicates that aircraft manufacturer Boeing applied to have additional security installed aboard some of its 777 series of airplanes five months ago to prevent onboard hacking of critical computer systems.

Boeing said that it was upgrading the 777-200, 777-300 and 777-300ER series of passenger jet with a new onboard network system.

The concern was that the passenger inflight entertainment system would be connected to critical systems for managing the safety and maintenance of the aircraft.

Passenger seatback entertainment systems come with ethernet and USB ports, which would in theory enable access to a hacker to the critical computer systems.

Boeing asked the Federal Aviation Administration to alter its licence to allow it to add a "network extension device" to separate the various systems from each other.

That would prevent accidental or delibarate tampering with the critical system.

Unauthorised access

"This proposed data network and design integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane," the document reads.

"The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems. Furthermore, regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be caused by unauthorised access to aircraft data buses and servers."

The Federal Aviation Administration approved the licence change and told Boeing that the new system design had to protect against "unauthorised sources internal to the airplane" and "prevent inadvertent and malicious changes to, and all adverse impacts upon, airplane equipment, systems, networks, or other assets required for safe flight and operations".

Boeing also had to make sure that adding the network extension device followed safety guidelines and would not have an impact on the aircraft's flying capability.

Could a problem with the software keeping the plane's computer systems separate have led to accidental tampering with the critical systems?

New Scientist is reporting that the Malaysia Airlines jet sent out at least two bursts of technical data using the Aircraft Communications Addressing and Reporting System (ACARS) before it disappeared. The useful engine data relates to critical flight systems and avionics.

Although Malaysia Airlines said that the plane made no distress calls, the engine data may hold clues. According to International Civil Aviation Organisation rules, such reports are normally kept secret until air investigators need them.