
Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says - reirob
http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/
======
omegant
I fly A330-340 and with current popular models like 320 or 737 the flight
computers are not directly conected to any network. They are conected to the
acars a messaging computer (with a very limited protocol) that we use to ask
for weather, company messages like how many wheel chairs we have onboard ,
delay expected , etc... There is also the CPDLC that it's used to send
messages to control in the oceanic zones (but is going to be implemented for
all flights) Both systems can receive basic flight plan data that we can
accept and include in our flight computers (like new way points, wind speeds,
etc..) but I guess the comunication protocol is so basic that no mayor owning
can happen.

This systems are connected via vhf data channels (dedicated ground stations),
or satellite data link.

Even if they manage to crash the flight computer (they sometimes crash on
their own) you only have to take manual control and reset everything. But they
could never gain control of the autopilot or anything of that kind. They can
only (if very very good) manage to impersonate ground controllers, but we are
checking via radio comms all the time, so if something doesn't make sense we
just have to call to check.

The latest models have more integrated computer systems, like you can open a
valve using a trackball in the cockpit (like in the flight simulator) But I
don't think they have more connection to the exterior world than older models.

Even wifi access via the inflight entertainment system is going to find a very
limited number of ports or protocols to attack.

It's not something that makes even the top 100 things we worry about. We worry
more about birds or drones, or dogs running in the runway.

This could change if they keep trying to make more "interactive" the newer
models though.

~~~
coderjames
I write the software in the ACARS box.

> but I guess the comunication protocol is so basic that no mayor owning can
> happen.

This would be ideal, but unfortunately even simple communications protocols
have room for error in their implementations. I crashed my company's Flight
Management System via the software in my ACARS unit by accidentally sending
badly-formatted MCDU screens. The FMS has a buffer overflow wherein it doesn't
sufficiently validate that the display coordinates are actually within the
screen, so I was overwriting "constants" like Vmax and max-turn-angle.

If it turns out there's also an implementation error in our ACARS-to-radio
protocol, then it would be possible to remotely exploit the FMS without
getting anywhere near the aircraft. I expect this is possible and has already
happened.

~~~
omegant
Very interesting, thank you.

------
txcwpalpha
This seems like an egregiously fearmongering article. Notice that it never
actually says _what_ the hackers accomplished, what controls they were able to
access, or what impact it would have. All it says is they they accomplished "a
penetration", and a really vague sentence saying "you can guess what we did"
(aka: we want people to assume the worst even though that may not be the
case).

We've known for awhile that avionic systems are vulnerable. Anyone working in
the cyber space that has half a brain will tell you that any system can be
hacked, and there's no reason to think that airplanes are the exception.

However, there's no reason to believe that any airplanes are currently in any
danger. Modern aircraft do not have any systems that allow "remote control" of
the aircraft. It's not like a hacker could use an RF penetration to shut down
engines or cause a plane to crash into a mountain. The worst I can imagine
them doing is confusing the navigation system or impersonating air traffic
controllers, but at that point the pilots in the cockpit would still be able
to safely fly the plane without issue.

~~~
PeachPlum
Boeing keep repeating the same mistakes

"There are places where the networks are not touching, and there are places
where they are" \- Boeing's Lori Gunter

2015: Hackers Could Commandeer New Planes Through Passenger Wi-Fi
[https://www.wired.com/2015/04/hackers-commandeer-new-
planes-...](https://www.wired.com/2015/04/hackers-commandeer-new-planes-
passenger-wi-fi/)

Seven years after the Federal Aviation Administration first warned Boeing that
its new Dreamliner aircraft had a Wi-Fi design that made it vulnerable to
hacking, a new government report suggests the passenger jets might still be
vulnerable.

------
WalterBright
The 757 flight controls can be physically disconnected from the electronic
controls by the pilot. The flight controls are mechanically connected by steel
cables to the hydraulic actuators on the control surfaces.

Unless that has changed since the airplane was designed in the early 80's, the
pilot should be able to regain control despite the electronics going berserk.
Hydraulic power is required to fly, but not electronics.

Source: I worked on 757 flight controls back around 1980.

~~~
metaphor
When push comes to shove, what instrumentation would a pilot " _depend on...to
be absolutely the bible_ "?

For the sake of discussion: Now suppose IFR conditions and a hypothetical
directed RF attack vector which spoofs instrument nav/pos data...I'm thinking
GPS, VOR, radar altimeter.

~~~
WalterBright
There's a set of old-fashioned instruments in the cockpit - compass,
altimeter, airspeed indicator, and turn-and-bank indicator that are not
reliant on anything else to work.

I'm not a pilot, but if I was "in the soup" when this happens, first I'd try
radioing the ATC and asking Victor for a Vector out of it. Then fly that
vector straight & level. No radio, then it's old-fashioned map, compass, and
dead reckoning. A 757 has a lot of range, so you should be fine.

My father was a navigator in B-17s, and used celestial navigation. I suppose
they don't teach pilots that anymore.

~~~
jacquesm
> I suppose they don't teach pilots that anymore.

They do, but you need to be able to see your references to be able to do that.

~~~
WalterBright
A penlight should do the trick.

~~~
mveety
No. You absolutely need instruments. Flying IFR without instruments is an
absolutely sure fire way to get killed. You can't fly straight and level
without an artificial horizon. You don't know if you're descending without, at
the bare minimum, an altimeter. You don't know if you're about to stall
without and airspeed indicator. You don't know which direction you're going
without a compass. Not having instruments in ideal VFR conditions is perfectly
fine, but if the weather goes south you're dead.

Edit: also some aircraft are going totally glass. I've seen some homebuilts
and super cubs without steam gauges completely, and it's just a matter of time
until Cessna, Boeing, Airbus, etc eliminate them.

~~~
WalterBright
> You absolutely need instruments.

That's what I said upthread a couple of posts. The penlight thing was in
response to someone saying what to do if it is too dark to read the
instruments.

~~~
jacquesm
I think you missed the point there, but never mind.

------
mhandley
Martin Strohmeier's PhD thesis "Security in Next Generation Air Traffic
Communication Networks" is pretty sobering reading and goes into a lot of
detail. [http://www.bcs.org/upload/pdf/security-air-
traffic.pdf](http://www.bcs.org/upload/pdf/security-air-traffic.pdf)

For example, you don't even need to exploit any systems to cause chaos. You
could create a lot of trouble in busy airspace by creating endless TCAS RAs
from ghost planes, as the transponders TCAS uses to calculate collision
avoidance are not authenticated.

------
repstosw
As a suspicion based on what little information is contained in the article,
I'd bet that they were messing with ACARS to some degree. This is something
you could easily do with off-the-shelf SDR hardware, and the protocol itself
has no inherent security features.

As other posters have noted, this could mess with FMS flight plans as well as
other logistics (which could be significant from an operational standpoint),
but for actual safety of flight it's probably a non-issue.

This isn't new by any means:
[http://www.aviationtoday.com/2006/06/01/securing-acars-
data-...](http://www.aviationtoday.com/2006/06/01/securing-acars-data-link-in-
the-post-911-environment/)

------
thisisit
This actually blow my mind. Here's the gist:

The issue was found last year but the response of "experts" was that it was
_known issue_? But then turns out pilots didn't know about this. To top it,
there is no concept of patching and cost of change per line is $1 million
along and will take years to implement.

Such critical infrastructure but so poorly maintained. I wonder what is the
excuse?

~~~
FabHK
> Such critical infrastructure but so poorly maintained.

I don't think the article (pretty vague on details) supports that damning
conclusion.

EDIT to add quote from article:

> Hickey said newer models of 737s and other aircraft, like Boeing’s 787 and
> the Airbus Group A350, have been designed with security in mind

------
patryn20
Here’s where I come off as ass, but what do you expect? These are complex
systems with millions of moving parts and millions of lines of code. The
chances of anyone ever being able to fully secure all systems (physical and
virtual) is literally zero.

Combined with truly awe inspiring lifespans (how many coders truly have
systems running mostly unmodified thirty years later?) this means that many
many defects and vulnerabilities will be discovered over the lifespan of an
aircraft.

Add in avionics and flight control upgrades designed to interface with legacy
controls, and I consider it a miracle these amazing machines are as secure as
they are.

It’s a testament to the engineering that goes into these machines that more
stuff isn’t found or (god forbid) actively exploited.

------
omarforgotpwd
A major hack like this, in which all planes or even a large percentage of them
were vulnerable, could severely constrict the world economy and lead to a
stock market crash. It is basically a matter of when, not if that happens.

~~~
FabHK
> It is basically a matter of when, not if

I might be repeating myself, but I don't think the (vague) article supports
any such alarm.

------
UnoriginalGuy
Aircraft are an interesting case where nobody except state actors can really
afford to evaluate their security.

White hats and grey hats know the whole area is a minefield, and even a whiff
of impropriety can bring the heel of the law down upon you. Airlines and
aircraft makers both have a financial conflict of interests, discovering
vulnerabilities and deploying fixes in existing aircraft could cost millions.

For NEW aircraft designs there is an incentive to discover and mitigate
potential issues, but given aircraft's shelf life that might not be good
enough over the long haul.

What can be done? I guess schemes like this one, that bring industry experts
together with a real working aircraft and letting them try. But for political
reasons even schemes like this could be unpopular if Boeing's shares take a
hit and aircraft are grounded for service.

~~~
JumpCrisscross
> _Aircraft are an interesting case where nobody except state actors can
> really afford to evaluate their security_

Would this be true in countries where aircraft manufacturers aren’t also
defence contractors? Or even for American non-defence plane makers, _e.g._
Cessna?

~~~
azernik
There is no such thing.

Cessna makes light attack aircraft
([https://en.wikipedia.org/wiki/Cessna_A-37_Dragonfly](https://en.wikipedia.org/wiki/Cessna_A-37_Dragonfly))
and variants of its unarmed aircraft for tasks like forward air control and
reconnaissance
([https://en.wikipedia.org/wiki/Cessna_O-2_Skymaster](https://en.wikipedia.org/wiki/Cessna_O-2_Skymaster))

Beechcraft (formerly a Raytheon subdivision) makes utility aircraft (usually
variants of civilian models), trainers, and target drones. They also have a
light attack variant (AT-6) of one of their trainers, which as far as I know
has not managed to get adopted; and have proposed a from-scratch jet-powered
light attack aircraft as part of a USAF competition.

EDIT: And they also use this class of commercial jetliners; the main USAF mid-
air refueler is a 767 variant, and the military has a dozen or so C-40s (a 737
variant) for logistics and airborne command posts.

~~~
metaphor
To be sure: 2 down, 165 to go[1].

[1]
[https://en.wikipedia.org/wiki/Category:Aircraft_manufacturer...](https://en.wikipedia.org/wiki/Category:Aircraft_manufacturers_of_the_United_States)

~~~
azernik
Did a bit of not-super-random sampling; the only ones I'm seeing that don't
produce for the military are kitplane manufacturers and this lovely oddity:
[https://en.wikipedia.org/wiki/Terrafugia](https://en.wikipedia.org/wiki/Terrafugia)

(And of those kitplane manufacturers, many of them also make drones for the
Army and Navy.)

There is just so much overlap between civilian and military models (much more
so than in, say motor vehicles) that the line between military and civilian
products gets fuzzy.

------
flyGuyOnTheSly
How embarrassing that a bumbling government agency was able to find security
vulnerabilities in a multi billion dollar corporation's product.

~~~
samstave
yeah id say that DHS is bumbling - but I would say that the FAA & NTSB, for
all their faults, has a freaking stellar track record.

I admire them, but CMV

~~~
jfoutz
imho, civil servants get a bad rap. We can all point out specific examples of
government interaction sucking, but there aren't exactly a lot of comcast
cheerleaders around.

DHS may indeed be a disaster. I think if you talk to the actual people doing
they work, you'll find they're generally smart capable human beings who want
to do good work, but are hamstrung by insane bureaucracy. At the end of the
day, that's really more our fault than theirs.

~~~
ryanlol
>you'll find they're generally smart capable human beings who want to do good
work

Or authoritarian types that want to torture people.

