馬航MH370失聯緣於網絡劫機？

As the search for the missing Malaysia Airlines Flight MH370 continues, investigators have come across some startling evidence that the plane could have been hijacked using a mobile phone or even a USB stick. The theory comes from a British anti-terrorism expert who says cyber terrorists could have used a series of “codes” to hack the plane’s in-flight entertainment system and infiltrate the security software.

According to Sally Leivesley, a former scientific adviser to the UK’s Home Office, the Boeing 777’s speed, direction and altitude could have been changed using radio signals sent from a small device. The theory comes after investigators determined that someone with knowledge of the plane’s system intentionally flew the jet off course.

“It might well be the world’s first cyber hijack,” Leivesley told the U.K.’s Sunday Express. “This is a very early version of what I would call a smart plane, a fly-by-wire aircraft controlled by electronic signals.”

Leivesley said that the evidence increasingly indicates that someone took over the plane’s controls “in a deceptive manner” and overwhelmed the plane’s system either remotely or from a seat on the plane.

“There appears to be an element of planning from someone with a very sophisticated systems engineering understanding,” she said. “When the plane is air-side, you can insert a set of commands and codes that may initiate, on signal, a set of processes.”

Investigators have also proposed that the pilots themselves could have switched the plane’s communication equipment off and redirected the plane west, but officials say it would have been very difficult for them to make the plane disappear from radar. Commercial aviation pilots who spoke with NPR said shutting down the system, which is designed to automatically communicate with ground control stations, is far more complicated than throwing a single switch.

“They said you'd have to go through big checklists, you'd have to possibly pull circuit breakers if you wanted to deactivate [all the communications equipment],” NPR’s Geoff Brumfiel told “All Things Considered” host Robert Siegel. “So, to do this, you'd have to have some degree of premeditation and a lot of knowledge of the aircraft.”

Further evidence supporting the cyber hijack theory comes from the fact that Boeing had previously expressed concern over the security of the plane’s systems, and had even contacted the U.S. Federal Aviation Administration for permission to change some of the onboard equipment. In August 2012, Boeing applied to have additional security installed aboard several of its 777 series aircraft.

Boeing was concerned that the aircrafts’ inflight entertainment system, which includes USB connections, could allow hackers to access a plane’s computer. The Federal Aviation Administration granted Boeing permission to change its inflight systems five months ago.

"The integrated network configurations in the Boeing Model 777-200, -300, and -300ER series airplanes may enable increased connectivity with external network sources and will have more interconnected networks and systems, such as passenger entertainment and information services than previous airplane models,” the U.S. Federal Register stated in a Nov. 2013 report. “This may enable the exploitation of network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the airplanes and occupants."

Last year, a Spanish researcher showed it was possible to hack a plane using a mobile phone. According to WTOP, during a presentation in April 2013 at the Hack-In-The-Box security summit in Amsterdam, Hugo Teso allegedly proved that with an Android smartphone, a specific “attack code” and an Android app called PlaneSploit, he could hijack both a plane’s system as well as the pilot’s display.

The FAA quickly denied Teso’s assertion that he could remotely commandeer a plane.

"The described technique cannot engage or control the aircraft's autopilot system using the FMS or prevent a pilot from overriding the autopilot," the FAA said in a statement following Teso’s demonstration. "Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."馬航失聯客機MH370的搜救工作仍在繼續，與此同時，調查人員驚訝地發現，飛機可能是被手機甚至USB設備劫持。該理論來自一位英國反恐專家，說網絡恐怖分子可能使用了一連串“代碼”侵入機上的飛行娛樂系統，並滲透到安全防護軟件中。

英國內政部（Home Office）前科學顧問薩利·李維斯利（Sally Leivesley）表示，一個小設備發出的無線電訊號改變了波音777飛行速度、航向和高度。在調查人員發現是有了解飛行系統運作的人故意使飛機偏離航道後，她提出了這個“網絡劫機”的說法。

“這可能是世界首例網絡劫機事件，”李維斯利在接受英國《週日快報》（Sunday Express）採訪時說道。“我更願意將其稱之爲智能飛機的雛形，由通過電子信號操控的遙控式飛機。”

李維斯利稱，越來越多的證據表明，有人“以欺騙的方式”接管了飛機，遠程或者就在飛機上操控着飛機系統。

她說：“似乎有一位非常通曉系統工程的人在參與此事，飛機在控制區時，可以插入一套指令和代碼，發出信號啓動一組進程。”

調查人員之前也曾指出，可能是飛行員人爲關閉飛機通訊設備，再駕駛飛機西行，但官方迴應稱即使那樣，也很難使飛機避開雷達監測。商業航空飛行員在接受美國國家公共電臺（NPR）採訪時表示，飛機系統可以自動與地面控制檯取得聯繫，關閉系統不是像關閉一個開關那麼簡單。

“他們說要關閉（所有通信設備），得完成許多操作步驟，可能得拉下斷路器開關。”NPR的傑夫·姆菲爾（Geoff Brumfiel）對《All Things Considered》節目主持人羅伯特·西格爾（Robert Siegel）說道。“這樣的話，得事先經過一些策劃，並精通飛機原理。”

此前波音公司曾表示波音飛機系統可能存在安全隱患，並向美國聯邦航空管理局申請更換部分機載設備，這進一步驗證了“網絡劫機”的可能性。2012年8月，波音公司在其部分777型飛機上加強了安保系統。

波音公司曾擔心，機上的飛行娛樂系統帶有USB接口，黑客可能會趁此侵入飛機的電腦系統。5個月前，聯邦航空管理局同意波音公司更換飛行系統。

美國聯邦公報在2013年11月的一份報告指出，“與先前的機型相比，波音777-200, -300型飛機的整體網絡配置可能會加強與外部網絡源的連通性，有更多的互聯網和系統，如乘客娛樂和信息服務。同時這可能產生網絡安全漏洞，增加風險，導致對飛機和機內人員不利的狀況。”

2013年，一位西班牙研究員指出，通過手機劫持飛機是可能的。據華盛頓WTOP電臺消息，2013年4月阿姆斯特丹HITB安全峯會上的一塊講演中，雨果·特索（Hugo Teso）據稱能夠通過一部安卓智能手機，一串特殊的“攻擊代碼”，和一款PlaneSploit應用，就能侵入一架飛機的系統以及飛行員的顯示器。

聯邦航空管理局很快否定了特索能遠程控制飛機的說法。

“特索提出的方法不能侵入或控制飛機的自動駕駛系統（採用的是飛行管理系統），也不能阻礙飛行員控制自動駕駛儀。“FAA在隨後的一份聲明中說道，”因此，黑客無法做到像這位技術顧問聲稱的‘完全控制飛機’。”