Remote Control Boeing
In the aftermath of a mystery such as the disappearance of MH370, conspiracy theories always thrive. This one is a big one, as it involves multiple governments, corporate America and the US State Department. Malaysia Airlines flight 370 was not diverted by anyone on board, according to this theory, but was taken over remotely. There are two primary variations. First, that the US Military interfered with the flight, jamming the frequencies as remote controls were used to turn the aircraft away from Vietnamese airspace to land in an unknown location. Second, that criminals have gained control of this technology which is pre-installed into aircraft all over the world. This group of unknown terrorists was able to hack into the secret system to gain control of the aircraft and divert it from its path, without anyone on board able to stop them.
A problem with this theory is that any theoretical remote control of the aircraft would not include the ability to turn off the ACARS, the transponder and the radio. There are fighter jets that carry the ability to jam military radar, such as the EA-18G Growler. However, it would take multiple Growlers to jam the Boeing 777’s signal as it continued on its diversion. This means that it wouldn’t have been terrorist hijackers, who would struggle to get a single military jet from the US Navy, let alone a contingent of them. This narrows the possibility to government military interventions by someone who has the technology but doesn’t have access to Boeing 777s, which doesn’t seem likely. Finally, air traffic controllers on the ground would at least be aware that there was interference, even if they didn’t recognise that the signal was being jammed. The Boeing would not simply vanish from the secondary radar systems.
Scientific American put it best:
How Do You Hide a Boeing 777? – Scientific American
Other theories imply that electronic warfare techniques—jamming, spoofing or degrading signals—might be involved in MH370’s disappearance. Such technologies can prevent enemy fire control radars from getting a fatal lock on aircraft, but they are not a David Copperfield magic trick. They don’t make planes disappear, especially not large commercial airliners, from the screens of air traffic control systems.
I have not yet found a verifiable description of how the assailants could have made the aircraft disappear before the diversion began. For the sake of argument, however, I’ll ignore this issue and focus on the idea of the remote control Boeing.
Obviously, it is possible to fly planes by remote control. Unmanned aerial vehicles, known as drones, are remotely piloted aircraft with no humans on board. The first known military usage of the UAV was 1849. The Austrians besieged Venice and then launched the first air raid in history. The Austrians filled hot air balloons with bombs set to go off in twenty-three minutes. They were then launched from a war steamer where the prevailing wind blew them over Venice. UAVs are used all around the world but they are generally custom designed. Boeing have designed twelve models for use as unmanned aircraft and have two high-altitude, long-endurance UAVs under development: the solar-electric Solar Eagle and the hydrogen powered Phantom Eye.
But that’s not the same thing as taking over a commercial aircraft meant to be controlled by an aircrew with assistance from a Flight Management System. In April 2013, Business Week published an expose to state that it was possible to hack into the flight management system of an aircraft using only an android. However, the FAA were swift to deny that there was any danger. The hacking technique described did not work on certified flight hardware and would not pose a flight safety concern. No aircraft has ever actually been hacked in such a way that it could be used to divert the aircraft without complicity from the flight crew. If someone were to attempt this, it would almost certainly be on the computer-intensive Airbus, not the Boeing with its higher reliance on manual inputs. Besides, if someone were to hack into the Flight Management System to take control of an aircraft, all the flight crew would need to do is turn it off and continue the flight without it. Right now, the technology to remotely take over some random flight management system against the will of the flight crew does not exist.
However, Boeing are definitely interested in developing the ability to take control of their aircraft remotely. In 2006, Boeing applied for the following patent:
Patent US7142971 – System and method for automatically controlling a path of travel of a vehicle
The method and system for automatically controlling a path of travel of a vehicle include engaging an automatic control system when the security of the onboard controls is jeopardized. Engagement may be automatic or manual from inside the vehicle or remotely via a communication link. Any onboard capability to supersede the automatic control system may then be disabled by disconnecting the onboard controls and/or providing uninterruptible power to the automatic control system via a path that does not include the onboard accessible power control element(s).
This system is specifically designed to protect the aircraft against a hijack. Since 9/11, the security of the flight deck has been much improved but the patent documentation explains that people are the weakest factor. The security door leading to the cockpit is still under human control and if one of the flight crew is tricked or threatened, a terrorist can still gain access. Armed guards or air marshals on flights may be overpowered or threatened. The pilot may allow access to the cockpit out of fear of harm to the passengers or crew.
[There is a need for] a technique that conclusively prevents unauthorized persons from gaining access to the controls of a vehicle and therefore threatening the safety of the passengers onboard the vehicle, and/or other people in the path of travel of the vehicle, thereby decreasing the amount of destruction individuals onboard the vehicle would be capable of causing. In particular, there is a need for a technique that ensures the continuation of the desired path of travel of a vehicle by removing any type of human decision process that may be influenced by the circumstances of the situation, including threats or further violence onboard the vehicle.
Here’s a key point: this patent is to protect the entire aircraft against trickery, coercion or threats of violence. It relies on being able to control the aircraft without human intervention of any kind. For example, under predetermined conditions such as an unexplained diversion from the flight plan, a signal is sent which sets an uninterruptable autopilot mode on the aircraft. The aircraft then follows pre-determined control commands to navigate away from populated areas and to a designated landing site where the aircraft would attempt an automatic landing. As described in the patent, the system would not allow someone on the ground or in another aircraft to take control of the aircraft and send it to a new location – the most they could do is set off the emergency evasive manoeuvre to follow the preset pattern.
Another point: this is a patent. The theory goes that the technology not only exists but that Boeing have secretly been putting this system into place in aircraft all over the world. Could this remote-control technology be included in every aircraft? Well, from a commercial point of view, it seems a bit spurious. I can certainly imagine the US military wanting these controls put into aircraft, making it impossible to take control of an aircraft through threats of violence. And yes, I am absolutely convinced that there are aspects of the War on Terror which are not publicly known.
And yet, I find it hard to believe a conspiracy of this magnitude. Boeing’s financial situation is based on the fact that they are selling aircraft to airlines all over the world. Would they really risk ceding the entire international market to Airbus by inserting this technology against the will of their customers? And is it reasonable to believe that not a single engineer or maintenance company would have noticed these additional systems in place which were undeclared and undocumented?
The main argument in favour of this on websites which are presenting the remote control Boeing scenario as likely is the Boeing controversy over the QRS-11 chip.
Here’s an example of the conspiracist explanation:
Are Boeing fitting their aircraft with illegal devices that could enable terrorists to remotely hijack airliners and crash them into high profile targets? In light of what happened on 9/11, Boeing’s blanket denial that this practice has taken place is both highly suspicious and a threat to national security . . .
According to the Seattle Times, “The QRS-11 chip, made by a unit of BEI Technologies in Concord, Calif., is just over 1-½ inches in diameter and weighs about 2 ounces. It sells for between $1,000 and $2,000. Described as “a gyro on a chip,” it is used to help control the flight of missiles and aircraft.” . . .
Recent newspaper reports discussing these devices and the policy to have them in all airliners within three years assure us that they would prevent another 9/11 style outrage – but because anysuch system is vulnerable to hacking allied with the fact that pilots have no way of overriding the autopilot, not even with secure access codes, this only increases the chances of another 9/11 style attack.
One frustrating aspect of these types of theories is that bizarre conclusions are twisted into half-truths in such a way that it isn’t immediately obvious what is true and what is not. Quoted in the Seattle Times, and every other reputable source about the QRS-11 chip controversy, is that the US State Department wanted to stop the aircraft being installed with this chip, as opposed to having a policy to secretly install them into all airliners.
So the factual part of this explanation is that the QRS-11 Gyrochip exists, it is well-documented, it is not a secret and that there was controversy. But it was quite the opposite of “secretly installing it into aircraft sold overseas”.
The QRS-11 is a coin-sized guidance chip used as a part of a commercial navigation system made by French company, Thales. These navigation systems are used by Boeing, Airbus, Bombardier and other aircraft makers.
The US state department fears that the QRS-11 chip could be used in Chinese guided missiles, although the chip was not developed for military applications but was designed as a commercial product. It has been used within some military missile systems because the technology is extremely affordable. Thus, the QRS-11 chip was determined a munitions item, which require a specific presidential waiver from the White House for commercial export to China.
US State department then brought charges that Boeing had embedded the chip in 96 planes sold to Beijing, without the permission of the US State Department. Boeing fought back. “[The gyrochip] is a low-value card that they could find other ways to buy,” he said. “If they want to buy a 737 to pull that part out, I’d love them to buy more 737s.”
Boeing and Airbus continue to sell the chip as a part of their instrument boxes – there’s no secret about it – and Boeing argues that the fines and sanctions in this instant are the overzealous application export controls that threatened to derail overseas sales. That is to say, they rank their position in the global marketplace over US State department sanctions. There’s no question that this chip is being secretly installed in order to gain remote control of aircraft to avoid another 9/11 scenario. The QRS-11 chip is a complete red herring.
If the system exists at all, it is undocumented. Then we still have to presume either that a terrorist group has access to top secret US technology and military aircraft (and yet wants control of a Boeing 777 for nefarious purposes) or that the US has taken the aircraft for unknown reasons, willing to brave an international scandal in order for secret reasons. Without any sort of identifiable motive, I find both of these scenarios hard to believe.
Finally, there’s a question of timing. The Boeing patent for this system was put forward in 2006. The Boeing 777 in question, NM-MRO, was delivered new to Malaysia Airlines in May 2002. Even if one believes the theory that after 9/11, the US State Department started an initiative to install remote control capabilities into every commercial aircraft, the aircraft predates the patent by four years. Even if the technology were a reality, it would not yet have been installed to NM-MRO.
Effectively, in order to believe that remote control abduction of the Boeing 777 explains the disappearance of Malaysia Airlines flight 370, you must accept multiple conspiracies and accept that most everything we know about commercial airliner technology is wrong. It’s not impossible but I find it highly improbable.
This is an update to my book The Mystery of Malaysia Airlines Flight 370, which offers a detailed analysis of the flight and disappearance of MH370. If you are interested in reading more, you can buy it here.
Very interesting article.
But it raises many questions, possibly even more than it answers.
Years ago I was employed as a corporate pilot with a major manufacturer of computer systems.
They supplied computers to businesses, governments, met stations, flight simulator operators and also to air traffic control.
This was well before the A320 was launched. Aircraft were not nearly as automated and computer-controlled as they are now.
EFIS had not found it’s way into the cockpit either.
It was still possible to work out a route using a Jeppesen map and file your flight plan yourself, without using a handling agent. There was no talk about RVSM, in Europe we flew from VOR to VOR. Across the Atlantic some aircraft still used Doppler or Loran. The more sophisticated systems were INS and VLF-Omega.
R/T was getting increasingly busy and there was some concern that pilot would not be able to receive critical messages from ATC.
My then employers were laying the groundwork for a new system that would be able to overcome this.
Discussions with pilots were mainly restricted to brainstorming meetings between representatives of the authorities (ATC), IALPA and the computer company (DEC), later augmented by lawyers. As a pilot working for the proposed supplier I was on occasion involved when the software engineers needed some pertinent information about the operation of aircraft.
The proposed system – which never even reached the drawing board, let alone being produced and implemented – was supposed to work through a new, still to be developed, system that incorporated a sel-call, integrated with the aircraft ATC transponder, air data computer(s) and the autopilot.
The idea was to bypass the cumbersome, slow and sometimes unreliable process of R/T for the exchange of messages, instructions and information between the cockpit crew and ATC. Instead, the ATC controller would use a computer keyboard to write messages that then would be transmitted to the crew and displayed on a screen in the cockpit. Thus eliminating delays that can occur when using R/T in busy airspace.
The clincher was that the proposal also included some method to remotely manipulate the aircraft’s autopilot to make changes in FL / altitude and/or heading should there be an urgent reason to override the pilots. The same screen used for ATC messages would then display the action taken by ATC when control over the aircraft was (albeit temporary) taken from the cockpit crew.
We know that in some form this has already happened: pilots are trained to immediately and without hesitation react to a GPWS warning and a TCAS alert also leaves no room for manoeuvre. Other than, of course, to execute the evasive action prescribed by the system.
We also know that these systems can malfunction and some accidents have happened because a faulty rad-alt triggered a GPWS alert when flying at high altitude. Of course, this can only mean a system malfunctioning and is quickly solved by pulling the cb of the offending system.
This has, as Sylvia knows, lead to accidents when pilots forgot and flew (or tried to fly) a CAT-3 approach without or worse: using a faulty radio altimeter for reference.
But in general pilots put great store on reaching the age where they can enjoy their (in the case of senior airline pilots anyway) substantial pensions.
So GPWS and TCAS have been generally accepted.
But to come back to the proposed system:
The IALPA pilots, consulted on it’s feasibility firmly rejected it.
They – and their lawyers – argued that this would mean handing control over the aircraft to an air traffic controller or worse: to a computer.
The captain is the pilot-in-command and responsible for the safety of the aircraft.
This system proposed to take some of this out of their hands and hand it over to someone or (God FORBID!) someTHING in an ATC centre.
All good and well, but if things go wrong: who will be left to hang high and dry ?
The pilots did not like the idea of handing over any more control over their aircraft than strictly necessary and the idea was dropped.
What Boeing are proposing now is a giant step further in the process of wrangling control away from the crew.
And again the question: Will the PIC still be the legal authority or will he or she be relegated to a spectator role, only to come in action if things go wrong?
Will we see the day when there will be a pilot and a dog in the cockpit ?
The pilot’s job will be to feed the dog.
The dog is there to make sure that the pilot will not touch anything !
One more remark about Boeing’s proposal:
This seems to be a large step on the path to eliminate the pilots from the cockpit.
Nothing new, really. American drones are already operational, controlled remotely with the pilots sitting somewhere in a control room, many miles away and well removed from the scene of action – and danger.
But herein lies my greatest fear:
I must admit that I do not really like the idea of being a passenger in an aircraft without pilots.
Boeing – so far anyway – does not propose to take this step. Not yet.
But what will happen if terrorists gain access to the control room ?
Will they be able to remotely steer a whole fleet of airliners into selected targets, anywhere in the world, until their demands are met or they have succeeded in an attack on innocent people, an attack on potentially unprecedented scale ?
The system will be useless if the pilots could turn it off, because if I read Sylvia’s article correctly, the whole purpose of it will be to allow ATC or an anti-terrorist body to take control of the aircraft in case of a hijack.
And what if the hijackers execute members of the crew and passengers one by one until the people in the control room hand control back to the aircraft, meaning to the terrorists inside ?
The ground controllers probably will have not option but to sacrifice all on board in order to prevent a repeat of “9/11”.
No, as I mentioned before, the proposal is so full of possible holes that I can only hope that Boeing will quietly drop it.
Mr. Boeing, please read the ancient story about Pandora’s box !
You’ve missed one aspect – there’s no control room in the current scenario. The aircraft is preprogrammed for the emergency event specifically to avoid *any* human interaction that would allow the aircraft to be diverted. That includes the people on the ground.
This article is great and really detailed. Great job!
I would like to share my view point from security expertise view point.
Airplanes are can be hacked.
The 777 is computerized and is remote controllable from anywhere in the world. I was once in the air waiting for weather on ground to be better and the guy next to me started explain the circling route that the plane was taking and the timing and such. Then he told me about how to figure out the wind direction based on the time. I thought he was a pilot, he told me he was engineer that worked on a airplane flight simulator… that’s when I shared about how airplanes had been hacked, such as Chris Robert’s
… then he dropped the info that any commercial 777 can be radio controlled from anywhere in the world. I was like: “WCPGW?”.
Looking at an airplane through the eye of security and you have complete different understanding of what can be done. So unless it is open source, you can always hide components. Feel free to reach out to discuss information about security solutions.
The QRS11 system has a remote kill switch. The manufacturer of this patented chip can crash any plane that uses this chip.