ADS-B Secure..??
Thread Starter
ADS-B Secure..??
Does anybody reckon that 'this' is possible / probable..??
From today's AvWeb....
FAA: No Hacking ADS-B Via Android App
A new claim by a security consultant that he could take control of an aircraft's autopilot through vulnerabilities in ADS-B has elicited a response from the FAA, which said, in part, "It does not work." The consultant, Hugo Teso, recently made headlines for himself and his employer when he demonstrated an Android app of his creation at a security conference in Amsterdam. Teso used his system to remotely hack into Flight Management System (FMS) software and upload data. He claimed that access allowed him to control the aircraft. The FAA has now responded saying it has determined that Teso's exact technique would not work on certified hardware. EASA agreed, but questions remain.
The FAA has been hounded by concerns that its NextGen air traffic control system includes pathways of communication that are vulnerable to hackers and addressed similar concerns just last year. Responding to the most recent concern, the FAA said "the described technique cannot engage or control the aircraft's autopilot system using the FMS or prevent a pilot from overriding the autopilot." EASA noted that Teso's demonstration hacked training software, as opposed to embedded FMS software. It said that major differences between the two systems meant Teso did not face "the same overwriting protection and redundancies" included in certified flight software. Teso is a certified pilot and works for a company called N.Runs, a security consultancy in Germany. The company has said Teso's work aims to ensure that vulnerabilities in FMS software are addressed in such a way that they remove the possibility of similar hacking threats. Find Teso's presentation slides here (PDF).
Hmmm....
From today's AvWeb....
FAA: No Hacking ADS-B Via Android App
A new claim by a security consultant that he could take control of an aircraft's autopilot through vulnerabilities in ADS-B has elicited a response from the FAA, which said, in part, "It does not work." The consultant, Hugo Teso, recently made headlines for himself and his employer when he demonstrated an Android app of his creation at a security conference in Amsterdam. Teso used his system to remotely hack into Flight Management System (FMS) software and upload data. He claimed that access allowed him to control the aircraft. The FAA has now responded saying it has determined that Teso's exact technique would not work on certified hardware. EASA agreed, but questions remain.
The FAA has been hounded by concerns that its NextGen air traffic control system includes pathways of communication that are vulnerable to hackers and addressed similar concerns just last year. Responding to the most recent concern, the FAA said "the described technique cannot engage or control the aircraft's autopilot system using the FMS or prevent a pilot from overriding the autopilot." EASA noted that Teso's demonstration hacked training software, as opposed to embedded FMS software. It said that major differences between the two systems meant Teso did not face "the same overwriting protection and redundancies" included in certified flight software. Teso is a certified pilot and works for a company called N.Runs, a security consultancy in Germany. The company has said Teso's work aims to ensure that vulnerabilities in FMS software are addressed in such a way that they remove the possibility of similar hacking threats. Find Teso's presentation slides here (PDF).
Hmmm....
Last edited by Ex FSO GRIFFO; 13th Apr 2013 at 15:47.
Join Date: Aug 2012
Location: Bathurst NSW AUS
Posts: 76
Likes: 0
Received 0 Likes
on
0 Posts
I can see a couple of little issues before you can even see the code in the FMS.
Bluetooth operates in the 2.4Ghz band and WiFi in the 2.4 Ghz and 5Ghz band, ADS-B operates at 980 & 1080Mhz, so a standard Andoid device can't even see the ADS-B signals.
I suppose if your really clever you could hack the 3G chipset to see and transmit to ADS-B, but this is 'secret squirel' stuff and beyond the capability of people without an indepth engineering background.
You could use 3G to connect to a ground based server and then transmit from an ADS-B system back to an aircraft, but you would need to know the aircraft UID.
Once your talking 'ADS-B' you then of course have to make sure your 'errant data' is not filtered out as being invalid, the you have to have a data path to the FMS, again make sure the data is not filtered out, have direct access to the code, and subroutines, and be able to lock and re-write code on the fly (pun intended).
While none of this is actually impossible, It's beyond the capabilities of an Android device, and you would also need some pretty specific information.
Bluetooth operates in the 2.4Ghz band and WiFi in the 2.4 Ghz and 5Ghz band, ADS-B operates at 980 & 1080Mhz, so a standard Andoid device can't even see the ADS-B signals.
I suppose if your really clever you could hack the 3G chipset to see and transmit to ADS-B, but this is 'secret squirel' stuff and beyond the capability of people without an indepth engineering background.
You could use 3G to connect to a ground based server and then transmit from an ADS-B system back to an aircraft, but you would need to know the aircraft UID.
Once your talking 'ADS-B' you then of course have to make sure your 'errant data' is not filtered out as being invalid, the you have to have a data path to the FMS, again make sure the data is not filtered out, have direct access to the code, and subroutines, and be able to lock and re-write code on the fly (pun intended).
While none of this is actually impossible, It's beyond the capabilities of an Android device, and you would also need some pretty specific information.
Last edited by garrya100; 13th Apr 2013 at 23:36.
Join Date: Jun 2007
Location: NSW
Posts: 436
Likes: 0
Received 0 Likes
on
0 Posts
Found a link his presentation . Which doesn't make much sense without some explaining it. Like to see the video .
Hacker uses an Android to remotely attack and hijack an airplane | Computerworld Blogs
http://conference.hitb.org/hitbsecco...o%20Series.pdf
Seems he bought some hardware off Ebay and played with that .
Think it would be simpler to buy a Nav Test set and play with VOR , ILS GS and MB signals in the plane. Even then the strength of a NAV box isnt that great , when testing a MB you need to be basically on top of the antenna to get a response.
Something like this : NC 2210A NAV/COM RAMP TESTER from Aircraft Spruce
Probably too many bad ideas in that paragraph :-/
Hacker uses an Android to remotely attack and hijack an airplane | Computerworld Blogs
http://conference.hitb.org/hitbsecco...o%20Series.pdf
Seems he bought some hardware off Ebay and played with that .
Think it would be simpler to buy a Nav Test set and play with VOR , ILS GS and MB signals in the plane. Even then the strength of a NAV box isnt that great , when testing a MB you need to be basically on top of the antenna to get a response.
Something like this : NC 2210A NAV/COM RAMP TESTER from Aircraft Spruce
Probably too many bad ideas in that paragraph :-/
On the phone only so cannot link.
found a paper by Andrei. He leaves a lot of holes in his argument. The only vulnerability that can be.exploited is Rx. The ground based locks out an signal it doesn't recognize. However to use a supposed vulnerability in a transponder to hack an ACARS message to over ride FMS commands is a bit too far out there even for the bomber.
found a paper by Andrei. He leaves a lot of holes in his argument. The only vulnerability that can be.exploited is Rx. The ground based locks out an signal it doesn't recognize. However to use a supposed vulnerability in a transponder to hack an ACARS message to over ride FMS commands is a bit too far out there even for the bomber.
Join Date: Jun 2012
Location: Central Hub
Posts: 89
Likes: 0
Received 0 Likes
on
0 Posts
Even if this was possible, wouldn't CPDLC be a more serious threat? I'd imagine it's relatively easy to hack into one of the international systems and pass along incorrect info. All you need to do is tell the pilot to do the wrong thing and they will do it. If the FMS does the wrong thing any pilot worth his salt will question it.
One of the aircraft I operate uses a "windows" based FMS with integrated ADSB, SBAS, XM weather (obviously useless in Aus) and satellite 3G connection; Several integral links to ground based communication, but I fail to see how anyone could "hack" any of these systems and access the FMS. Not to mention without me noticing.
One of the aircraft I operate uses a "windows" based FMS with integrated ADSB, SBAS, XM weather (obviously useless in Aus) and satellite 3G connection; Several integral links to ground based communication, but I fail to see how anyone could "hack" any of these systems and access the FMS. Not to mention without me noticing.
Join Date: Aug 2009
Location: Australia
Posts: 632
Likes: 0
Received 0 Likes
on
0 Posts
Having been in this game for a long time, I have no reason to believe that there are no programming errors in the FMS (and the ACARS link to it) that would allow for either overwriting data that should not be overwritten, or arbitrary command execution.
I can't imagine a hack so sophisticated it would take control away from the pilots, but crashing the FMS or updating routes, that's entirely plausible.
It's happened to so many software system and so often that to believe the entirely unsecured ACARS system could not be vulnerable is naive to say the least.
How a simple programming error can lead to disaster: Buffer overflow - Wikipedia, the free encyclopedia
I can't imagine a hack so sophisticated it would take control away from the pilots, but crashing the FMS or updating routes, that's entirely plausible.
It's happened to so many software system and so often that to believe the entirely unsecured ACARS system could not be vulnerable is naive to say the least.
How a simple programming error can lead to disaster: Buffer overflow - Wikipedia, the free encyclopedia
