Blog: Aviation Cyber Security

Scorpion CBS show. Plane hack

Ken Munro 14 Aug 2023

Having got on a bit of a roll with dismantling plane hacking in the media with the MH370 documentary critique, it’s probably time to tear apart the pilot episode of Scorpion from 2014.

Here’s a link to the relevant part of the show: https://www.youtube.com/watch?v=boEb8zKfPBo

Why? It’s clearly just an entertainment show, so why bother dismantling it? The problem I have is that these TV shows support a narrative about plane hacking that isn’t based on fact. This undermines the reality of aviation cyber and the good work that is being done by industry to ensure that airplanes can’t in fact be hacked.

Where do we start?

Stretching reality

The plane in question looks like a 737, given the nose shape, manual throttles and glareshield layout.

Approach speed us going to be around 140 knots, depending on configuration and weight. That’s ~160mph.

A regional US airport might have a runway around 8-9,000 feet / ~2,500m long. That gives the Ferrari about 40 seconds to accelerate, connect to the plane, transfer data and then stop. In the show it takes 1 minute 40 seconds.

In reality, given acceleration and braking requirements, the vehicle would likely have 20 seconds maximum to connect, if it was even possible to match the speed of a plane. Holding an 80 ton airplane in ground effect close to the stall is not easy.

Just plain wrong and misleading

Short haul planes like the B737 and A320 don’t have avionic (EE) bays accessible from the cockpit or cabin. Some long haul types do, but not those in the TV show.

EE bays don’t look like this:

They are small, cramped and full of technology that looks nothing like networks you might be familiar with:

RJ45 cables and ethernet switches don’t exist in airplane EE bays (well, certainly not in the 737).

The 787 and some later types do use some switches that may be more familiar to you, but they don’t use RJ45 connectors, as they can fall out in turbulence! They use much more robust, locking connections and don’t use IP.

There is no hatch to the main undercarriage and wheels from the EE bay on any plane type that I’m familiar with. 747s do have a hatch near the nose gear though.

There are external hatches on most EE bays, as that’s how engineers get in there when on the ground. They aren’t near enough to the wheels to climb down.

Have you ever tried to stand up in a 160mph breeze? Now try climbing down the gear….

Planes don’t use networks that IT network engineers will be familiar with. The B737 and A320 use a point to point network that uses a protocol called ARINC 429. There is no network to upload software to from a laptop!

Software updates on these types come from specialist dataloaders using custom connectors. Some older 737s use floppy discs. Yes really.

You don’t hack planes from the cabin and you don’t hack planes over RJ45-terminated ethernet cables with laptops whilst dangling from the wheels over a Ferrari.

If you want to learn more about the real world of aviation cyber, read our blog or follow the Aerospace Village.

Technical bloopers

The gear handle is in the ‘up’ position when the camera cuts to the pilot in the cockpit, yet the undercarriage is extended through the whole segment.

Why does the plane buzz the tower? It was aligned with the runway for the whole piece, so it would have had to diverge from the runway centerline mid-hack to do so!

Why is there a lamp post on the ‘runway’ in the braking segment? Did they film this all on the ramp / apron?

We made our own version