In-Flight Airplane hacked - from the ground
Thread Starter
Join Date: Aug 2004
Location: Charlotte, NC, USA
Posts: 23
Likes: 0
Received 0 Likes
on
0 Posts
In-Flight Airplane hacked - from the ground
Apparently a security researcher has found a way to do this and will present his findings to Black Hat USA in Las Vegas. Details at:
https://www.darkreading.com/vulnerab...q_cid=22146235
I would suggest that access to in-flight systems be controlled by applications that require 2 factor authentication before this gets out of hand.
https://www.darkreading.com/vulnerab...q_cid=22146235
I would suggest that access to in-flight systems be controlled by applications that require 2 factor authentication before this gets out of hand.
The US Department of Homeland Security has proven the concept of remotely gaining access to civilian aircraft systems. They didn't state wheter any critical sysems were involved and what level of control could be exercised.
Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says - Avionics
JAS
Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says - Avionics
JAS
He declined to discuss in detail just how much damage an attacker could do with the aircraft hack they pulled off, saying: "This has to be explained carefully, and we've got all the technical details backing our claim. It's not an apocalypse, but basically there are some scenarios that are possible" that will be covered at Black Hat, he says.
I would suggest that access to in-flight systems be controlled by applications that require 2 factor authentication before this gets out of hand.
Join Date: Apr 1999
Location: Manchester, UK
Posts: 1,958
Likes: 0
Received 0 Likes
on
0 Posts
What are these wicked hackers alleged to be planning? My airliner has a red "OFF" button on the automatics and two individuals with a honed sense of self-preservation to press it if we ever started heading off somewhere we don't want to go.
Join Date: Sep 2013
Location: USA
Posts: 84
Likes: 0
Received 0 Likes
on
0 Posts
Join Date: Jan 2015
Location: Mars
Posts: 72
Likes: 0
Received 0 Likes
on
0 Posts
What is behind TCAS but a computer with a list of objects and their vectors?
Join Date: Sep 2011
Location: Västerås
Age: 44
Posts: 56
Likes: 0
Received 0 Likes
on
0 Posts
Although, turns are never part of TCAS resolutions afaik so you could only go up and down....
Spoof ADS-B (which is possible as far as I understand) and make the pilots go wherever you want.
and yes, ATM at least TCAS is pitch only.
Let us be clear. All that is claimed is access to Satcoms and the passenger WiFi.
No mention of NAV, FMS, FCC or TCAS. Just some vague suggestion that disrupting Satcoms could interfere with FANS. So let's not panic just yet.
As for TCAS? While TCAS can use (potentially spoofable) ADS-B to assist initial target acquisition, the conflict algorithms themselves use only independent range measurement using SSR. To fool it you really would need to hack the main code - it cannot be fooled at a simple data level.
No mention of NAV, FMS, FCC or TCAS. Just some vague suggestion that disrupting Satcoms could interfere with FANS. So let's not panic just yet.
As for TCAS? While TCAS can use (potentially spoofable) ADS-B to assist initial target acquisition, the conflict algorithms themselves use only independent range measurement using SSR. To fool it you really would need to hack the main code - it cannot be fooled at a simple data level.
Join Date: May 2000
Location: Seattle
Posts: 3,195
Likes: 0
Received 0 Likes
on
0 Posts
There were additional claims about the potential of compromising CPDLC and ACARS. Given that neither of these is encrypted, the possibility is real. OTOH, the probability of a pilot verifying and executing a bogus clearance from either of these is MUCH less, as long as standard procedures are adhered to. If a rogue pilot decides to blindly accept a clearance without verification, that is another story entirely...
Join Date: Oct 2017
Location: London
Posts: 36
Likes: 0
Received 0 Likes
on
0 Posts
Similar hacking threats in the maritime world according to the BBC Ship hack 'risks chaos in English Channel'
Join Date: Mar 2014
Location: New Delhi, India
Age: 65
Posts: 9
Likes: 0
Received 0 Likes
on
0 Posts
Are you sure about that? I thought this was exactly the problem, no physical separation. Are there different Satcom systems for the passengers surfing/calling and the aircraft system doing their thing? Not so sure about that.
Join Date: Jan 2014
Location: Too far North
Posts: 11
Likes: 0
Received 0 Likes
on
0 Posts
Were it possible to remotely shut down that power supply, it would make no difference to the avionics, which have multiple backup systems. On board WiFi and entertainment systems do not. When either of them fall over, which occasionally happens, the system has to be rebooted. If it stays failed, then you fly without entertainment or WiFi.
Imagine a scenario where you park outside your neighbor’s house, hack into his WiFi network, and start up the motorbike in the garage.
Join Date: Apr 2008
Location: Up high
Posts: 555
Likes: 0
Received 0 Likes
on
0 Posts
The data path is not fully separate. You can download a new flight plan via Acars and you can load it into the FMGC. The FMGC does control pitch, roll, thrust, nav displays, navaid tunning and assumed location, aircraft position, etc etc etc. Putting that to the side both the database and the basic FMGC software is routinely updated, any one of those updates can introduce malicious code with expanded functionality. As proven by the way the CIA managed to blow up Iranian centrifuges. The last line of defence is indeed the crew, provided the system is designed to allow the crew the final decision.
Join Date: Mar 2014
Location: WA STATE
Age: 78
Posts: 0
Likes: 0
Received 0 Likes
on
0 Posts
https://www.usatoday.com/story/travel/advice/2016/12/18/hacking-plugs-ports/95511936/
and also https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/
via an ethernet connection . . .
Last edited by CONSO; 8th Jun 2018 at 17:15. Reason: SPELLING
Join Date: Aug 2013
Location: PA
Age: 59
Posts: 30
Likes: 0
Received 0 Likes
on
0 Posts
What are these wicked hackers alleged to be planning? My airliner has a red "OFF" button on the automatics and two individuals with a honed sense of self-preservation to press it if we ever started heading off somewhere we don't want to go.
Join Date: Jan 2014
Location: Too far North
Posts: 11
Likes: 0
Received 0 Likes
on
0 Posts
Centrifuges were hacked via a USB stick.
Avionics are not (currently) accessible via any known hacking methods.
Recent Aviation Week article which has clear explanation on this. (Aircraft Avionics Hacking: Is It Possible? from May 22 2018)
Avionics are not (currently) accessible via any known hacking methods.
Recent Aviation Week article which has clear explanation on this. (Aircraft Avionics Hacking: Is It Possible? from May 22 2018)
Even if you download an acars flightplan, you still check it and both verify it before you activate it.
You would never enroute uplink something you didn’t request.
Mostly you manually build a plan on the ground from saved routes.
You would never enroute uplink something you didn’t request.
Mostly you manually build a plan on the ground from saved routes.
Last edited by The Green Goblin; 10th Jun 2018 at 11:02.