Go Back  PPRuNe Forums > Flight Deck Forums > Rumours & News
Reload this Page >

In-Flight Airplane hacked - from the ground

Rumours & News Reporting Points that may affect our jobs or lives as professional pilots. Also, items that may be of interest to professional pilots.

In-Flight Airplane hacked - from the ground

Old 10th Jun 2018, 02:49
  #21 (permalink)  
 
Join Date: May 2000
Location: Seattle
Posts: 3,113
Originally Posted by The Green Goblin View Post
Mostly yoy manually build a plan on the ground from saved routes.
Depends on the airline...
Intruder is online now  
Old 10th Jun 2018, 10:20
  #22 (permalink)  
 
Join Date: Apr 2008
Location: Up high
Posts: 542
Even if you download an acars flightplan, you still check it and both verify it before you activate it
That is not the point, obviously the malicious software is not going to say "ready to install hack? yes-no". The point is that there IS a connection between ACARS and the FMGC therefore that connection can be potentially hacked. The fmgc can command pitch, roll and thrust. It can also has the performance databases that can also be potentially altered.

The Iranian centrifuges where hacked even though they had no physically connection to the outside world. It was done by introducing the malware in a routine software update of one of the components. In the same way that the many computers in modern aircraft are routinely updated.
Elephant and Castle is offline  
Old 10th Jun 2018, 12:04
  #23 (permalink)  
 
Join Date: Aug 2013
Location: PA
Age: 54
Posts: 36
Avionics are not (currently) accessible via any known hacking methods.
Thats funny.
underfire is offline  
Old 10th Jun 2018, 21:02
  #24 (permalink)  
 
Join Date: Feb 2002
Location: UK
Age: 54
Posts: 2,648
Putting that to the side both the database and the basic FMGC software is routinely updated, any one of those updates can introduce malicious code with expanded functionality.

In the same way that the many computers in modern aircraft are routinely updated.
Most (I cannot say all as I do not know them all) aircraft avionics software updates are done through hard wired data loaders not wifi. The hackers would need to break into the software manufacturers and alter the software from the ground up. This idea of hacking into aircraft systems is fanciful. Even if the IFE or Satcom could be hacked remotely, there are a couple of big buttons on the flight deck that will cut the power to them instantly if requred.
TURIN is offline  
Old 11th Jun 2018, 18:49
  #25 (permalink)  
 
Join Date: Dec 2001
Location: Leeds, UK
Posts: 281
there's still some suspicion that several of the many recent US Navy collisions in the Pacific were caused by hacks to the ships GPS/Navigation system by naughty State bodies...

G

Last edited by groundbum; 11th Jun 2018 at 18:50. Reason: typo
groundbum is offline  
Old 11th Jun 2018, 22:25
  #26 (permalink)  
 
Join Date: May 2000
Location: Seattle
Posts: 3,113
I don't know where that "suspicion" comes from (other than unfounded rumor). If you read the preliminary reports, you'll find there is NO tie to any hacks, GPS or otherwise.
Intruder is online now  
Old 11th Jun 2018, 22:44
  #27 (permalink)  
 
Join Date: Jun 2001
Location: Rockytop, Tennessee, USA
Posts: 4,895
Originally Posted by Intruder View Post
I don't know where that "suspicion" comes from (other than unfounded rumor). If you read the preliminary reports, you'll find there is NO tie to any hacks, GPS or otherwise.
Yep, sounds like urban legend, here are the final collision reports for the USS Fitzgerald and the USS John S. McCain:

http://s3.amazonaws.com/CHINFO/USS+F...on+Reports.pdf
Airbubba is online now  
Old 12th Jun 2018, 18:06
  #28 (permalink)  
 
Join Date: Jun 2001
Location: Rockytop, Tennessee, USA
Posts: 4,895
Excerpts from a recent article about airplane hacking in Business and Commercial Aviation:

...So now we introduce Chris Roberts, bad boy hacker, security researcher and one of the founders of One World Labs (now OWL Cybersecurity) in Denver. Brilliant and idiosyncratic, Roberts had been warning of cyber vulnerabilities on commercial aircraft for years, but few in the industry took him seriously. To make his point, in April 2015 aboard a United Airlines Boeing 737-800 en route from Chicago to Syracuse, New York, Roberts logged onto Twitter and sent a tweet from the cabin speculating whether he should hack into the IFE (inflight entertainment system) through the SEB (seat electronic box, one of which is generally mounted under the seats in each row on either side of the aisle of narrow-body jetliners) and then into the cockpit systems.

“Shall we start playing with EICAS messages?” he tweeted. “‘PASS OXYGEN ON’ Anyone? ” The smiley face was a nice touch, but the two FBI agents waiting for Roberts in the boarding lounge when the flight landed at Syracuse were not amused. (United cybersecurity personnel had seen the tweet and alerted the Bureau.) They took him into custody and confiscated his two laptop computers and several flash drives, which he admitted contained malware.

Under interrogation, Roberts said that despite his joking tweet, on the Chicago-Syracuse flight and a previous segment from Denver to Chicago, he had not hacked into either aircraft’s IFE. Nevertheless, in an inspection
of the SEB under the row where Roberts had been sitting on the Denver-Chicago segment, one of the FBI agents wrote in his affidavit request that the cover of the box appeared to have been tampered with. Roberts denied this, as well, claiming that the unit could have been damaged by previous passengers shoving carry-on baggage under the seats.


Come Fly (and Hack) With Me

This was not the first time that Roberts had been in the sights of the G-men. Earlier in 2015, other agents had visited him twice at One World Labs to discuss his research on aircraft hacking, which he and a colleague had been pursuing for years, even conducting simulated penetrations of avionics systems under laboratory conditions. In one of those meetings, Roberts admitted that he had hacked into aircraft systems on actual flights on multiple occasions, as well, just “to look around” but had not manipulated anything.

Then, amazingly, he went further, claiming that on one flight he had reached under the seat in front of him, jimmied the cover of an SEB, jacked in a modified Ethernet cable, and using his laptop, hacked into the IFE. From there, he again claimed, he had made his way to the higher-level aircraft control systems, where he had overwritten the code of the plane’s “thrust management computer.” That done, Roberts alleged, he had proceeded to increase the thrust of one of the plane’s engines, causing the aircraft to climb and “fly sideways,” presumably a yawing motion from asymmetric thrust. But the claimed IFE hacks and the alleged engine computer takeover remain unsubstantiated, which questions Roberts’ veracity.

Boeing and other airframe manufacturers are highly doubtful that Roberts could have pulled off these stunts, pointing out that IFEs are isolated from flight-critical control systems. (More on that later.) Consider, too, the constricting seat pitch on contemporary narrowbody jetliners, even in first class, and how difficult it would be to lean forward, find by hand the IFE box under the forward seat row, remove the screws securing the box lid, locate the proper port, etc. without being noticed by other passengers or a flight attendant.

Regardless, a demonstrated provocateur, his claims swing between irresponsibility and a cry for attention, both modes characteristic of that breed of hackers who are compelled to commit cyber mischief — sometimes dangerously — just to test their abilities and garner notoriety. On the other hand, Roberts and his research colleagues have pointed out the potential vulnerability of aviation cyber systems — not just on aircraft but the ground-based infrastructure, as well.

Meanwhile, the FBI is apparently building a case against Roberts based on his stated ability that he could hack into critical systems on board sophisticated aircraft and had developed the software to do it — plus the wiring diagrams of several contemporary airliners found on one of his laptops. One thing is for sure: When news of his salacious inflight tweet reached board members of One World Labs who had investments in the company, they withdrew their financial support causing its collapse, and Roberts subsequently abandoned the enterprise he helped found. In December 2015, former executives of the firm formed a holding company and purchased One World’s assets, subsequently repackaging the venture as a “dark net threat intelligence platform” under the name Owl Cybersecurity.

‘Crazy Different’ and Speaking ‘Off Script’ (Maybe)

Perhaps Robert Hickey also wanted to alert the aviation and security industries that commercial aircraft were vulnerable to hacking when he revealed in a keynote address during the CyberSat Summit in November 2017 at Tysons Corner, Virginia, that a team of experts had remotely hacked into a Boeing 757 sitting on the ground at Atlantic City. Moreover, the attempt had occurred under the auspices of none other than the Department of Homeland Security (DHS).

At the time, Hickey, a retired airline pilot who holds a doctorate in information technology, was aviation program manager in the Cyber Security Division of the DHS Science and Technology Directorate. He had been “detailed” there from the Office of the Director of National Intelligence.

The exercise was carried out in September 2016, Hickey said, as a “remote, non-cooperative, penetration” (i.e., not under laboratory conditions) with no one physically touching the aircraft. His team “stood off” from the legacy Boeing that the DHS had acquired, he claimed, and “using typical stuff that could get through security” was able to establish “a presence on the systems of the aircraft.”

While the details of the hacking test and the research that the S&T Directorate is conducting are classified, Hickey did say that the penetration was accomplished using “radio frequency communications,” adding that based on the RF configuration of most aircraft, “you can come to grips pretty quickly where we went” (again, presumably, into the cabin services equipment) [I thought it was probably a bogus clearance or flight plan uploaded through a non-secure protocol like ACARS or CPDLC - Airbubba].

Up to this point, the S&T Directorate’s research had primarily been focused on ground-based transportation infrastructure, e.g., air traffic control, but Hickey maintains that there’s another type of critical infrastructure, “and that’s critical infrastructure that’s in motion,” of which aviation represents one-third, the other two-thirds being surface (highway, railroad) and marine. But aviation exists in an environment of its own — far removed from the terrestrial one. Hence the need for the focused research apparently under way at the DHS.

While Hickey’s revelation made the rounds among the intelligence and security community (i.e., it was all over the web), nothing has been heard about the Boeing 757 test since his address at CyberSat. Furthermore, Hickey is no longer working in the S&T Directorate. One aviation industry observer BCA consulted speculated that “Hickey was off-script” when he spoke at the conference. BCA located Hickey at a Washington, D.C., consultancy and attempted to connect with him but had been unsuccessful at press time.

After contacting the DHS, however, we did receive the following statement from spokesman John Verrico in the S&T Directorate: “The Department of Homeland Security established and led a multi-agency team to assess the feasibility of a cyber-intrusion of a commercial aircraft. The Aircraft Cyber Initiative (ACI) project’s objective is to determine whether a cyberattack of commercial aircraft systems is possible and to offer mitigation recommendations for identified cyber vulnerabilities. Our focus was on older legacy aircraft where cybersecurity protections may not have been incorporated in their design.”
Aircraft Avionics Hacking: Is It Possible? Connected Aerospace content from Aviation Week

Airbubba is online now  
Old 12th Jun 2018, 20:01
  #29 (permalink)  
 
Join Date: Jul 2013
Location: Everett, WA
Age: 64
Posts: 2,348
“Shall we start playing with EICAS messages?” he tweeted. “‘PASS OXYGEN ON’ Anyone? ” The smiley face was a nice touch, but the two FBI agents waiting for Roberts in the boarding lounge when the flight landed at Syracuse were not amused. (United cybersecurity personnel had seen the tweet and alerted the Bureau.) They took him into custody and confiscated his two laptop computers and several flash drives, which he admitted contained malware.
I might take some of these claims of hacking aircraft more seriously if they weren't so laughably false. 737 doesn't even have EICAS... 757 flight controls are cable actuated - how the are they hacking a mechanical system - as are the engines on Rolls - and the PW2000 throttle position is hardwired between the flight deck and the FADEC with no other electrical connections - there is no entryway to hack. 757 flight and engine controls are not just hack resistant, they are hack proof.
Now, perhaps some clever person could affect FMC instructions or nav aids, but no one is going to take control of a 737 or 757 in a manner that can't be immediately remedied by the flight crew.
I'd be a bit more worried if they were talking a FBW aircraft...
tdracer is online now  
Old 12th Jun 2018, 21:26
  #30 (permalink)  
 
Join Date: May 2000
Location: Seattle
Posts: 3,113
Originally Posted by tdracer View Post
I might take some of these claims of hacking aircraft more seriously if they weren't so laughably false. 737 doesn't even have EICAS... 757 flight controls are cable actuated - how the are they hacking a mechanical system - as are the engines on Rolls - and the PW2000 throttle position is hardwired between the flight deck and the FADEC with no other electrical connections - there is no entryway to hack. 757 flight and engine controls are not just hack resistant, they are hack proof.
Now, perhaps some clever person could affect FMC instructions or nav aids, but no one is going to take control of a 737 or 757 in a manner that can't be immediately remedied by the flight crew.
I'd be a bit more worried if they were talking a FBW aircraft...
You're overlooking the fact that a good portion of flight time is under control of the autopilot and autothrottles, which are under the control of the FMS. IF someone could hack into the FMS or convince the pilots to execute a hacked ACARS or CPDLC clearance, he COULD effectively control the flight controls and throttles... HOWEVER, hacking into the FMS doesn't appear to be possible in the scenarios covered here...
Intruder is online now  
Old 12th Jun 2018, 21:55
  #31 (permalink)  
 
Join Date: Jun 2001
Location: Rockytop, Tennessee, USA
Posts: 4,895
Originally Posted by tdracer View Post
I might take some of these claims of hacking aircraft more seriously if they weren't so laughably false. 737 doesn't even have EICAS...
This guy is a B.S. artist from what I can see. More claims about his hacks from a conference talk in 2012 at around 47:00 into the clip:

Those are fun. I got into trouble for playing with the Space Station s**t what was it seven, eight, nine years ... how many years ago was that? Crap. Eight, nine years ago we messed around with the Space Station. We adjusted the temperature on it. It was quite fun. We got yelled at by NASA. If they're going to leave open s**t that's not encrypted that's their own damn silly fault.

...We tried. The Curiosity Rover on Mars. The suggestion was to take that for a spin. We've actually started to investigate it.

The closest we've done is figure out exactly how they're communicating, how they're controlling it, and we might have one or two of the passwords for some of the software that we know are still in default mode. But the problem is actually getting into it without breaking more laws than we're used to breaking. No, I think NASA would probably really get pissed at me for that one.
Might fool a hippie liberal arts major tech journalist though...


Airbubba is online now  
Old 12th Jun 2018, 21:58
  #32 (permalink)  
 
Join Date: Jul 2013
Location: Everett, WA
Age: 64
Posts: 2,348
Originally Posted by Intruder View Post
You're overlooking the fact that a good portion of flight time is under control of the autopilot and autothrottles, which are under the control of the FMS. IF someone could hack into the FMS or convince the pilots to execute a hacked ACARS or CPDLC clearance, he COULD effectively control the flight controls and throttles... HOWEVER, hacking into the FMS doesn't appear to be possible in the scenarios covered here...
Intruder, I understand what you are saying, but there are protections in place - including the fact that we have human pilots who's job is to monitor and take control if the automatics are misbehaving. I no longer have access to the Boeing AFMs, but I know there are specific words in there regarding the necessity to have validation in place before using ACARS, etc. for anything flight critical. Any competent crew should be able to detect if the aircraft isn't going where they want and take corrective action. Now, if you combine a navigation hack with an incompetent crew that is taking an extended siesta, we could have a problem - but then again a crew taking a siesta mid-flight is a problem even without a hack.

Now, if someone shows they can take control of a FBW aircraft (highly unlikely given what I know about critical system isolation on Boeing aircraft), then I'll sit up and pay attention. What's been claimed so far doesn't pass the sniff test...
tdracer is online now  
Old 12th Jun 2018, 23:04
  #33 (permalink)  
 
Join Date: May 2005
Location: Aberdeen, UK
Posts: 521
This "story" is at least 3-5 years old, and was disproven then - why has it suddenly reappeared? A clickbait website recycling old news?

It's nonsense.
Slopey is offline  
Old 13th Jun 2018, 02:25
  #34 (permalink)  
 
Join Date: Jun 2001
Location: Rockytop, Tennessee, USA
Posts: 4,895
From this evening's CBS Evening News:

By Kris Van Cleave CBS News June 12, 2018, 6:45 PM

DHS experts warn it's a "matter of time" before hackers hit commercial airliners


WASHINGTON -- Cybersecurity experts working for the Department of Homeland Security (DHS) issued a sobering warning about the vulnerability of commercial airliners to hackers. The same group of experts hacked a Boeing 757, and now CBS News is learning more about the government's ongoing efforts to learn about the vulnerabilities.

In a presentation in January, researchers from the Pacific Northwest National Laboratory warned it is "a matter of time before a cybersecurity breach on an airline occurs," according to 119 pages of heavily redacted documents provided by DHS to CBS News. That assessment came after a DHS decision to launch "nose to tail" tests of a Boeing 757 for hacking weak spots.

The documents, which were
first reported by the website Motherboard, show DHS planned to begin developing mitigation efforts to protect against cyberattacks in 2017.

Those tests came after a DHS team led by Dr. Robert Hickey took just two days to hack remotely into the plane while it was parked at a Federal Aviation Administration (FAA) facility at the Atlantic City Airport in September of 2016.

The DHS team gained access through the plane's radio frequency communications using "typical stuff" that could be brought through airport security. In response, DHS officials scheduled further hacking attempts on the plane, including efforts to access flight management, life support, autopilot, the plane's electrical and fuel systems as well as its engines.

"I think we've come to realize that cyberthreat is everywhere," said Ron Hosko, former assistant director of the FBI. "My fear is that our nation acts most directly when they're on the backside of a crisis. The crisis has occurred we lose a lot of lives and now we're prepared to put money into infrastructure."
Airbubba is online now  
Old 13th Jun 2018, 16:40
  #35 (permalink)  
 
Join Date: Dec 2006
Location: Florida and wherever my laptop is
Posts: 1,283
Originally Posted by Slopey View Post
This "story" is at least 3-5 years old, and was disproven then - why has it suddenly reappeared? A clickbait website recycling old news?

It's nonsense.
I think that you are right - it is click bait for the gullible which these days is a considerable audience.
Ian W is offline  
Old 14th Jun 2018, 06:41
  #36 (permalink)  
 
Join Date: Mar 2015
Location: antipodies
Posts: 54
Well I still have not discounted this as a scenario in case of MH370
phylosocopter is offline  
Old 14th Jun 2018, 07:36
  #37 (permalink)  
 
Join Date: Jan 2008
Location: Reading, UK
Posts: 10,589
The article linked in the OP's post makes it clear, for anyone who cares to read it, how the situation today differs from that four years ago when the story originally broke. What was then only a theoretical scenario can now, we're told, be demonstrated to be feasible.

Given that the article refers to a conference presentation that isn't due to be delivered until August, it's a little premature to dismiss it as yesterday's news/nonsense/clickbait. Let's hear what he has to say before passing judgement.

Black Hat USA 2018
DaveReidUK is offline  
Old 14th Jun 2018, 17:59
  #38 (permalink)  
 
Join Date: Feb 2002
Location: UK
Age: 54
Posts: 2,648
Originally Posted by phylosocopter View Post
Well I still have not discounted this as a scenario in case of MH370
I haven't discounted alien abduction either, but that doesn't mean to say there's any evidence to support it.
TURIN is offline  
Old 14th Jun 2018, 18:10
  #39 (permalink)  
 
Join Date: Feb 2013
Location: 60 north
Age: 55
Posts: 19
B757?

Why are they doing a test on a B757, get an 787 and a A 350. All fly by wire.
BluSdUp is offline  
Old 14th Jun 2018, 18:12
  #40 (permalink)  
 
Join Date: Feb 2012
Location: USA
Posts: 210
Originally Posted by ShotOne View Post
What are these wicked hackers alleged to be planning? My airliner has a red "OFF" button on the automatics and two individuals with a honed sense of self-preservation to press it if we ever started heading off somewhere we don't want to go.
In a modern transport aircraft, one cannot really turn the automatics off -- even "flying manually" relies on a lot of computing. The engines simply cannot run without the FADEC and a whole lot of other computer stuff. As for the pilot's eyes and ears, yes, there may be a couple of steam gauges on the panel, but most of the information displayed to the pilots is processed by a large number of computers before appearing on the displays. As for heading off somewhere you don't want to go, it's entirely feasible for an attacker to have your instruments telling you that you are on course to your selected destination when in fact something entirely different is actually happening.
Gauges and Dials is offline  

Thread Tools
Search this Thread

Contact Us Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.