Esse site utiliza cookies. Ao usá-lo e continuar a navegar, você concorda com isso.
Ignorar
Você sabia que o rastreamento de voos da FlightAware é patrocinado por anúncios?
Você pode nos ajudar a manter o FlightAware gratuito, permitindo anúncios de FlightAware.com. Trabalhamos muito para manter nossa publicidade relevante e discreta para criar uma ótima experiência. É rápido e fácil permitir anúncios no FlightAware ou, caso prefira, considere nossas contas premium.
Ignorar
Back to Squawk list
  • 31

FMS Hack could interfere with Auto-pilot & other systems in Airliners

Enviado há
 
German IT researcher says he's found a vulnerability on FMS systems that interact via ACARS. (www.forbes.com) Mais...

Sort type: [Top] [Newest]


gearup328
Peter Steitz 3
If the plane starts to do something it shouldn't, turn off the autopilot and handfly. I see a problem with the public being panicked and over reacting. Also, the FAA. Look how protective they are about cell phone and electronic device use in the cabin. One other not so little problem is if this really works, will an Airbus be able to be controlled since it is fly by wire (sidestick). The computer actually does the flying even if the pilot does the input. Any bus drivers out there to comment?
Klemons
Klemons 2
Pop the auto-pilot circuit breaker, trim it out, your just fine.
cjb1945
Carl Blake 1
Thanks Klemons. This is why we have humans in the cockpit. We know every gadget we have ever invented has crapped out, is capable of crapping out, or at least once has done something totally unexpected to us. As long as my flight crew are alive and awake I will feel safe.
TXCAVU
We may have differing opinions as to the capabilities for an airliner hack but please keep in mind the recent acquisition of a military stealth drone. If they could takeover that, they can takeover commercial jet avionics.
Derg
Roland Dent 1
That is exactly the problem Elizabeth.
cjb1945
Carl Blake 2
Drones are mindless gadgets. Toys that humans make. Airliners have humans on board. Humans have brains that,to date, solve complex problems that computers can not do.
cjb1945
Carl Blake 1
The risk of this happening is next to impossible. The cost the FAA mandating a complete avionics upgrade to all airliners would make my plane fare skyrocket. Let me fly cheap and I will accept the risks.

Hollywood should pick up on this and create new horror movie, "Geeks on a Plane"
highflyer59
The authorities would be wise to accept a controlled demonstration/test of the hackers research than to rightout reject such possibilities. The chosen reaction by the manufacturers and authorities show a serious lack of knowledge and/or outright ignorance to technological developments. To the manufacturers I have only one thing to say. "What once was safe must not remain safe!!" We see that in each and every software update/upgrade eliminating the know flaws but creating new one.
Doobs
Dee Lowry 1
What next???? These "Hacks" don't need a reason to do what they do! It just puts "Aviation" and "Lives" in jeopardy...in so many ways. They don't give a (rats ass)!!!!
highflyer59
The way I was reading this article it had nothing to do with creating panic in the flying public not any criminal intend. The "Hack" was only trying to show off software flaws in todays avionics software. But obviously not all readers here are mature enough to read those important lessons between the lines of this article.
gearup328
Peter Steitz 1
"But obviously not all readers here are mature enough to read those important lessons between the lines of this article." Look in the mirror, my friend. This blog is simply to discuss an article--not to debase others. None of us are experts on many of these topics.
joelwiley
joel wiley 1
Any networked computer system will have vulnerabilities. One question is the 'who would exploit them, and how much effort would it take to do so?". Lots of tools abound so that simple 'script kiddies' can exploit known vulnerabilities that people have not bothered to close. How this could/would affect airline systems isn't known. How much effort is being expended to research and address it.

It seems to me the biggest potential threat would be from an organization using it in a weaponized form. First off the shelf are military units engaged in cyber warfare. What affect could something like this have in disrupting commercial or military transportation when coordinated with another event?

Paranoia in information security is a virtue. Elevated paranoia in the field is a higher calling.

just saying, from way back there in airborne steerage.
Derg
Roland Dent 1
Can anyone remember when LHT ripped out the microsoft/HP stuff that came with the Boeings and installed their own systems?
joelwiley
joel wiley 1
No, can you direct me to any details? Do you recall when the Navy's Aegis cruiser was reported needing a tow back to the dock so they could reboot the Windows NT operating system controlling it? (I know, not aviation, but similar technology issue)
http://en.wikipedia.org/wiki/USS_Yorktown_%28CG-48%29
Derg
Roland Dent 1
Well my memory is fading as I get older...but I guess this was in the late 1980s and it was long before we had this wonderful internet. Back pre 1989 the German's really were not that happy with the big military contingent that was based in the FRG at that time. For instance they use to close whole autobahns down to move the off ballistic missile around. Then they had to deal with crazy car chases between the western security services and the east bloc guys..I am genuinely not kidding here. Ask any German truck driver over 50. Personally I loved the big USA basess and the stuff they got upto. German airforce loved the A4s too. Great Days. Long summers and good pay. Well LH decided that they did not want the Seattle automatically updating the microsoft FMS on their new Boeings without the techies knowing it. They decided that Boeng could completely take over the flight...a lot of the Germans are control freaks...and they really got pissed off. So they got together with Siemens and ripped the kit out of the Bs and fitted their own stuff in its place. The biggest contemporary employer for avionics guys who want a change nowadays are the submarine boats. They pay em upto 3 times what the airforce does. But of course a 6 month spell away is the norm, an 18 month tour not unknown and the 5 year stint possible after the big nuke war. All of Iem sleep well though.
joelwiley
joel wiley 1
Thanks. Had a little trouble w/ LHT but thanks our friend google, I found www.lufthansa-technik.com. They have a press release for their just-released Gigabit Wireless Access Point. That may well put remote access to the airplane into play. How that will affect on-board systems may not receive sufficient scrutiny.
Derg
Roland Dent 1
I know LHT well and they are in the top four on the planet for aviation engineering. I just hope they have the right sub contractors OR have head hunted the right people for this avionics stuff. There will always be some bright 17 yr old in a bedroom somewhere trying out every variation to get access into the systems. Since WW2 Germany was not allowed to develop weapons systems so they don't have the sea of technicians that the USN makes year on year. They do have fabulous education institutions though.
btweston
btweston 1
And this was thoroughly debunked, so...
dvl
Dan Langille 1
Reference?
joelwiley
joel wiley 1
... it was "Debunked" by whom? To my granted limited understanding, the issue was presented in simulation. That the issue was demonstrated in a model, does not put to rest the question of possibility/probability of an occurrence in the real world.
cozytom
tom brusehaver 1
We need to turn down the volume on this. Teso was able to do his 'hack' on a simulator.

Cellphones don't talk on ACARS frequencies (VHF), so that claim is bogus, unless he had external hardware. CPDLC commands must be acknowledged, so he didn't take control of the airplane.

Spoofing ADS-B, well that might be possible, if one of the radios in the phone could talk 1090ES and was able to put VDL-MODE2 data in the stream (possibly if he could get the phone to talk 1090ES he would be really smart).

The current batch of airplanes aren't networked. There is no WiFi to the FMS, nor is there ethernet plugged into the displays. It just can't happen.
AWAAlum
AWAAlum 1
cozytom
tom brusehaver 2
Hugo Teso used a simulator to 'demonstrate' this 'hack'. It wasn't on a real airplane. The hardware he chose was not flight certified, so most of his claims are completely dubious.

The cellphones only work in frequencies maybe at the low end 700MHz, and if you include Bluetooth and WiFi there are radios that talk in the 2.5GHz or 5GHz frequencies.

ACARs the thing the Controller Pilot Data Link Commands (CPDLC) go across are in the 110-130Mhz
frequencies. The Cell phone can't talk on frequencies that low. He would need a radio that will talk on those frequencies to talk to the ACARs device to inject some CPDLC commands. The CPDLC commands are like "turn right heading 230", the pilot must acknowledge or reject that 'command' before the aircraft will react.

The ADS-B signals are either on Universal Access Transmitters (UAT) on 976MHZ or on 1090Mhz mode-s transponder frequencies. Since UATs are US only, the dude might have gotten his cellphone to talk on the 1090Mhz frequency (although that is highly unlikely, but I don't know what brand phone he had or what radios the european version of that phone contains, it may be possible).

Then he needs to make that phone talk the correct protocol, in the ADS-B case, it would be VDL-Mode2. Sure people have software to make VDL mode 2 come out various radios, so if he is smart enough to enable a radio on 1090Mhz then he might be able to code up VDL-Mode2.

The Flight Management System (FMS) is the 'brains' of the aircraft. It manages the auto pilot, connects to the ACARs radio, and the initerial reference system some of the other nav systems. The FMS talks to the airplane. The FMS doesn't talk WiFi, so you can't just use the WiFi on the airplane to talk to the FMS or any of the displays in the cockpit (unless they have an iPad or other tablet, but those aren't connected to the airplane anyway).
AWAAlum
AWAAlum 2
Now I'm afraid to confide in you that I was just kidding around. But seriously, thank you for taking the time to explain it. I was truly lost with the technical jargon.
TXCAVU
Donna, now we know who to turn to for avionics. Thanks Tom.
InfrequentFlyer
Robert Gaudio 1
There must be consideration given to the inter-modulation distortion products produced especially by the carry-on "non flight certified" RF electronic gadgets passengers carry with them.
gearup328
Peter Steitz 1
Just as I thought, Tom. Whew!!
dbaker
Daniel Baker 1
Interesting, but the ADS-B stuff sounds pretty dubious. You can spoof ADS-B, for example, but TCAS doesn't use ADS-B as a sole source for making any decisions. It's the same issue for spoofing ADS-B to ground stations, which are correlating the data with primary radar.

The ACARS vulnerability could be an overflow that allows messages to do something outside the scope of normal operations, however.
mpradel
Marcus Pradel -1
ADS-B traffic spoofing is coming for sure, easy way to create a lot of confusion!
gearup328
Peter Steitz 1
I just read where Hugo Teso is also a commercial pilot. Sooooo he may really know something about how the modern computer driven cockpit functions.
wally3178
Michael Downs 0
Seems to me that all this idiot has achieved is to give a heads-up to every lame brained, pimply faced pseudo software engineer (Hacker) to go out and try their luck. Perhaps one will manage to bring down an airliner somewhere and what happens if they do? Will the investigators be able to determine the correct cause? And if they do, will law enforcement be able to catch the hacker, based on what I see around me today, not a chance in hell.
dvl
Dan Langille 2
No. What the guy (Hugo Teso) did seems to be perfectly in line with modern security best practices. He came up with a working solution. Demonstrated the weaknesses. Alerted those involved. And did not release details.
AWAAlum
AWAAlum -1
I think it's just as scary there's actually a conference called Hack In The Box.
joelwiley
joel wiley 1
Donna, try googling 'black hat' regarding information security for more 'warm fuzzies'. This is what I had in mind, in part, in my previous posting.
see:
http://en.wikipedia.org/wiki/Black_Hat_Briefings
http://www.blackhat.com/
AWAAlum
AWAAlum 1
Will do Joel. Thanks.
pthomas745
Pa Thomas -1
Another story here

http://blogs.computerworld.com/cybercrime-and-hacking/22036/hacker-uses-android-remotely-attack-and-hijack-airplane
TXCAVU
(Duplicate Squawk Submitted)

Researcher says he's found hackable flaws in airplanes' navigation systems

ACARS still has virtually no authentication features to prevent spoofed commands.

http://www.nbcnews.com/travel/researcher-says-hes-found-hackable-flaws-airplanes-navigation-systems-1C9309285
dvl
Dan Langille -1
(Duplicate Squawk Submitted)

Researcher hacks aircraft controls with Android smartphone

A presentation at the Hack In The Box security summit in Amsterdam has demonstrated that it's possible to take control of aircraft flight systems and communications using an #Android #smartphone and some specialized attack code.

Hugo Teso, a security researcher at N.Runs and a commercial airline pilot, spent three years developing the code, buying second-hand commercial flight system software and hardware online and finding vulnerabilities within it. His presentation will cause a few sleepless nights among those with an interest in aircraft security.

http://www.theregister.co.uk/2013/04/11/hacking_aircraft_with_android_handset/
Klemons
Klemons 0
(Duplicate Squawk Submitted)

Hacker Claims He Can Hijack a Plane With an App


(AP Photo/Frank Augstein) These days everything is at risk of being hacked, even the airplane you take next time you fly.



http://finance.yahoo.com/news/hacker-claims-hijack-plane-app-164541101.html

Entrar

Não tem uma conta? Registre-se agora (gratuito) para funcionalidades personalizáveis, alertas de vôo e mais!