Could hacking have been behind the crash of a China Eastern 737 NG in a mountainous area of southern China?
China Eastern 737 NG Crash – Was Hacking Plausible Or Impossible?
Yesterday, Kyle laid out a number of viable theories concerning the crash of China Eastern Flight 5735 on March 21, 2022, a Boeing 737-800 NG operating from Kunming (KMG) to Guangzhou (CAN). He left out a couple, one that I would like to focus on in particular today: hacking.
First, however, I think it merits mentioning that cracks were discovered in 2019 on the “pickle fork” of a number of Boeing 737 NG aircraft, first on Qantas and later on others including Southwest Airlines. The pickle fork is the component connecting the wing structure, landing gear, and fuselage. The 737 NG includes four pickle forks: two bracket the rear attachment frame and two bracket the front attachment frame.
At the time, Boeing said inspections revealed “only” about 5% of NG aircraft required repair and that redundant safety features did not make this a critical concern. Even so, it was concerning that these cracks appeared quite prematurely: this included some aircraft with less than 22,000 cycles. It is still debated whether this is an inherent design flaw or a result of improper installation of faulty aluminum alloy.
Concerning China Eastern, the idea a structural issue accelerated the collapse is at least a possibility worth considering: it would not be unprecedented.
But the more interesting theory to me is whether the aircraft was hacked. The Aviation Herald is a great resource for av geeks to really dive deep into issues like crashes and the comments typically represents a fascinating mix of theories from aviation insiders.
Its report on the China Eastern crash includes a number of comments on the possibility that hacking was at play.
For instance, one commenter speculates whether it is possible to breach aircraft systems via bluetooth:
I was asked by a colleague to address the hacking potential.
Simply put, it’s vast. Remote management of the aircraft is viable using a cell phone. It’d be hard to do more than crash. But crashing a plane would be easy.
The displays are linux computers with an old version of opengl (10+ years old). They are networked to the data computers, also older linux. The displays had bluetooth, which is inherently hackable. No effort was made to prevent hacking since it’s not an explicit certification requirement.
Hacking a bluetooth enabled device that does not have a firewall or any real protections is trivial. From displays to data computers is another trivial step since there are no protections.
Once hacked, computers can be made to do anything with or without indication to the crew. It could easily be made impossible for the crew to regain control or even determine they were losing it.
This person later added:
To be clear: I did a PSSA preliminary system safety assessment] for the DCU … the data computer that runs the pitots and sends flight info to the displays. No bluetooth there that I was notified of, however, they did not share entirely complete schematics. A broader topic also clear in my email below.
I don’t have many details I can share. I am not joking about my role, and well this is serious. I am responding bc I care.
First why: bc they got cheap cards from a video game supplier. they had atom cpu’s and tons of ram. The bluetooth chip on the board didn’t cost extra. My tiny military product employer hacked it together for Boeing. It’s hard to imagine, but it is pure garbage.
I didn’t assess the displays. But I was involved with discussions about their design. And the question came up about if the bluetooth chip on the card could be used for dataloading in the cockpit. They have usb as well. In the two cases, I said they have to cut the circuit since such chips on the motherboard are an unmigitated safety risk. Never heard back.
Others dismissed these comments as idiotic and unfounded. That may well be the case: we have not seen a case in which an outside force has remotely taken control of a cockpit. Still, the great mystery of this crash is that the plane seemed to level off and regain control between 8,000 – 9,000 feet before losing control once again and then crashing.
CONCLUSION
The cause of the China Eastern 737-800 NG crash remains a mystery. Black box data has been recovered and Chinese authorities are investigating. Hopefully a transparent investigation will occur with a clear explanation of how the aircraft rapidly descended, shortly regained control, and then lost control again. In a world in which so much can and is hacked, it at least merits having a conversation on whether hacking could have been possible in this instance.
image: Aero Icarus
No, there is no merit in having any conversation about hacking without any evidence. I wish people just stopped trying to ad lib and guess what they think is the cause and just wait for the investigation or at the very least the early stage indicators to play out.
This post is dangerously close to perpetuating a wild conspiracy theory, seemingly for clicks, IMO. Pulling one, and only one poster, with no other context/rebuttals is not ideal. It’s your blog so you can write anything you’d prefer but it’s not your usual style.
There are other sources:
https://www.wired.com/2015/05/possible-passengers-hack-commercial-aircraft/
A link to a seven year old article? Com on dude:)
And you know exactly what I meant. Posting a theory about hacking a plane down would cause utter panic. Be better.
You saw my other comment reply below. I’m really not trying to stoke fear. Truly. I am deeply concerned about hacking and wish to explore whether it is remotely possible.
No merit in the article. Not even 1 in a million. Pure media stupidity. Shame. Once my favorite blogger is mainsteam media garbage
Come on. I’m not reporting this as news. You’ve been hacked, right? I’ve been hacked. Oil rigs have been hacked. Municipalities have been hacked. It’s really not so far-fetched when you think about it. And I don’t purport to be an expert—I am asking for expert opinion from my readers on this. It an issue that I would like to learn more about. It’s much more than clickbait.
Could be worse….could be CNN’s accused sexual pervert Don Lemon (see Dustin Hice lawsuit) debating if a Blackhole was involved with a missing plane.
perhaps its correct, the country itself is a doubtful
My theory: the flight was commandeered by aliens and they were anal probing the humans. Some of the humans, like the Republicans, enjoyed the probing but the pilot couldn’t bear the thought and put the plane in a nose dive. Look for remains of aliens at the crash site. And Republicans with a smile on their faces.
There is just a tiny bit of a problem with this theory. No foreigners reported on the plane :-)))
There are a hundred “plausible” theories as to what happened here and it’s not productive to visit every one of them. Hopefully, the investigation will give us some answers. Unfortunately; it’s in the PRC (the father of COVID), so it is quite likely that we will never know what actually happened.
I agree with both Michael and Geoff enough of these so called “theories” pasted across platforms like this and then to once again raise an issue that was put to bed long ago concerning the attachment points. I would tend to listen if these writers had some real background in aviation/structural engineering. I as ex USAF driver my ear perk up when I see articles regarding an incident and very sensitive to articles like this. Sorry but have lost some friends that way.
Let’s all practice some decorum until the preliminary report is released.
As a Captain for a major airline, and former accident investigator, I’ll thrown my two cents in here. This is physically impossible on a cable-and-pulley operated airplane, like the 737. There are no computers that control the flight control surfaces. Yes, the autopilot is one big computer, but you disengage it, and you’re back to 1960s era, manual control, with zero computer input, etc. It would be like trying to hack a block of wood and make it move across the room. It isn’t going to happen because there is nothing to hack. Aviation accidents tend to attract a lot of conspiracies, but I’d recommend that everyone wait until the final accident report is issued.
It’s human nature to delve into speculation. For me the questions are:
Can China be trusted to perform a thorough, legitimate investigation? What is the possibility of China just assigning whatever “cause” would best suit its own political or economic agenda? Could discrediting Boeing (to benefit China’s own commercial aviation industry) be a factor at play?
One last question: Has Boeing and the NTSB sent its own investigators to the crash site?
Chris Roberts actually did it. He hacked into the plane’s systems in, I think 2015, and successfully changed the heading. His entry path was via the inflight entertainment system while onboard. The French Thales system was especially easy apparently. It took him a few minutes. He did it to expose how vulnerable aircraft are and that this is more than possible. He actually live tweeted it, lol. Of course, the FBI was not happy.
Let’s face it, airlines, pilots, and manufacturers will do anything they can to hide and discount the fact that it is very possible. And might be easier than you think. Yes, the common rebuttal is the one you read from Thomas Cooper above, and it’s sensible. The possibility is likely that the best they can do is disconnect the autopilot. In which case the pilot just flies the aircraft. However, there are pathways within everything and while I don’t believe a 17 year old kid is going to be able to cause issues on an aircraft – I do think that there are elite hackers around the world that will tell you without hesitation that if they wanted to they could easily cause an upset in a flight in such a manner that the pilots may not be able to regain control in time.
If it were hacking, some group woulda taken credit for it.
Was it suicide hackers…jihadists using Bluetooth to breach the cockpit because it cannot be physically breached.
China can blame Uyghur Muslims and say “National Security” prevents them from sharing Black Box data so no other terrorists use the same method.
Utter bullshit. In addition to the comments above about the 737 being a stick-and-pulley aircraft, note that there’s no Ethernet connections from the displays to any other computers on the aircraft. All communication uses ARINC-429, a one-way, rigidly structured data bus that’s only capable of sending pre-determined message types. Also, the actuators driven by the flight director (commonly known as “autopilot”, are physically limited in travel so they cannot produce the attitudes required to create this kind of flight path.
They “say” they use Arinc-429. In fact read the Wired article that Matthew put in the comments above. It was found that is not true.
Interesting avenue of possible inquiry ( hacking ). As many have said all these are speculation but do provide valuable possible investigations. Pickle forks have been mentioned but photos seem to show wings attached just before impact and loss of a wing would cause the aircraft to ” flutter ” down much more slowly. Defective slat tracks have not been discussed. A known issue with this generation. There have been many comments, elsewhere, dismissing the MCAS system ( 737 Max only ) but,
737NG fleet have a history of issues with their own elevator controls. Software, jack screws, and hydraulic spool valve. The last reversing elevator controls. Neither have AOA issues been mentioned. MAX MCAS
Problems were only half software related, AOA faults misled the MCAS and are used on 737 NG.
It appears the dive might have takn place when Autopilot was diengauged for descent and many of the above system would be in play.
This air crash is very serious, and the country and leaders also attach great importance to it. At this time, the investigation results are the most important. It is not acceptable to fabricate out of thin air and spread rumors.
In a world of hacking, it is not an unreasonable question.
What the results are, the results will be announced, and now don’t do useless work.
Everyone is looking forward to the results of the investigation, and it’s not just your words that can make people believe it.
What a total load of BS ,I am an AMT for a major airline,and can tell you without a doubt that the aircraft in question does not use any kind of blue tooth in the display of flight data,or for the input of pilot commands to the flight controls or for input to the flight control computers via the mode control panel.
Any auto flight command to the aircraft is easily overridden by either pilot simply by pushing a button on the yoke to disconnect either A or B channel autopilot,on the next Gen all software is loaded via a data loader and is updated monthly to the FMC for navigation,but for autoflight everything goes thru the FCC and that is all hard wired,as far as the displays go,the CDS or common display system gets it info from the DEU or drive electronics unit,agian a redundant hard wired system.
So agian I call BS on this far fetched theory,wait for the FDR and CVR data to come back before jumping to conclusions.
No question should raise ire imo. Only one’s best effort at a humble and honest response. Thanks to those who did this, you helped me with what has been a question for me as a member of the flying public.