Boeing crash: Geofenced asymmetric cyberterrorism attack can happen again

United News of India

21-07-2025

Thiruvananthapuram, July 21 (UNI) In a disturbing possibility of a geofenced asymmetric cyberterrorism attack, if the engines of the Boeing 787-8 aircraft that crashed in Ahmedabad on June 12 responded to software commands rather than to those from the humans on board, it could happen again, warranting urgent rectification.
"The invisible cutoff of fuel switches poses a serious challenge to India's scientists, engineers, and pilots. It is possible that someone interfered remotely, using software to control a critical part of the aircraft. This could mean the aircraft was hijacked through code rather than by force — and if that's true, it could happen again," internationally renowned CPS security researcher and CII-SCADA engineer KS Manoj told UNI.
In a potentially grave breach of aviation safety, the recent incident involving Air India's Boeing 787 Dreamliner (VT-ANB) at Ahmedabad airport has raised serious concerns over the possibility of the geofenced asymmetric
cyberattack, leading to a sudden and simultaneous shutdown of both engines during takeoff.
The aircraft, which had completed a routine flight from Delhi earlier that day without any technical anomalies, reportedly experienced an unexplained dual engine failure as it began its takeoff roll from Ahmedabad.
According to preliminary findings, both fuel control switches moved to the OFF position without any pilot input, a highly improbable and dangerous scenario that could have resulted in catastrophe had the aircraft been airborne.
Cybersecurity and aviation experts believe the nature and timing of the incident suggest the presence of a pre-programmed cyber trigger, possibly linked to the aircraft's GPS coordinates, making it a textbook example of a
geofenced asymmetric cyberattack.
Such attacks are designed to activate only when the aircraft enters or exits a specific physical location, bypassing manual controls and exploiting vulnerabilities in the aircraft's digital control systems.
The incident has drawn attention from international aviation authorities. The US National Transportation Safety Board (NTSB), which is monitoring the investigation given the aircraft's American origin, has reportedly
criticized the Indian preliminary report for being speculative and lacking technical depth.
Experts in aerospace cybersecurity argue that the investigation so far has failed to examine key attack surfaces such as the FADEC (Full Authority Digital Engine Control), cockpit display integrity, and avionics network security. Notably, no cockpit video footage has been provided to verify whether the fuel switch toggling occurred physically or as a deceptive display artifact.
Furthermore, the Aircraft Accident Investigation Bureau (AAIB) has come under scrutiny for its composition, which lacks specialists in avionics cybersecurity, SCADA/ICS forensics, or digital sabotage detection.
Despite the Dreamliner being a highly computerized, software-defined platform connected through networked critical systems, the probe team reportedly does not include representation from CERT-In, NCIIPC, DRDO, or any digital avionics research wing.
Senior cyber intelligence analysts warn that the incident bears chilling similarities to asymmetric cyber warfare techniques previously observed in other sectors, including the 2020 Mumbai power grid disruption — despite a predictive FIR filed by the Kerala Police.
In that case, a cyberattack was initially dismissed as human error. Analysts argue that if this latest aviation incident is not addressed with urgency and transparency, it may embolden further attacks on India's critical aviation infrastructure.
The concern is heightened by the aircraft's classification as Critical Information Infrastructure (CII) under Section 70 of the IT Act, which mandates specialized cyber protection and forensic oversight.
Aviation safety experts stress that the absence of pilot error, the unexplained movement of both fuel switches, the geographical specificity of the incident, and the aircraft's earlier normal operation from Delhi all point toward a location-bound malicious trigger. If the display screens inside the cockpit were compromised to hide or spoof the switch status, it would have rendered the pilots helpless in a high-stakes scenario.
The broader fear is that such attacks could bypass even highly trained flight crews, by silently manipulating systems they are taught to trust, KS Manoj, who is also a Research Engineer at CPS Security CPS Security Intelegrid ECC (P) Ltd, pointed out.
Experts are calling for an immediate joint investigation by AAIB, CERT-In, NCIIPC, and DRDO, and have urged the Ministry of Civil Aviation to treat the incident as a suspected act of cyber terrorism under Section 66F of the IT Act.
There is also a growing demand for a comprehensive audit of all FADEC equipped aircraft and for pre-flight security verifications that include geolocation-bound logic checks.
Unless acknowledged and mitigated at the earliest, experts warn that these emerging forms of cyber-physical sabotage could serve as a prelude to far more catastrophic events. Rather than remaining sitting ducks,
authorities must act decisively.
Analysts also caution that many of India's VVIPs regularly depend on such modes of air transportation, raising
national security stakes. The incident is being closely watched not only as a measure of India's technical preparedness, but also as a bellwether for the global aviation industry's ability to confront the next generation of threats -- where software, not explosives, may become the preferred weapon of choice.
The detailed statement of technical author KS Manoj is given below:
The Invisible Cutoff: A Chilling Mystery in the Sky
The Boeing 787 Dreamliner had just lifted off from Ahmedabad. The engines roared to life as expected, and the nose of the aircraft pointed confidently toward the skies. Everything seemed normal — until it wasn't. Just moments into the climb, something unthinkable happened.
A sudden shutdown in the sky.
Inside the cockpit, a strange silence replaced the usual hum of the powerful engines. The captain, Pilot 1, stared at the electronic display screen in front of him. This screen, called EICAS (Engine Indicating and Crew Alerting System), monitors the health of the aircraft's engines and systems.
Then came the shock.
The fuel flow dropped to zero. The engine speed began to fall. A warning flashed: 'ENGINE SHUTDOWN.'
The captain was stunned. He immediately turned to his co-pilot and asked: 'Why did you cut off?'
To which the co-pilot, equally confused, replied: 'I didn't.'
Who turned off the fuel?
Here lies the mystery: No one in the cockpit admitted to shutting off the engines. And why would they? Cutting off fuel just after takeoff is practically unthinkable.
Both pilots denied touching the switches. There was no reason to shut down the engines at that moment. The conversation recorded on the Cockpit Voice Recorder (CVR) proves that the captain was shocked and the co-pilot clearly denied any action.
But is there any proof? Sadly, no.
There is no CCTV camera inside the cockpit. There is no video footage showing the pilots' hand movements.
And Boeing 787s do not come equipped with inbuilt cockpit cameras.
So we cannot visually confirm what actually happened.
However, the aircraft's Flight Data Recorder (FDR) tells us one thing with certainty: The fuel switches moved from ON to OFF (CUTOFF), and then were turned back ON (RUN) during flight.
This was not imagined. It happened.
But the how and why remain a mystery.
The pilots tried to save the plane
Realizing what had happened, the pilots acted swiftly. They followed emergency procedures: they turned the fuel switches OFF (CUTOFF), then back ON (RUN) — trying to restart the engines.
It's similar to restarting a frozen phone.
But this wasn't a phone — it was a passenger aircraft full of lives, and time was running out. One engine showed signs of recovery. The other did not. The aircraft could not stay in the air.
What Did the Investigation Find?
The investigation confirmed that the fuel switches were OFF, then turned ON again — mid-air.
The voice recording revealed the pilots reacting in real-time, trying desperately to recover.
And when the wreckage was recovered, the fuel switches were found in the ON (RUN) position — proving that the pilots tried to save the aircraft until the very end.
So, What Really Happened?
The facts are chilling: Both engines shut down. Neither pilot touched the fuel switches. There is no video evidence. The data confirms the switches were moved. The pilots responded immediately to restart the engines.
This leads to a disturbing possibility: Was this a technical malfunction — or something far more sinister?
Could it have been a cyberattack?
A remote instruction sent to the aircraft's systems?
Did the engines follow commands from software, not from the humans on board?
Why this cannot be ignored
If this was not pilot error — If this was not a normal mechanical fault — then someone might have interfered remotely, using software to take control of a critical part of the aircraft.
It could mean the aircraft was hijacked — not by force, but through code.
And if that's true, it could happen again.
A timeline that raises questions
Flight VT-ANB flew safely from Delhi earlier that day. But during takeoff from Ahmedabad, both engines suddenly shut down — without warning.
The pilots didn't touch the fuel switches.
Yet they moved. And there's no video to explain how.
Everything had been normal just hours earlier.
So, what changed between Delhi and Ahmedabad?
Can anyone connect the dots?
UNI DS PRS