Go Back  PPRuNe Forums > Flight Deck Forums > Rumours & News
Reload this Page >

In-Flight Airplane hacked - from the ground

Rumours & News Reporting Points that may affect our jobs or lives as professional pilots. Also, items that may be of interest to professional pilots.

In-Flight Airplane hacked - from the ground

Old 6th Jun 2018, 15:10
  #1 (permalink)  
Thread Starter
 
Join Date: Aug 2004
Location: Charlotte, NC, USA
Posts: 23
Red face In-Flight Airplane hacked - from the ground

Apparently a security researcher has found a way to do this and will present his findings to Black Hat USA in Las Vegas. Details at:
https://www.darkreading.com/vulnerab...q_cid=22146235

I would suggest that access to in-flight systems be controlled by applications that require 2 factor authentication before this gets out of hand.
INTEL101 is offline  
Old 6th Jun 2018, 15:21
  #2 (permalink)  
 
Join Date: May 2006
Location: Dublin
Posts: 724
The US Department of Homeland Security has proven the concept of remotely gaining access to civilian aircraft systems. They didn't state wheter any critical sysems were involved and what level of control could be exercised.

Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says - Avionics

JAS
Just a spotter is offline  
Old 6th Jun 2018, 15:40
  #3 (permalink)  
 
Join Date: Mar 2004
Location: Baltimore, MD
Posts: 233
He declined to discuss in detail just how much damage an attacker could do with the aircraft hack they pulled off, saying: "This has to be explained carefully, and we've got all the technical details backing our claim. It's not an apocalypse, but basically there are some scenarios that are possible" that will be covered at Black Hat, he says.
What he's saying is this is one piece of the puzzle that could be part of a plan to do something nefarious. To say it's not dangerous is dis-ingenious, but to claim "airliners remotely controlled!" is too.

I would suggest that access to in-flight systems be controlled by applications that require 2 factor authentication before this gets out of hand.
To attacks like this, authentication might as well not be there. Most hacks operate this way. The real world example is you put enough weight on the door and it opens instead of using the key, or you turn door knob furiously left and right until some part breaks inside.
FakePilot is online now  
Old 7th Jun 2018, 07:46
  #4 (permalink)  
 
Join Date: Apr 1999
Location: Manchester, UK
Posts: 1,894
What are these wicked hackers alleged to be planning? My airliner has a red "OFF" button on the automatics and two individuals with a honed sense of self-preservation to press it if we ever started heading off somewhere we don't want to go.
ShotOne is online now  
Old 7th Jun 2018, 08:03
  #5 (permalink)  
 
Join Date: Sep 2013
Location: USA
Posts: 85
Originally Posted by ShotOne View Post
My airliner has a red "OFF" button on the automatics
And when your airliner is equipped with the Honeywell Uninterruptible Autopilot, that red button will just say "What are you doing, Dave?"
core_dump is offline  
Old 7th Jun 2018, 08:14
  #6 (permalink)  
 
Join Date: Jan 2015
Location: Mars
Posts: 72
Originally Posted by ShotOne View Post
What are these wicked hackers alleged to be planning? My airliner has a red "OFF" button on the automatics and two individuals with a honed sense of self-preservation to press it if we ever started heading off somewhere we don't want to go.
What is behind TCAS but a computer with a list of objects and their vectors?
Lascaille is offline  
Old 7th Jun 2018, 09:03
  #7 (permalink)  
 
Join Date: Sep 2011
Location: Västerås
Age: 39
Posts: 49
Originally Posted by Lascaille View Post
What is behind TCAS but a computer with a list of objects and their vectors?
So the hack consists of controlling the pilots? Spoof ADS-B (which is possible as far as I understand) and make the pilots go wherever you want.

Although, turns are never part of TCAS resolutions afaik so you could only go up and down....
sandos is offline  
Old 7th Jun 2018, 09:35
  #8 (permalink)  
 
Join Date: Feb 2001
Location: The Winchester
Posts: 5,338
Spoof ADS-B (which is possible as far as I understand) and make the pilots go wherever you want.
Problem with spoofing ( navaids, comms, etc) is that at some point the "wetware" in the loop generally carries out a credibility check...

and yes, ATM at least TCAS is pitch only.
wiggy is online now  
Old 7th Jun 2018, 11:10
  #9 (permalink)  
 
Join Date: Mar 2008
Location: Malvern, UK
Posts: 396
Let us be clear. All that is claimed is access to Satcoms and the passenger WiFi.
No mention of NAV, FMS, FCC or TCAS. Just some vague suggestion that disrupting Satcoms could interfere with FANS. So let's not panic just yet.

As for TCAS? While TCAS can use (potentially spoofable) ADS-B to assist initial target acquisition, the conflict algorithms themselves use only independent range measurement using SSR. To fool it you really would need to hack the main code - it cannot be fooled at a simple data level.
Dont Hang Up is offline  
Old 7th Jun 2018, 19:43
  #10 (permalink)  
 
Join Date: May 2000
Location: Seattle
Posts: 3,113
There were additional claims about the potential of compromising CPDLC and ACARS. Given that neither of these is encrypted, the possibility is real. OTOH, the probability of a pilot verifying and executing a bogus clearance from either of these is MUCH less, as long as standard procedures are adhered to. If a rogue pilot decides to blindly accept a clearance without verification, that is another story entirely...
Intruder is offline  
Old 7th Jun 2018, 20:12
  #11 (permalink)  
 
Join Date: Oct 2017
Location: London
Posts: 36
Similar hacking threats in the maritime world according to the BBC Ship hack 'risks chaos in English Channel'
Cynical Sid is offline  
Old 7th Jun 2018, 20:14
  #12 (permalink)  
 
Join Date: Jan 2014
Location: Too far North
Posts: 9
A non story. On board aircraft systems are a closed hard wired network. On board WiFi has zero connectivity to that.
SunnyUpHere is offline  
Old 8th Jun 2018, 04:12
  #13 (permalink)  
 
Join Date: Mar 2014
Location: New Delhi, India
Age: 60
Posts: 2
Originally Posted by SunnyUpHere View Post
A non story. On board aircraft systems are a closed hard wired network. On board WiFi has zero connectivity to that.
Are you sure about that? I thought this was exactly the problem, no physical separation. Are there different Satcom systems for the passengers surfing/calling and the aircraft system doing their thing? Not so sure about that.
JeroenD is offline  
Old 8th Jun 2018, 05:34
  #14 (permalink)  
 
Join Date: Mar 2014
Location: WA STATE
Age: 73
Posts: 1
Some systems **MAY** be vunerable via hacking thru COMMON connections to a power supply/battery/inverter.
CONSO is offline  
Old 8th Jun 2018, 08:24
  #15 (permalink)  
 
Join Date: Jan 2014
Location: Too far North
Posts: 9
Originally Posted by CONSO View Post
Some systems **MAY** be vunerable via hacking thru COMMON connections to a power supply/battery/inverter.
That would be an extraordinary achievement were it possible, but power lines ultimately are not connected to data lines, so such a “common” path does not exist. In theory you could hack a WiFi system and ”shut it down” or perhaps “crash” its power supply (though exactly how that could be done is not clear).

Were it possible to remotely shut down that power supply, it would make no difference to the avionics, which have multiple backup systems. On board WiFi and entertainment systems do not. When either of them fall over, which occasionally happens, the system has to be rebooted. If it stays failed, then you fly without entertainment or WiFi.

Imagine a scenario where you park outside your neighbor’s house, hack into his WiFi network, and start up the motorbike in the garage.

SunnyUpHere is offline  
Old 8th Jun 2018, 12:31
  #16 (permalink)  
 
Join Date: Apr 2008
Location: Up high
Posts: 542
The data path is not fully separate. You can download a new flight plan via Acars and you can load it into the FMGC. The FMGC does control pitch, roll, thrust, nav displays, navaid tunning and assumed location, aircraft position, etc etc etc. Putting that to the side both the database and the basic FMGC software is routinely updated, any one of those updates can introduce malicious code with expanded functionality. As proven by the way the CIA managed to blow up Iranian centrifuges. The last line of defence is indeed the crew, provided the system is designed to allow the crew the final decision.
Elephant and Castle is offline  
Old 8th Jun 2018, 12:54
  #17 (permalink)  
 
Join Date: Mar 2014
Location: WA STATE
Age: 73
Posts: 1
Cool

Originally Posted by CONSO View Post
Some systems **MAY** be vunerable via hacking thru COMMON connections to a power supply/battery/inverter.
Yes it is possible via USB power connections - for but one example re cars and similar. and things like centrifuge controllers

https://www.usatoday.com/story/travel/advice/2016/12/18/hacking-plugs-ports/95511936/

and also
https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/

via an ethernet connection . . .

Last edited by CONSO; 8th Jun 2018 at 17:15. Reason: SPELLING
CONSO is offline  
Old 8th Jun 2018, 13:22
  #18 (permalink)  
 
Join Date: Aug 2013
Location: PA
Age: 54
Posts: 36
What are these wicked hackers alleged to be planning? My airliner has a red "OFF" button on the automatics and two individuals with a honed sense of self-preservation to press it if we ever started heading off somewhere we don't want to go.
What if the hack includes always on for that address?
underfire is offline  
Old 8th Jun 2018, 20:37
  #19 (permalink)  
 
Join Date: Jan 2014
Location: Too far North
Posts: 9
Centrifuges were hacked via a USB stick.

Avionics are not (currently) accessible via any known hacking methods.

Recent Aviation Week article which has clear explanation on this. (Aircraft Avionics Hacking: Is It Possible? from May 22 2018)
SunnyUpHere is offline  
Old 9th Jun 2018, 10:56
  #20 (permalink)  
 
Join Date: Nov 2008
Location: The Shire
Posts: 2,904
Even if you download an acars flightplan, you still check it and both verify it before you activate it.

You would never enroute uplink something you didn’t request.

Mostly you manually build a plan on the ground from saved routes.

Last edited by The Green Goblin; 10th Jun 2018 at 11:02.
The Green Goblin is offline  

Thread Tools
Search this Thread

Contact Us Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.