MH370 could have fallen victim to world's first 'cyber-hijack'

A member of a rescue team looks through binoculars during a search and rescue operation to find the missing Malaysia Airlines Flight MH370
A member of a rescue team looks through binoculars during a search and rescue operation to find the missing Malaysia Airlines Flight MH370

Flight MH370 could have fallen victim to the world’s first ‘‘cyber-hijack’’, with a British anti-terrorist expert saying a plane could be taken over using a mobile phone or USB stick.

Former Home Office scientific adviser Dr Sally Leivesley said hackers could change the plane’s speed, altitude and direction by sending radio signals to its flight management system.

It could then be landed or made to crash by remote control, Dr Leivesley told the Sunday Express in London.

More than a week after the Malaysia Airways Boeing 777 went missing with 239 people on board, theories are all family and friends have to explain the fate of the plane.

Flight MH370 vanished en route from Kuala Lumpur to Beijing. At the weekend, Malaysian police finally confirmed that the disappearance was a deliberate act and searched the captain and co-pilot’s homes.

Dr Leivesley, who runs her own company training businesses and governments to counter terrorist attacks, told the Sunday Express she believed malicious codes, triggered by a mobile phone, would have been able to override the aircraft’s security.

“There appears to be an element of planning from someone with a very sophisticated systems engineering understanding,” Dr Leivesley said.

“This is a very early version of what I would call a smart plane, a fly-by-wire aircraft controlled by electronic signals.

“It is looking more and more likely that the control of some systems was taken over in a deceptive manner, either manually, so someone sitting in a seat overriding the autopilot, or via a remote device turning off or overwhelming the systems.

“A mobile phone could have been used to do so or a USB stick.

“When the plane is air-side, you can insert a set of commands and codes that may initiate, on signal, a set of processes.”

Dr Leivesley said the hacking threat was raised at a science conference in China last year.

“What we are finding now is that it is possible with a mobile phone to initiate a signal to a preset piece of malicious software, or malware, in the computer that initiates a whole set of instructions,’’ she said.

“It is possible for hackers — be they part of organised crime or with government backgrounds — to get into the main computer network of the plane through the inflight, onboard entertainment system.

“If you have got any connections whatsoever between the computing systems, you can jump across and you can get into the flight critical system.

“To really protect your computer systems, you do not let anything connect with them and you would keep the inflight systems totally in their own loop so nothing whatsoever connects.

“There are now a number of ways, however, in which the gap between those systems and a hand-held device like a mobile phone can be overcome.”

The Sunday Express reported that last April, a German security consultant and commercial pilot unveiled a way to hijack a plane remotely using a phone.

Addressing the Hack In The Box security summit in Amsterdam, the consultant Hugo Teso said he had spent three years developing a series of malicious codes on a mobile phone app called PlaneSploit that hacked into an aircraft’s security system.