Safety, CRM, QA & Emergency Response Planning A wide ranging forum for issues facing Aviation Professionals and Academics

Cyber Security

Old 10th Oct 2015, 10:05
  #1 (permalink)  
Thread Starter
 
Join Date: Aug 2004
Location: London
Posts: 6
Likes: 0
Received 0 Likes on 0 Posts
Cyber Security

Aircraft are highly vulnerable to cyber attack: Ky 09/10/2015

Europe’s top aviation safety chief has warned that hackers could maliciously infiltrate an aircraft’s critical systems.

Speaking to French aviation journalists on Thursday, Patrick Ky, executive director of the European Aviation Safety Agency, said a consultant hired by the Cologne-based agency managed to exploit vulnerabilities in the ACARS (Aircraft Communications Addressing and Reporting System) used to transmit messages between aircraft and ground stations.

Read More: Aircraft are highly vulnerable to cyber attack: Ky | Air Traffic Management | Air Traffic Management - ATM and CMS Industry online, the latest air traffic control industry, CAA, ANSP, SESAR and NEXTGEN news, events, supplier directory and magazine
Vanilla Fudge is offline  
Old 10th Oct 2015, 10:31
  #2 (permalink)  
 
Join Date: Dec 2013
Location: Norfolk
Age: 67
Posts: 1
Likes: 0
Received 0 Likes on 0 Posts
Fluff

A distinction needs to be drawn between what is technically possible and what can be achieved in reality. A drone would be much more susceptible to this type of attack because there is no pilot aboard to monitor and override deviations from the normal flight plan.
G0ULI is offline  
Old 10th Oct 2015, 11:04
  #3 (permalink)  
 
Join Date: Nov 2009
Location: flying by night
Posts: 500
Likes: 0
Received 0 Likes on 0 Posts
Anyone with half a brain could spoof ACARS messages, this has been discussed before. These scenarios often get a lot of attention because it's "computers", but essentially it's the same as a goober with a 100 USD handeld VHF who interferes with voice communication. Annoying, and a crime, but all in all not the biggest threat to aviation safety in the real world, as pilots are flying the aircraft, not ACARS...Agreed with G0ULI.

The "scariest" scenario I've seen so far was researchers feeding false GPS signals into a ship, affecting it's autopilot, but that was not quite trivial to achieve and required some expertise. Researchers have also successfully interfered with TCAS, but a false RA could only be generated under very rare circumstances. In the end, there's a reason why pilots are flying the aircraft.
deptrai is offline  
Old 10th Oct 2015, 11:14
  #4 (permalink)  
 
Join Date: Sep 2015
Location: Germany
Posts: 44
Likes: 0
Received 0 Likes on 0 Posts
Fly by wire

While I agree the article is probably fluff, I'd still be a bit worried about what would happen if, e.g. an attacker manages to crack into the ACARS system and from there penetrate further into the aircraft's systems.

While there's a pilot to monitor things, what would happen if the attacker manages to discharge the fire extinguishers on the engines? Or deploy the reversers during cruise? (Or just on one side - I'm sure the flight would get interesting very rapidly...)

Remember these guys who hacked a Jeep and managed to activate the brakes...

I'm just SLF, but used to work in Computer and Network security...
RealUlli is offline  
Old 10th Oct 2015, 11:41
  #5 (permalink)  
 
Join Date: Nov 2009
Location: flying by night
Posts: 500
Likes: 0
Received 0 Likes on 0 Posts
(mods will no doubt find an appropriate area for this thread )

there is nothing to "crack" in ACARS. It's clear text, unencrypted. Airlines use proprietary encoding though for various messages, but that could be figured out.

All ACARS could be used for is to fool the pilots (e.g. upload a fake amended flight plan, for those who use that). It would still require pilots to take action before anything would happen.

The architecture of jeep and aircraft electronics are vastly different. One clue is the price. Jeeps are built to be reasonably affordable. Aircraft components are tested and certified to a completely different level.

A competent and trained engineer, equipped with expensive, proprietary tools, could achieve some mischief IF s/he had physical access to aircraft systems, in the avionics bay. That would be pretty easy to spot, if someone tried to get there in flight. "Hacking" things over the air is a movie plot (that's why it's so fascinating to many - including me). I'm a pilot and a former military "spook", who had access to tools and knowledge most "hackers" could only dream of. While I'm no longer "current" in that area, I've kept a keen interest in communication/IT security, and I would never say it's absolutely totally impossible to "crack" something, but in the case of aircraft, a successful attack would need to involve a fair amount of "social engineering", i.e. somehow get physical access to aircraft systems, or manipulate someone who has.

Last edited by deptrai; 10th Oct 2015 at 11:58.
deptrai is offline  
Old 10th Oct 2015, 11:42
  #6 (permalink)  
 
Join Date: May 2006
Location: Europe
Posts: 24
Likes: 0
Received 0 Likes on 0 Posts
I'm just an SLF but this touches on my field of work.

A few things can be said of this:

1. If there is any opening for any of this to happen, it will. Lets just it is the builder discovering this through proper testing.

2. If the engineering of the critical systems are of the same quality as some of the IFE components I've looked at then I really hope the above item is the way it will happen.

3. There will be security vulnerabilities. Thats just life.

4. Never forget this one:

https://xkcd.com/538/

-A

Last edited by ph-ndr; 10th Oct 2015 at 12:09.
ph-ndr is offline  
Old 10th Oct 2015, 12:45
  #7 (permalink)  
 
Join Date: Mar 2010
Location: South Korea
Age: 62
Posts: 115
Likes: 0
Received 0 Likes on 0 Posts
It is very easy to make any computer 100% immune from any cyber attack. Have no network connection. Do aircraft flight control systems have a network connection?
Cool Guys is offline  
Old 10th Oct 2015, 13:22
  #8 (permalink)  
 
Join Date: Sep 2015
Location: Germany
Posts: 44
Likes: 0
Received 0 Likes on 0 Posts
It is very easy to make any computer 100% immune from any cyber attack. Have no network connection. Do aircraft flight control systems have a network connection?
I don't think they currently have a direct one.

However, I wouldn't be surprised if someone came up with the idea that money could be saved if the IFE signals and some other stuff went over the same wire.

I've seen this in some other area, not safety related. What they did was put the devices on the same physical network and just assigned them different IP networks. By default, the devices couldn't see each other (at least, directly). Put the interface into promiscious mode and add a network route to the interface, suddenly you could talk to the "other" network. Security oops.

What about the IFE options for displaying a moving map, flight data, the view the pilots see on the A380 from the camera on top of the stabilizer? Are they truly one-way or is there some bug lurking that just nobody found yet? Are they separate systems that get the data from a different source that isn't used on the flight deck at all? E.g. some GPS mouse feeding data to a simple moving map display which isn't hard to build, it just costs a bit of money...
RealUlli is offline  
Old 10th Oct 2015, 14:08
  #9 (permalink)  
 
Join Date: Nov 2009
Location: flying by night
Posts: 500
Likes: 0
Received 0 Likes on 0 Posts
Many components are networked, but the networking protocols used for critical systems are very different from anything else. Eg there is no "dynamic" addressing or routing, unlike ethernet there is no ARP, no DHCP, because every single component is known. Messages are strictly filtered and prioritized to ensure enough bandwidth for critical applications. Even if you were "on the same wire"...you'd have a very hard time. If you wanted to interfere, I'd say you would need physical access to some components, and re-flash the firmware. You can't do that from a passenger seat. Also the real-time operating systems used are not something many are familiar with. It would take a huge effort.

Some data flows from aircraft system to IFE, but it's one way.
deptrai is offline  
Old 11th Oct 2015, 13:00
  #10 (permalink)  
 
Join Date: Mar 2009
Location: EHAM
Posts: 41
Likes: 0
Received 0 Likes on 0 Posts
But if the connection is bidirectional all an attacker needs to do is to gain access to the 'bridge' component between the networks. Beware that that remote code injection schemes exist even on systems that are thought of as being immune to this, such as Harvard archiecture systems.

I think the only way to keep planes safe is to have no such bridges at all, or to have flight control and monitorig systems that are at most unidirectionally connected to ACARS type systems on the physical level.
StuntPilot is offline  
Old 11th Oct 2015, 19:25
  #11 (permalink)  
 
Join Date: Jun 2002
Location: Wor Yerm
Age: 67
Posts: 4
Likes: 0
Received 0 Likes on 0 Posts
ACARS messages, like ATC instructions, have to pass through a couple of discriminatory and rather discerning individuals - the pilots. A spoof sender will also have to spoof the message acknowledgment/receipt. Also, the moment a duff message is spotted the game is over. I just hope they don't find out that you can spoof ATC messages with radio. That would be groundbreaking research and surely worthy of another press release.

And this is yet another example of EASA (pronounced E-Arse-A) pointlessly wasting our money. These plonkers are p!ssing away our cash on so called experts like this to tell us what we already know. Then they have the gall to release this worthless and totally pointless research to tell us what we already know. Next they'll work out that if our engines stop it might mean we won't get to our destination.

PM
Piltdown Man is offline  
Old 12th Oct 2015, 07:05
  #12 (permalink)  
 
Join Date: Sep 2015
Location: Germany
Posts: 44
Likes: 0
Received 0 Likes on 0 Posts
Protocols

Originally Posted by deptrai
Many components are networked, but the networking protocols used for critical systems are very different from anything else. Eg there is no "dynamic" addressing or routing, unlike ethernet there is no ARP, no DHCP, because every single component is known. Messages are strictly filtered and prioritized to ensure enough bandwidth for critical applications. Even if you were "on the same wire"...you'd have a very hard time. If you wanted to interfere, I'd say you would need physical access to some components, and re-flash the firmware. You can't do that from a passenger seat. Also the real-time operating systems used are not something many are familiar with. It would take a huge effort.
You mean, as different as CAN bus from ethernet? That didn't help that Jeep. Aircraft might have slightly better security, but I doubt it - traditionally, reliability took a much higher priority than security.

The issue I see is that an attacker only needs to crack into one device that is connected to both the "public" and the critical networks. When he gets that far, he can spoof messages on the critical network and all bets are off.

Re-flashing the firmware isn't needed, the attacker just needs to modify the image that runs in memory at that very moment. Experience with RT-OS is also just "security by obscurity", which has been shown not to work in the long run.

Some data flows from aircraft system to IFE, but it's one way.
I really hope someone made sure that it is one-way physically (e.g. by leaving out the wires required for the other direction). I know there are devices that do this for ethernet.
RealUlli is offline  
Old 14th Oct 2015, 18:31
  #13 (permalink)  
 
Join Date: Nov 2009
Location: flying by night
Posts: 500
Likes: 0
Received 0 Likes on 0 Posts
The issue I see is that an attacker only needs to crack into one device that is connected to both the "public" and the critical networks. When he gets that far, he can spoof messages on the critical network and all bets are off.

This isn't "only". To start with, you can't just start sending frames on most modern Aircraft buses, there are a lot of integrity checks, and every path needs to be programmed.

But lets assume for a moment (highly unlikely), that someone succeeds. Every action will most likely set of an alarm or alert in the cockpit. Lets assume someone manages to manipulate the autopilot. Pilots will simply switch off the autopilot, all it takes is one click. There are "manual" back-up instruments in the cockpit. Problem solved.
deptrai is offline  
Old 15th Oct 2015, 10:37
  #14 (permalink)  
 
Join Date: Sep 2015
Location: United Kingdom
Age: 55
Posts: 6
Likes: 0
Received 0 Likes on 0 Posts
Stuxnet

Stuxnet is probably the closest real example to what is possible to achieve with the right tools, knowledge and backing. However, bear in mind it was almost certainly a military / intelligence developed tool which also may have had assistance from the manufacturer of the hardware and operating systems concerned. At the moment I'd say that this kind of interference is out of the reach of all but governments and their agencies, but that may not always be the case.
Submarine Yellow is offline  
Old 16th Oct 2015, 07:41
  #15 (permalink)  
 
Join Date: Nov 2009
Location: flying by night
Posts: 500
Likes: 0
Received 0 Likes on 0 Posts
out of the reach of all but governments and their agencies

and out of reach for all but a few governments.
deptrai is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.