Apparently a security researcher has found a way to do this and will present his findings to Black Hat USA in Las Vegas. Details at:
https://www.darkreading.com/vulnerabilities---threats/researcher-succesfully-hacked-in-flight-airplanes---from-the-ground/d/d-id/1331961?_mc=NL_DR_EDT_DR_daily_20180606&cid=NL_DR_EDT_DR_daily_20180606&elq_mid=85111&elq_cid=22146235

I would suggest that access to in-flight systems be controlled by applications that require 2 factor authentication before this gets out of hand.

The US Department of Homeland Security has proven the concept of remotely gaining access to civilian aircraft systems. They didn't state wheter any critical sysems were involved and what level of control could be exercised.

Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says - Avionics (http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/)

JAS

He declined to discuss in detail just how much damage an attacker could do with the aircraft hack they pulled off, saying: "This has to be explained carefully, and we've got all the technical details backing our claim. It's not an apocalypse, but basically there are some scenarios that are possible" that will be covered at Black Hat, he says.

What he's saying is this is one piece of the puzzle that could be part of a plan to do something nefarious. To say it's not dangerous is dis-ingenious, but to claim "airliners remotely controlled!" is too.

I would suggest that access to in-flight systems be controlled by applications that require 2 factor authentication before this gets out of hand.
To attacks like this, authentication might as well not be there. Most hacks operate this way. The real world example is you put enough weight on the door and it opens instead of using the key, or you turn door knob furiously left and right until some part breaks inside.

What are these wicked hackers alleged to be planning? My airliner has a red "OFF" button on the automatics and two individuals with a honed sense of self-preservation to press it if we ever started heading off somewhere we don't want to go.

My airliner has a red "OFF" button on the automatics
And when your airliner is equipped with the Honeywell Uninterruptible Autopilot, that red button will just say "What are you doing, Dave?"

What are these wicked hackers alleged to be planning? My airliner has a red "OFF" button on the automatics and two individuals with a honed sense of self-preservation to press it if we ever started heading off somewhere we don't want to go.

What is behind TCAS but a computer with a list of objects and their vectors?

What is behind TCAS but a computer with a list of objects and their vectors?

So the hack consists of controlling the pilots? Spoof ADS-B (which is possible as far as I understand) and make the pilots go wherever you want.

Although, turns are never part of TCAS resolutions afaik so you could only go up and down....

Spoof ADS-B (which is possible as far as I understand) and make the pilots go wherever you want.

Problem with spoofing ( navaids, comms, etc) is that at some point the "wetware" in the loop generally carries out a credibility check...

and yes, ATM at least TCAS is pitch only.

Let us be clear. All that is claimed is access to Satcoms and the passenger WiFi.
No mention of NAV, FMS, FCC or TCAS. Just some vague suggestion that disrupting Satcoms could interfere with FANS. So let's not panic just yet.

As for TCAS? While TCAS can use (potentially spoofable) ADS-B to assist initial target acquisition, the conflict algorithms themselves use only independent range measurement using SSR. To fool it you really would need to hack the main code - it cannot be fooled at a simple data level.

There were additional claims about the potential of compromising CPDLC and ACARS. Given that neither of these is encrypted, the possibility is real. OTOH, the probability of a pilot verifying and executing a bogus clearance from either of these is MUCH less, as long as standard procedures are adhered to. If a rogue pilot decides to blindly accept a clearance without verification, that is another story entirely...

Similar hacking threats in the maritime world according to the BBC Ship hack 'risks chaos in English Channel' (https://www.bbc.co.uk/news/technology-44397872)

A non story. On board aircraft systems are a closed hard wired network. On board WiFi has zero connectivity to that.

A non story. On board aircraft systems are a closed hard wired network. On board WiFi has zero connectivity to that.

Are you sure about that? I thought this was exactly the problem, no physical separation. Are there different Satcom systems for the passengers surfing/calling and the aircraft system doing their thing? Not so sure about that.

Some systems **MAY** be vunerable via hacking thru COMMON connections to a power supply/battery/inverter.

Some systems **MAY** be vunerable via hacking thru COMMON connections to a power supply/battery/inverter.

That would be an extraordinary achievement were it possible, but power lines ultimately are not connected to data lines, so such a “common” path does not exist. In theory you could hack a WiFi system and ”shut it down” or perhaps “crash” its power supply (though exactly how that could be done is not clear).

Were it possible to remotely shut down that power supply, it would make no difference to the avionics, which have multiple backup systems. On board WiFi and entertainment systems do not. When either of them fall over, which occasionally happens, the system has to be rebooted. If it stays failed, then you fly without entertainment or WiFi.

Imagine a scenario where you park outside your neighbor’s house, hack into his WiFi network, and start up the motorbike in the garage.

The data path is not fully separate. You can download a new flight plan via Acars and you can load it into the FMGC. The FMGC does control pitch, roll, thrust, nav displays, navaid tunning and assumed location, aircraft position, etc etc etc. Putting that to the side both the database and the basic FMGC software is routinely updated, any one of those updates can introduce malicious code with expanded functionality. As proven by the way the CIA managed to blow up Iranian centrifuges. The last line of defence is indeed the crew, provided the system is designed to allow the crew the final decision.

Some systems **MAY** be vunerable via hacking thru COMMON connections to a power supply/battery/inverter.

Yes it is possible via USB power connections - for but one example re cars and similar. and things like centrifuge controllers

https://www.usatoday.com/story/travel/advice/2016/12/18/hacking-plugs-ports/95511936/

and also (https://www.usatoday.com/story/travel/advice/2016/12/18/hacking-plugs-ports/95511936/)https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/

via an ethernet connection . . .

What are these wicked hackers alleged to be planning? My airliner has a red "OFF" button on the automatics and two individuals with a honed sense of self-preservation to press it if we ever started heading off somewhere we don't want to go.

What if the hack includes always on for that address?

Centrifuges were hacked via a USB stick.

Avionics are not (currently) accessible via any known hacking methods.

Recent Aviation Week article which has clear explanation on this. (Aircraft Avionics Hacking: Is It Possible? from May 22 2018)

Even if you download an acars flightplan, you still check it and both verify it before you activate it.

You would never enroute uplink something you didn’t request.

Mostly you manually build a plan on the ground from saved routes.

Mostly yoy manually build a plan on the ground from saved routes.Depends on the airline...

Even if you download an acars flightplan, you still check it and both verify it before you activate it

That is not the point, obviously the malicious software is not going to say "ready to install hack? yes-no". The point is that there IS a connection between ACARS and the FMGC therefore that connection can be potentially hacked. The fmgc can command pitch, roll and thrust. It can also has the performance databases that can also be potentially altered.

The Iranian centrifuges where hacked even though they had no physically connection to the outside world. It was done by introducing the malware in a routine software update of one of the components. In the same way that the many computers in modern aircraft are routinely updated.

Avionics are not (currently) accessible via any known hacking methods.

Thats funny.

Putting that to the side both the database and the basic FMGC software is routinely updated, any one of those updates can introduce malicious code with expanded functionality.


In the same way that the many computers in modern aircraft are routinely updated.

Most (I cannot say all as I do not know them all) aircraft avionics software updates are done through hard wired data loaders not wifi. The hackers would need to break into the software manufacturers and alter the software from the ground up. This idea of hacking into aircraft systems is fanciful. Even if the IFE or Satcom could be hacked remotely, there are a couple of big buttons on the flight deck that will cut the power to them instantly if requred.

there's still some suspicion that several of the many recent US Navy collisions in the Pacific were caused by hacks to the ships GPS/Navigation system by naughty State bodies...

G

I don't know where that "suspicion" comes from (other than unfounded rumor). If you read the preliminary reports, you'll find there is NO tie to any hacks, GPS or otherwise.

I don't know where that "suspicion" comes from (other than unfounded rumor). If you read the preliminary reports, you'll find there is NO tie to any hacks, GPS or otherwise.

Yep, sounds like urban legend, here are the final collision reports for the USS Fitzgerald and the USS John S. McCain:

http://s3.amazonaws.com/CHINFO/USS+Fitzgerald+and+USS+John+S+McCain+Collision+Reports.pdf

Excerpts from a recent article about airplane hacking in Business and Commercial Aviation:

...So now we introduce Chris Roberts, bad boy hacker, security researcher and one of the founders of One World Labs (now OWL Cybersecurity) in Denver. Brilliant and idiosyncratic, Roberts had been warning of cyber vulnerabilities on commercial aircraft for years, but few in the industry took him seriously. To make his point, in April 2015 aboard a United Airlines (http://awin.aviationweek.com/OrganizationProfiles.aspx?orgId=16430) Boeing 737 (http://awin.aviationweek.com/ProgramProfileDetails.aspx?pgId=634&pgName=Boeing+737NG)-800 en route from Chicago to Syracuse, New York, Roberts logged onto Twitter and sent a tweet from the cabin speculating whether he should hack into the IFE (inflight entertainment system) through the SEB (seat electronic box, one of which is generally mounted under the seats in each row on either side of the aisle of narrow-body jetliners) and then into the cockpit systems.

“Shall we start playing with EICAS messages?” he tweeted. “‘PASS OXYGEN ON’ Anyone? :)” The smiley face was a nice touch, but the two FBI agents waiting for Roberts in the boarding lounge when the flight landed at Syracuse were not amused. (United cybersecurity personnel had seen the tweet and alerted the Bureau.) They took him into custody and confiscated his two laptop computers and several flash drives, which he admitted contained malware.

Under interrogation, Roberts said that despite his joking tweet, on the Chicago-Syracuse flight and a previous segment from Denver to Chicago, he had not hacked into either aircraft’s IFE. Nevertheless, in an inspection
of the SEB under the row where Roberts had been sitting on the Denver-Chicago segment, one of the FBI agents wrote in his affidavit request that the cover of the box appeared to have been tampered with. Roberts denied this, as well, claiming that the unit could have been damaged by previous passengers shoving carry-on baggage under the seats.

Come Fly (and Hack) With Me

This was not the first time that Roberts had been in the sights of the G-men. Earlier in 2015, other agents had visited him twice at One World Labs to discuss his research on aircraft hacking, which he and a colleague had been pursuing for years, even conducting simulated penetrations of avionics systems under laboratory conditions. In one of those meetings, Roberts admitted that he had hacked into aircraft systems on actual flights on multiple occasions, as well, just “to look around” but had not manipulated anything.

Then, amazingly, he went further, claiming that on one flight he had reached under the seat in front of him, jimmied the cover of an SEB, jacked in a modified Ethernet cable, and using his laptop, hacked into the IFE. From there, he again claimed, he had made his way to the higher-level aircraft control systems, where he had overwritten the code of the plane’s “thrust management computer.” That done, Roberts alleged, he had proceeded to increase the thrust of one of the plane’s engines, causing the aircraft to climb and “fly sideways,” presumably a yawing motion from asymmetric thrust. But the claimed IFE hacks and the alleged engine computer takeover remain unsubstantiated, which questions Roberts’ veracity.

Boeing and other airframe manufacturers are highly doubtful that Roberts could have pulled off these stunts, pointing out that IFEs are isolated from flight-critical control systems. (More on that later.) Consider, too, the constricting seat pitch on contemporary narrowbody jetliners, even in first class, and how difficult it would be to lean forward, find by hand the IFE box under the forward seat row, remove the screws securing the box lid, locate the proper port, etc. without being noticed by other passengers or a flight attendant.

Regardless, a demonstrated provocateur, his claims swing between irresponsibility and a cry for attention, both modes characteristic of that breed of hackers who are compelled to commit cyber mischief — sometimes dangerously — just to test their abilities and garner notoriety. On the other hand, Roberts and his research colleagues have pointed out the potential vulnerability of aviation cyber systems — not just on aircraft but the ground-based infrastructure, as well.

Meanwhile, the FBI is apparently building a case against Roberts based on his stated ability that he could hack into critical systems on board sophisticated aircraft and had developed the software to do it — plus the wiring diagrams of several contemporary airliners found on one of his laptops. One thing is for sure: When news of his salacious inflight tweet reached board members of One World Labs who had investments in the company, they withdrew their financial support causing its collapse, and Roberts subsequently abandoned the enterprise he helped found. In December 2015, former executives of the firm formed a holding company and purchased One World’s assets, subsequently repackaging the venture as a “dark net threat intelligence platform” under the name Owl Cybersecurity.

‘Crazy Different’ and Speaking ‘Off Script’ (Maybe)

Perhaps Robert Hickey also wanted to alert the aviation and security industries that commercial aircraft were vulnerable to hacking when he revealed in a keynote address during the CyberSat Summit in November 2017 at Tysons Corner, Virginia, that a team of experts had remotely hacked into a Boeing 757 (http://awin.aviationweek.com/ProgramProfileDetails.aspx?pgId=637&pgName=Boeing+757) sitting on the ground at Atlantic City. Moreover, the attempt had occurred under the auspices of none other than the Department of Homeland Security (DHS (http://awin.aviationweek.com/OrganizationProfiles.aspx?orgId=122365)).

At the time, Hickey, a retired airline pilot who holds a doctorate in information technology, was aviation program manager in the Cyber Security Division of the DHS Science and Technology Directorate. He had been “detailed” there from the Office of the Director of National Intelligence.

The exercise was carried out in September 2016, Hickey said, as a “remote, non-cooperative, penetration” (i.e., not under laboratory conditions) with no one physically touching the aircraft. His team “stood off” from the legacy Boeing that the DHS had acquired, he claimed, and “using typical stuff that could get through security” was able to establish “a presence on the systems of the aircraft.”

While the details of the hacking test and the research that the S&T Directorate is conducting are classified, Hickey did say that the penetration was accomplished using “radio frequency communications,” adding that based on the RF configuration of most aircraft, “you can come to grips pretty quickly where we went” (again, presumably, into the cabin services equipment) .

Up to this point, the S&T Directorate’s research had primarily been focused on ground-based transportation infrastructure, [i]e.g., air traffic control, but Hickey maintains that there’s another type of critical infrastructure, “and that’s critical infrastructure that’s in motion,” of which aviation represents one-third, the other two-thirds being surface (highway, railroad) and marine. But aviation exists in an environment of its own — far removed from the terrestrial one. Hence the need for the focused research apparently under way at the DHS.

While Hickey’s revelation made the rounds among the intelligence and security community (i.e., it was all over the web), nothing has been heard about the Boeing 757 test since his address at CyberSat. Furthermore, Hickey is no longer working in the S&T Directorate. One aviation industry observer BCA consulted speculated that “Hickey was off-script” when he spoke at the conference. BCA located Hickey at a Washington, D.C., consultancy and attempted to connect with him but had been unsuccessful at press time.

After contacting the DHS, however, we did receive the following statement from spokesman John Verrico in the S&T Directorate: “The Department of Homeland Security established and led a multi-agency team to assess the feasibility of a cyber-intrusion of a commercial aircraft. The Aircraft Cyber Initiative (ACI) project’s objective is to determine whether a cyberattack of commercial aircraft systems is possible and to offer mitigation recommendations for identified cyber vulnerabilities. Our focus was on older legacy aircraft where cybersecurity protections may not have been incorporated in their design.”

Aircraft Avionics Hacking: Is It Possible? Connected Aerospace content from Aviation Week (http://aviationweek.com/connected-aerospace/aircraft-avionics-hacking-it-possible)

https://cimg2.ibsrv.net/gimg/www.gmforum.com-vbulletin/1024x761/hacking_screen_20shot_202018_05_03_20at_204_30_04_20pm_3980a f788338f1aab7ba9dd71941db57b072526e.jpg

“Shall we start playing with EICAS messages?” he tweeted. “‘PASS OXYGEN ON’ Anyone? :)” The smiley face was a nice touch, but the two FBI agents waiting for Roberts in the boarding lounge when the flight landed at Syracuse were not amused. (United cybersecurity personnel had seen the tweet and alerted the Bureau.) They took him into custody and confiscated his two laptop computers and several flash drives, which he admitted contained malware.

I might take some of these claims of hacking aircraft more seriously if they weren't so laughably false. 737 doesn't even have EICAS... 757 flight controls are cable actuated - how the :mad: are they hacking a mechanical system - as are the engines on Rolls - and the PW2000 throttle position is hardwired between the flight deck and the FADEC with no other electrical connections - there is no entryway to hack. 757 flight and engine controls are not just hack resistant, they are hack proof.
Now, perhaps some clever person could affect FMC instructions or nav aids, but no one is going to take control of a 737 or 757 in a manner that can't be immediately remedied by the flight crew.
I'd be a bit more worried if they were talking a FBW aircraft...

I might take some of these claims of hacking aircraft more seriously if they weren't so laughably false. 737 doesn't even have EICAS... 757 flight controls are cable actuated - how the :mad: are they hacking a mechanical system - as are the engines on Rolls - and the PW2000 throttle position is hardwired between the flight deck and the FADEC with no other electrical connections - there is no entryway to hack. 757 flight and engine controls are not just hack resistant, they are hack proof.
Now, perhaps some clever person could affect FMC instructions or nav aids, but no one is going to take control of a 737 or 757 in a manner that can't be immediately remedied by the flight crew.
I'd be a bit more worried if they were talking a FBW aircraft...You're overlooking the fact that a good portion of flight time is under control of the autopilot and autothrottles, which are under the control of the FMS. IF someone could hack into the FMS or convince the pilots to execute a hacked ACARS or CPDLC clearance, he COULD effectively control the flight controls and throttles... HOWEVER, hacking into the FMS doesn't appear to be possible in the scenarios covered here...

I might take some of these claims of hacking aircraft more seriously if they weren't so laughably false. 737 doesn't even have EICAS...

This guy is a B.S. artist from what I can see. More claims about his hacks from a conference talk in 2012 at around 47:00 into the clip:

Those are fun. I got into trouble for playing with the Space Station s**t what was it seven, eight, nine years ... how many years ago was that? Crap. Eight, nine years ago we messed around with the Space Station. We adjusted the temperature on it. It was quite fun. We got yelled at by NASA. If they're going to leave open s**t that's not encrypted that's their own damn silly fault.

...We tried. The Curiosity Rover on Mars. The suggestion was to take that for a spin. We've actually started to investigate it.

The closest we've done is figure out exactly how they're communicating, how they're controlling it, and we might have one or two of the passwords for some of the software that we know are still in default mode. But the problem is actually getting into it without breaking more laws than we're used to breaking. No, I think NASA would probably really get pissed at me for that one.

Might fool a hippie liberal arts major tech journalist though... ;)

https://youtu.be/H0F2J_Xh6MA

You're overlooking the fact that a good portion of flight time is under control of the autopilot and autothrottles, which are under the control of the FMS. IF someone could hack into the FMS or convince the pilots to execute a hacked ACARS or CPDLC clearance, he COULD effectively control the flight controls and throttles... HOWEVER, hacking into the FMS doesn't appear to be possible in the scenarios covered here...

Intruder, I understand what you are saying, but there are protections in place - including the fact that we have human pilots who's job is to monitor and take control if the automatics are misbehaving. I no longer have access to the Boeing AFMs, but I know there are specific words in there regarding the necessity to have validation in place before using ACARS, etc. for anything flight critical. Any competent crew should be able to detect if the aircraft isn't going where they want and take corrective action. Now, if you combine a navigation hack with an incompetent crew that is taking an extended siesta, we could have a problem - but then again a crew taking a siesta mid-flight is a problem even without a hack.

Now, if someone shows they can take control of a FBW aircraft (highly unlikely given what I know about critical system isolation on Boeing aircraft), then I'll sit up and pay attention. What's been claimed so far doesn't pass the sniff test...

This "story" is at least 3-5 years old, and was disproven then - why has it suddenly reappeared? A clickbait website recycling old news?

It's nonsense.

From this evening's CBS Evening News:

By Kris Van Cleave CBS News June 12, 2018, 6:45 PMDHS experts warn it's a "matter of time" before hackers hit commercial airliners
WASHINGTON -- Cybersecurity experts working for the Department of Homeland Security (DHS) issued a sobering warning about the vulnerability of commercial airliners to hackers. The same group of experts hacked a Boeing 757 (https://www.cbsnews.com/news/homeland-security-hacked-boeing-757-jetliner/), and now CBS News is learning more about the government's ongoing efforts to learn about the vulnerabilities.
In a presentation in January, researchers from the Pacific Northwest National Laboratory warned it is "a matter of time before a cybersecurity breach on an airline occurs," according to 119 pages of heavily redacted documents provided by DHS to CBS News. That assessment came after a DHS decision to launch "nose to tail" tests of a Boeing 757 for hacking weak spots.

The documents, which were first reported by the website Motherboard (https://motherboard.vice.com/en_us/article/d3kwzx/documents-us-government-hacking-planes-dhs), show DHS planned to begin developing mitigation efforts to protect against cyberattacks in 2017.

Those tests came after a DHS team led by Dr. Robert Hickey took just two days to hack remotely into the plane while it was parked at a Federal Aviation Administration (FAA) facility at the Atlantic City Airport in September of 2016.

The DHS team gained access through the plane's radio frequency communications using "typical stuff" that could be brought through airport security. In response, DHS officials scheduled further hacking attempts on the plane, including efforts to access flight management, life support, autopilot, the plane's electrical and fuel systems as well as its engines.

"I think we've come to realize that cyberthreat is everywhere," said Ron Hosko, former assistant director of the FBI. "My fear is that our nation acts most directly when they're on the backside of a crisis. The crisis has occurred we lose a lot of lives and now we're prepared to put money into infrastructure."


https://www.cbsnews.com/news/cybersecurity-dhs-experts-warn-its-a-matter-of-time-before-commercial-airliners-get-hacked/

This "story" is at least 3-5 years old, and was disproven then - why has it suddenly reappeared? A clickbait website recycling old news?

It's nonsense.

I think that you are right - it is click bait for the gullible which these days is a considerable audience.

Well I still have not discounted this as a scenario in case of MH370

The article linked in the OP's post makes it clear, for anyone who cares to read it, how the situation today differs from that four years ago when the story originally broke. What was then only a theoretical scenario can now, we're told, be demonstrated to be feasible.

Given that the article refers to a conference presentation that isn't due to be delivered until August, it's a little premature to dismiss it as yesterday's news/nonsense/clickbait. Let's hear what he has to say before passing judgement.

Black Hat USA 2018 (https://www.blackhat.com/us-18/briefings.html)

Well I still have not discounted this as a scenario in case of MH370

I haven't discounted alien abduction either, but that doesn't mean to say there's any evidence to support it.

Why are they doing a test on a B757, get an 787 and a A 350. All fly by wire.

What are these wicked hackers alleged to be planning? My airliner has a red "OFF" button on the automatics and two individuals with a honed sense of self-preservation to press it if we ever started heading off somewhere we don't want to go.

In a modern transport aircraft, one cannot really turn the automatics off -- even "flying manually" relies on a lot of computing. The engines simply cannot run without the FADEC and a whole lot of other computer stuff. As for the pilot's eyes and ears, yes, there may be a couple of steam gauges on the panel, but most of the information displayed to the pilots is processed by a large number of computers before appearing on the displays. As for heading off somewhere you don't want to go, it's entirely feasible for an attacker to have your instruments telling you that you are on course to your selected destination when in fact something entirely different is actually happening.

Any competent crew should be able to detect if the aircraft isn't going where they want and take corrective action

To pick one simple example: If the selected track and altitude were 045 and FL390, and *all* of the displays were all showing data consistent with that, including updated GPS positions, etc. but the airplane was actually tracking 065 at FL300, how quickly do you think a crew would notice? My bet is on "never".

I will say this, a lot of interesting "unfixable" problems have been found the last few years for computers in general. As a programmer the "rowhammer" exploit amuses me a lot, for example. Or the more recent meltdown and spectre cpu bugs. If you cant trust neither Cpu nor memory to behave as expected it suddenly takes much more effort to write secure software.

So, in theory, there could be a lot of "hard to fix" bugs in the flying hardware. But it would still require _some_ physical or logical access, unless you come out with superfancy radio-intereference stuff, but that really sounds like science-fiction...

To pick one simple example: If the selected track and altitude were 045 and FL390, and *all* of the displays were all showing data consistent with that, including updated GPS positions, etc. but the airplane was actually tracking 065 at FL300, how quickly do you think a crew would notice? My bet is on "never".

Ok, so lets go with this scenario. For example, spoofing GPS is clearly possible since even Wikipedia lists several suspected and/or confirmed events. But the airplane has an IRU, and that I'm almost 100% certain is hack-proof! What happens if that and GPS deviates? I'm not even a pilot so I have no idea. The idea that someone could hack _all_ the instruments required to spoof altitude and position to the pilots, _from the ground_, still sounds insane to me.

As a service technician though with access to the hardware, that would be a completely different scenario. Is that whats meant by "from the ground" =)

To pick one simple example: If the selected track and altitude were 045 and FL390, and *all* of the displays were all showing data consistent with that, including updated GPS positions, etc. but the airplane was actually tracking 065 at FL300, how quickly do you think a crew would notice? My bet is on "never".

OK, I'll bite. How many different, separate systems would need to be successfully hacked for all the flight deck systems to agree on the wrong heading and altitude with no warnings or indications? Oh, and don't you think ATC might notice ask what's going on, or are we going to hack ATC too?
Anyone who's that proficient at hacking would be too busy moving billions of dollars into their bank accounts to bother with hacking an aircraft...

As for heading off somewhere you don't want to go, it's entirely feasible for an attacker to have your instruments telling you that you are on course to your selected destination when in fact something entirely different is actually happening.

No it isn't.

Apart from anything else, there is a backup instrument(s) that is completely independent of all other systems. A hacker cannot connect to it because there is nothing to connect to..

This is all complete and utter nonsense.

Ok, so lets go with this scenario. For example, spoofing GPS is clearly possible since even Wikipedia lists several suspected and/or confirmed events. But the airplane has an IRU, and that I'm almost 100% certain is hack-proof! What happens if that and GPS deviates? I'm not even a pilot so I have no idea. The FMS monitors the GPS, and takes it out of the loop if it deviates too much.

Why are they doing a test on a B757, get an 787 and a A 350. All fly by wire.

The basic avionics systems are the same - in fact the 757 should be easier to hack given that some of the system architecture is less advanced.

My issue with these stories is that there is never any detail over what system has been 'hacked' and what this hack consists of. Getting into the on-board wifi and turning off the IFE system would be inconvenient (assuming you could even do that) but would have no effect on the operation of the aircraft.

The basic avionics systems are the same - in fact the 757 should be easier to hack given that some of the system architecture is less advanced..

Er, are you sure? My understanding of the 787 is that there is absolutely nothing similar to any earlier Boeing in its avionic system architecture.

The 757 is hard wired. No fly by wire, no ethernet, no fibre optics, and no wifi. The computers are individual units, not software within independent processor modules.

Neither can be hacked from the ground. Its hard enough trying to connect the damn maintenance laptop! Bring back the 777 MAT!

BAe
My point exactly.
I am not interested if my WW Bettle anno 1967, eeh sorry, My 737-800 can be hacked! I know I can always put the blue side up and go up and sort things out. Because it is basic, so is the 757. What is interesting to know is what can be done practically and theoretically with a modern Fly By Wire aircraft.
My guess is not much.
For example the IF entertainment system has no connection whatsoever to any other AC system.
Secondly.
Anyone that has ever visited the avionics Bay and are qualified to fly any modern plane, knows that we are always talking about 2+2!
Two channels working together and two more doing the same task , independently , comparing and voting out any " loony" channel.
The amount of boxes that has to be manipulated and coordinated and for a Hacker to fool all of them, Nahh , not happening from the outside!

With regards to an educated , undercover agent gaining access to the plane on the ground with damaging software , now that is also unlikely as it has to be pretty comprehensive and "professional" stuff.
There is several ways of doing that, but we shall not get into that shall we! A bit to paranoid and 007 that is, anyway.

A safe Departure and Arrival to all!
Cpt B

What is interesting to know is what can be done practically and theoretically with a modern Fly By Wire aircraft.
My guess is not much.
For example the IF entertainment system has no connection whatsoever to any other AC system.

So the flight-tracking display on the IFE is powered by guesswork ?

Er, are you sure? My understanding of the 787 is that there is absolutely nothing similar to any earlier Boeing in its avionic system architecture.

The 757 is hard wired. No fly by wire, no ethernet, no fibre optics, and no wifi. The computers are individual units, not software within independent processor modules.

Neither can be hacked from the ground. Its hard enough trying to connect the damn maintenance laptop! Bring back the 777 MAT!

I was talking about the basic systems - GPS, Autoflight, Weather Radar, Comms etc. They all operate in basically the same way using similar technology. the only real difference between something like an A380 and a B757 is that instead of multiple boxes you have a single 'mainframe' computer with all the functions contained within that one computer system.

As for FBW - well the B757 did have FBW (Spoilers), in fact I believe it was the first Boeing passenger aircraft to have FBW installed.

That is right Sir, just like Your posts!!

I was talking about the basic systems - GPS, Autoflight, Weather Radar, Comms etc. They all operate in basically the same way using similar technology. the only real difference between something like an A380 and a B757 is that instead of multiple boxes you have a single 'mainframe' computer with all the functions contained within that one computer system.

As for FBW - well the B757 did have FBW (Spoilers), in fact I believe it was the first Boeing passenger aircraft to have FBW installed.

No, they are not 'basically the same' - entirely different technologies, particularly in the area of system communications - communication being the pathway for a potential hack (unless were talking about someone physically loading hacked software on the ground via access to the ebay). The 757 communication is based on ARINC 429 - one way communication, hard wired, nearly impossible to hack since you need to be physically connected to a point-to-point one way data bus. I don't know much about the A380 avionics, but the 777 uses ARINC 629 - a 'serial' data bus, with multiple systems communicating with each other over a common bus - far from 'hack proof' - if you get into one system you can potentially affect multiple systems. Then again, the 777 has protections and firewalls to prevent such a thing. The 787 uses AFDX - an Ethernet based serial system where multiple systems communicate over the same bus (functionally similar to the 777 ARINC 629 but entirely different technology.

Like I said before, I'd pay more attention to this if the claims to date weren't so laughably false - reporters that write this garbage are easily fooled, but the people who know and work on these systems know better.
Now, if someone claimed to hack a 777 or a 787, I'd be interested in whatever evidence they have, since while there are protections in place, there is at least a theoretical possibility of hacking into an ARINC 629 or AFDX based communication system. But when their 'examples' are 757 and 737 - both ARINC 429 based aircraft - they are clearly talking out their rear ends.

Thanks TD.
This is why I find it slightly counter productive ,and not in any way calming for the general Public that Homeland Security or FBI or the likes feed this kind of BS to the press.
At least do a test on a modern aircraft.

No, they are not 'basically the same' - entirely different technologies, particularly in the area of system communications - communication being the pathway for a potential hack (unless were talking about someone physically loading hacked software on the ground via access to the ebay).


Well i am not going to get into an argument but the Inertial Navigation System on a 757 is an ADIRU containing a laser ring gyro - which is the same technology as used in the 777. I totally agree that the way the system talks to each other is different but the basic system architecture for INS, GPS, ACARS etc etc is not that different.

Well i am not going to get into an argument but the Inertial Navigation System on a 757 is an ADIRU containing a laser ring gyro - which is the same technology as used in the 777. I totally agree that the way the system talks to each other is different but the basic system architecture for INS, GPS, ACARS etc etc is not that different.

The subsystem architectures may not be different but the kind of cross checking that is done between ADIRU and GPS and GPS and Altimeters and so on is far more sophisticated. Not only that but the cross checking software is replicated in different processes sometimes written in different software to the same spec. All these duplexed and triplexed subsystems are designed to watch each other for mismatched outputs and out of specification behavior. This makes it very difficult for a hacker to proceed even in the extremely unlikely event that they manage to access one of these subsystems.

The subsystem architectures may not be different but the kind of cross checking that is done between ADIRU and GPS and GPS and Altimeters and so on is far more sophisticated. Not only that but the cross checking software is replicated in different processes sometimes written in different software to the same spec. All these duplexed and triplexed subsystems are designed to watch each other for mismatched outputs and out of specification behavior. This makes it very difficult for a hacker to proceed even in the extremely unlikely event that they manage to access one of these subsystems.


I totally agree with you - which is why I said earlier that in theory it should be easier to hack earlier generation aircraft. As far as we know that has never happened to any significant degree so I feel that the danger from some hacker in Moscow steering a passenger jet into a building is somewhat overblown.

Well i am not going to get into an argument but the Inertial Navigation System on a 757 is an ADIRU containing a laser ring gyro - which is the same technology as used in the 777. I totally agree that the way the system talks to each other is different but the basic system architecture for INS, GPS, ACARS etc etc is not that different.
Disclaimer ..I have never worked in the aviation industry..
If the AFDX works like TTEthernet, Then it is theoretically possible to compromise the system by re-configuring the AFDX switches, this makes it possible to impersonate data from all ADIRU's from one node in the network.
The question is how good the safety related networks, are separated from other networks..
The QoS of AFDX, and especially TTEthernet can separate the traffic (i.e. safety and non safety related), but the safety case in the older IEC61508 only takes 'babbling nodes' and foreseeable misuse into account, not someone deliberately hacking the system.

Chrysler have had some problems separating the different networks, they even have a small CPU acting as a firewall between between two networks.
The problem is that it can be updated from the infotainment side.

BAENGineer. Look at the systems on a 787. There are two separate independent 'mainframes'. Either ccan be switched off by the crew.. Multiple channel independent software operating through multiple independent CPU Modules.
It ain't going to happen.

What ain't gonna happen? :confused:

Being hacked from the ground while in flight. That is what the thread is about isnt it?

I dont think its possible at the moment but I would never say never.

BAENGineer. Look at the systems on a 787. There are two separate independent 'mainframes'. Either ccan be switched off by the crew.. Multiple channel independent software operating through multiple independent CPU Modules.
It ain't going to happen.
Are the networks hardware federated or do they share the same cabling?

What are these wicked hackers alleged to be planning? My airliner has a red "OFF" button on the automatics and two individuals with a honed sense of self-preservation to press it if we ever started heading off somewhere we don't want to go.

If you are still conscious.

Hacking into my aircraft will be extremely difficult. Even those who physically wired to the aircraft with appropriate permissions find it difficult to perform updates. And judging by the bugs in our current version of software, I reckon not even the flight control software writer has a clue what’s under the bonnet. So how will a hacker get in? I’m not saying never, but I think this story has been over-hyped. Maybe someone is writing a book or trying to publish a paper?

PM

" I reckon not even the flight control software writer has a clue what’s under the bonnet. So how will a hacker get in? "

er hrmmmm precisely!

And judging by the bugs in our current version of software, I reckon not even the flight control software writer has a clue what’s under the bonnet. So how will a hacker get in?

You have just described the principal factor that lies behind most software hacking exploits.

It would be more relevant to ask how will hackers be kept out. :O

" I reckon not even the flight control software writer has a clue what’s under the bonnet. So how will a hacker get in? "

er hrmmmm precisely!
If you can gain bus access and tap/sniff the data stream, it wouldnt be difficult to figure out the various Flight control inputs due to the phase of flight, as each LRU has an address and typically,a data stream whose basic format is public knowledge via Wikipedia (ARINC 429). Typically, a couple of bits for the address, a couple of status bits, a couple of command bits including the likes of control deflection, followed by a parity bit.

Fortunately, I dont think anyone is advocating the Flight Control Bus being shared with the in flight entertainment. On the Boeing, I understand the system is completely federated.

This link (https://www.langner.com/wp-content/uploads/2017/03/to-kill-a-centrifuge.pdf) is an interesting read into the art of the possible and why its really important to have decent protections in place for anything accessing safety critical data buses. Once in, its not that hard to emulate a controller.v

Next time the "hacker alarm" goes off - a full scientific report should be published that could answer a couple of questions and put the sensationalism aside:

1. Is it possible to "hack" flight control systems and autopilots etc systems from the ground over one of the available datalinks?

If the answer is "yes":

What datalink?
What equipment do I need?
Do I need to "hack" some other facility first (such as a maintenance facility and then hack the aircraft from there)?

2. If we assume that I am able to "hack" the aircraft, the next series of questions come up:

Which systems can I enter?
What can I do with them?
What happens to my "hacking" if the pilot pull the circuit breakers (for example if I start to change different settings on the autoflight system such as changing heading on the A/P, reducing speed on the A/THR etc)?

3. If the "ground-to-air hacking" isn't possible and the argument start to revolve around "hacking" from the cabin comes the next set of questions:

Through which system do I gain access?
Do I need to do something in the avionics bay (such go through the maintenance terminals/connections)?
What equipment do I need to bring onboard to do the "hacking"?
What happens to my "hacking" if the pilot pull the circuit breakers?

If anyone can provide a link to a proper scientific report that can provide answers to those questions and also deal with the most important one - namely the possible consequence (i.e. if "hacking" can make an aircraft uncontrollable) I think the thread could become more useful.

If I am sitting in the cabin "hacking away" like there's no tomorrow and the pilot decide to power down the cabin bus - would I still be able to do my thing when the IFE and WiFi etc goes down?

A "hack" that is unable to survive "pull circuit breaker 2-A" isn't a particular threat, is it?

Same thing if I would "hack" the A/THR and the pilot disconnect it when I decide to throttle back to idle... Annoying perhaps but it's a matter of disconnecting it and then set the thrust manually and later give it another go (engaging it again).

It is first when the hacker can take full control of the aircraft AND the hack are able to survive circuit breaker resets and power downs of different buses that we can talk about a serious threat.

Same thing with "managed to hack A/P 1" - OK, A/P 1 disconnected, A/P 2 and 3 connected. Problem solved.

Hacks that require different modifications of the aircraft (i.e. software replacements and the installation of extra equipment) isn't exactly like the sensationalism of "Someone claimed that he were able to reduce thrust on the engines by hacking the aircraft through the IFE system".

There should be practical demonstrations and proper scientific reports about "hacking the aircraft" if it is to be treated as a serious threat. "It is theoretically possible to hack..." doesn't feel to convincing, does it?

I just want to point out that after the Swiss Air crash in Canada years ago the IFE is isolated by a single switch in all airliners , it is a requirement !
Next to the Coffeemaker in the 737 (Galley + pax stuff).

Also the IFE is not in contact with the FMC or any Flight-control computers, whatsoever!

I just want to point out that after the Swiss Air crash in Canada years ago the IFE is isolated by a single switch in all airliners , it is a requirement !
Next to the Coffeemaker in the 737 (Galley + pax stuff).

Also the IFE is not in contact with the FMC or any Flight-control computers, whatsoever!

Bad news, it kills my scenario for sensationalist media: The hacker that goes through the IFE and convert all throttle commands into IDLE. I.e. any commanded thrust setting are changed to idle when it reach the engine/FADEC.

It would be something to send in an email outlining a scenario where the engines goes to idle, nothing works, resetting circuit breakers, disconnecting A/THR, nothing works. Finally they turn off the cabin bus and higher thrust settings becomes available again. Disaster averted.

I just want to point out that after the Swiss Air crash in Canada years ago the IFE is isolated by a single switch in all airliners , it is a requirement !
Next to the Coffeemaker in the 737 (Galley + pax stuff).

Also the IFE is not in contact with the FMC or any Flight-control computers, whatsoever!

So where does the IFE get data for headwind?

C Sid
GPS, Separate, You can even use your phone in the airplane mode and use the GPS
Next question.

If you have a GPS that can determine headwind without any other inputs then it's a very clever device indeed.

So where does the IFE get data for headwind?
Be interested to see where it gets inertial reference, mag heading, airspeed and barometric altitude from as well.

Disclaimer - I don't know how they do this on newer networked aircraft like the 787, but the systems on the 737, 747, 757, and 767 use ARINC 429 ONE WAY data busses to communicate aircraft information to the IFE. I'm repeating myself (again), but ARINC 429 is effectively hack proof because it's one-way (so it's impossible to corrupt the source from the destination), and you need a physical connection to put data on the bus.
The most a hacker could hope to due via the IFE would be to take down the ARINC 429 data bus.
Just one of the many things that make the hacking claims so laughably fake...

Thanks TD
For those of you that did not read my last line, please do so again.
The IFE does not have any INPUT to anything flight critical. It listens to some basic OUTPUT. One way Street!
Lets put it this way : The IFE is as much in contact with BBC News as You are when watching TV. Yell as much as You can : They cant hear You!
They , on the other hand are in contact with You.

Not a way to hack an airborne aircraft, Right!!??

Centrifuges were hacked via a USB stick.

Avionics are not (currently) accessible via any known hacking methods.

Recent Aviation Week article which has clear explanation on this. (Aircraft Avionics Hacking: Is It Possible? from May 22 2018)


In its Special conditions for the 787, the FAA, in the Federal register / Vol. 73, No. 1 / Wednesday, January 2, 2008 said this:
"This airplane will have novel or unusual design features when compared to the state of technology envisioned in the airworthiness
standards for transport category airplanes. These novel or unusual design features are associated with connectivity of the passenger domain
computer systems to the airplane critical systems and data networks."

Disclaimer - I don't know how they do this on newer networked aircraft like the 787, but the systems on the 737, 747, 757, and 767 use ARINC 429 ONE WAY data busses to communicate aircraft information to the IFE. I'm repeating myself (again), but ARINC 429 is effectively hack proof because it's one-way (so it's impossible to corrupt the source from the destination), and you need a physical connection to put data on the bus.
The most a hacker could hope to due via the IFE would be to take down the ARINC 429 data bus.
Just one of the many things that make the hacking claims so laughably fake...

ARINC429 is a 2 way data buss with separate TX and RX wires. So long as the IFE is only connected as a receiver (and no doubt that it is) then you are fine. There is no way a hardware receiver can become a transmitter which is what would be needed to affect the buss. Taking down the buss should not be possible unless there was some really bad hardware design errors in the IFE receiver. Taking down the ARINC429 buss I suspect would be seriously inconvenient,

In its Special conditions for the 787, the FAA, in the Federal register / Vol. 73, No. 1 / Wednesday, January 2, 2008 said this:
"This airplane will have novel or unusual design features when compared to the state of technology envisioned in the airworthiness
standards for transport category airplanes. These novel or unusual design features are associated with connectivity of the passenger domain
computer systems to the airplane critical systems and data networks."

I think some of Airbus' comments are very enlightening:
AIRBUS Comment (a): Airbus said that the meaning of “shall ensure system security protection * * * from unauthorized external access” in the first sentence is not accurate enough. Airbus commented that this could be interpreted as a zero allowance and demonstrating compliance with such a requirement all through the aircraft's life cycle is quite impossible since security threats evolve very rapidly. The commenter maintained that the only possible solution to such a requirement would be no link and no communication at all between the aircraft and the outside world. Airbus asked, “if some residual vulnerabilities are allowed, which criteria have to be used to assess their acceptability?”

AIRBUS Comment (d): Airbus said that the external environment needs to be characterized in order to determine which threats the Aircraft Control Domain and Airline Information Domain must be protected from. Questions to be answered include who can and cannot access; who is and is not trusted; and what threat source profile must be considered. The commenter asked whether only new communication media (like internet protocol (IP) communications) would be considered not trusted, or whether all communications, including existing communications for which no security requirements have been applied up to now, would be considered not trusted. Airbus gave ACARS (the Aeronautical Radio Incorporated Communication Addressing and Reporting System) as an example of existing communications that currently have no security requirements.