Hacker News new | comments | show | ask | jobs | submit login
Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says (aviationtoday.com)
64 points by reirob 12 months ago | hide | past | web | favorite | 39 comments

I fly A330-340 and with current popular models like 320 or 737 the flight computers are not directly conected to any network. They are conected to the acars a messaging computer (with a very limited protocol) that we use to ask for weather, company messages like how many wheel chairs we have onboard , delay expected , etc... There is also the CPDLC that it's used to send messages to control in the oceanic zones (but is going to be implemented for all flights) Both systems can receive basic flight plan data that we can accept and include in our flight computers (like new way points, wind speeds, etc..) but I guess the comunication protocol is so basic that no mayor owning can happen.

This systems are connected via vhf data channels (dedicated ground stations), or satellite data link.

Even if they manage to crash the flight computer (they sometimes crash on their own) you only have to take manual control and reset everything. But they could never gain control of the autopilot or anything of that kind. They can only (if very very good) manage to impersonate ground controllers, but we are checking via radio comms all the time, so if something doesn't make sense we just have to call to check.

The latest models have more integrated computer systems, like you can open a valve using a trackball in the cockpit (like in the flight simulator) But I don't think they have more connection to the exterior world than older models.

Even wifi access via the inflight entertainment system is going to find a very limited number of ports or protocols to attack.

It's not something that makes even the top 100 things we worry about. We worry more about birds or drones, or dogs running in the runway.

This could change if they keep trying to make more "interactive" the newer models though.

I write the software in the ACARS box.

> but I guess the comunication protocol is so basic that no mayor owning can happen.

This would be ideal, but unfortunately even simple communications protocols have room for error in their implementations. I crashed my company's Flight Management System via the software in my ACARS unit by accidentally sending badly-formatted MCDU screens. The FMS has a buffer overflow wherein it doesn't sufficiently validate that the display coordinates are actually within the screen, so I was overwriting "constants" like Vmax and max-turn-angle.

If it turns out there's also an implementation error in our ACARS-to-radio protocol, then it would be possible to remotely exploit the FMS without getting anywhere near the aircraft. I expect this is possible and has already happened.

Very interesting, thank you.

> This could change if they keep trying to make more "interactive" the newer models though.

The airline wants to transfer equipment health data as soon as possible to its headquarters using air/ground communication systems (satcom, cellular, airport wifi...) to plan for maintenance and delays.

Pilots want to use their iPad to browse their mail and the logbook listing the history of system failures and displaying the current state of the aircraft to know if it is flyable.

The centralized maintenance system that provides these information to the airline and the pilots has to be connected to all avionic equipments to collect health data.

Now, everything is connected [1].


True, I didn't remember the telemetry system. We have no information about it, as far as I know it could be using the same satcom uplink, as it only sends limited error codes, not a complete status of the plane.

Current systems can not be updated remotely, just send information.

But this could be changing very fast.

> They can only (if very very good) manage to impersonate ground controllers, but we are checking via radio comms all the time, so if something doesn't make sense we just have to call to check.

A vision of Die Hard 2 just jumped into my mind. I assume that's just fairy tale stuff and there's no risk that the impersonation of ground controllers could lead to false assumptions?

Are the systems that transmit telemetry from the engines vulnerable? As I understand it they have an always-on network connection via satellites?

This seems like an egregiously fearmongering article. Notice that it never actually says what the hackers accomplished, what controls they were able to access, or what impact it would have. All it says is they they accomplished "a penetration", and a really vague sentence saying "you can guess what we did" (aka: we want people to assume the worst even though that may not be the case).

We've known for awhile that avionic systems are vulnerable. Anyone working in the cyber space that has half a brain will tell you that any system can be hacked, and there's no reason to think that airplanes are the exception.

However, there's no reason to believe that any airplanes are currently in any danger. Modern aircraft do not have any systems that allow "remote control" of the aircraft. It's not like a hacker could use an RF penetration to shut down engines or cause a plane to crash into a mountain. The worst I can imagine them doing is confusing the navigation system or impersonating air traffic controllers, but at that point the pilots in the cockpit would still be able to safely fly the plane without issue.

Boeing keep repeating the same mistakes

"There are places where the networks are not touching, and there are places where they are" - Boeing's Lori Gunter

2015: Hackers Could Commandeer New Planes Through Passenger Wi-Fi https://www.wired.com/2015/04/hackers-commandeer-new-planes-...

Seven years after the Federal Aviation Administration first warned Boeing that its new Dreamliner aircraft had a Wi-Fi design that made it vulnerable to hacking, a new government report suggests the passenger jets might still be vulnerable.

> Anyone working in the cyber space that has half a brain will tell you that any system can be hacked, and there's no reason to think that airplanes are the exception.

This is an overly simplistic view of the world. We should expect that airplanes are more resilient to being compromised than your average system produced by a consumer-focused tech company. The standards of assurance for aviation related software is far higher than most other areas, thanks to extremely tight regulation.

That's not to say aviation software is bulletproof.

"Thank you for having me senators, we were able to maintain a .... presence ... on the aircraft remotely."

Later that day

"l33t h4xx0r buxx for ODNI, Shadowbrokered the sht out of Congress w00t w00t"

really guys thats what just happened, this is how they get down in intelligence

The 757 flight controls can be physically disconnected from the electronic controls by the pilot. The flight controls are mechanically connected by steel cables to the hydraulic actuators on the control surfaces.

Unless that has changed since the airplane was designed in the early 80's, the pilot should be able to regain control despite the electronics going berserk. Hydraulic power is required to fly, but not electronics.

Source: I worked on 757 flight controls back around 1980.

When push comes to shove, what instrumentation would a pilot "depend on...to be absolutely the bible"?

For the sake of discussion: Now suppose IFR conditions and a hypothetical directed RF attack vector which spoofs instrument nav/pos data...I'm thinking GPS, VOR, radar altimeter.

There's a set of old-fashioned instruments in the cockpit - compass, altimeter, airspeed indicator, and turn-and-bank indicator that are not reliant on anything else to work.

I'm not a pilot, but if I was "in the soup" when this happens, first I'd try radioing the ATC and asking Victor for a Vector out of it. Then fly that vector straight & level. No radio, then it's old-fashioned map, compass, and dead reckoning. A 757 has a lot of range, so you should be fine.

My father was a navigator in B-17s, and used celestial navigation. I suppose they don't teach pilots that anymore.

> I suppose they don't teach pilots that anymore.

They do, but you need to be able to see your references to be able to do that.

A penlight should do the trick.

No. You absolutely need instruments. Flying IFR without instruments is an absolutely sure fire way to get killed. You can't fly straight and level without an artificial horizon. You don't know if you're descending without, at the bare minimum, an altimeter. You don't know if you're about to stall without and airspeed indicator. You don't know which direction you're going without a compass. Not having instruments in ideal VFR conditions is perfectly fine, but if the weather goes south you're dead.

Edit: also some aircraft are going totally glass. I've seen some homebuilts and super cubs without steam gauges completely, and it's just a matter of time until Cessna, Boeing, Airbus, etc eliminate them.

> You absolutely need instruments.

That's what I said upthread a couple of posts. The penlight thing was in response to someone saying what to do if it is too dark to read the instruments.

I think you missed the point there, but never mind.

No you need your basic sixpack. The radar altimeter might do but it only tells you your altitude in reference to the height of the stuff under you and most only up to 2500 ft. In terms of survival, I would want at minimum an artificial horizon, airspeed indicator, altimeter, and lots of fuel to hopefully fly to somewhere with better weather.

There are still planes in use in the US which have a port for using a sextant to do celestial navigation.

Martin Strohmeier's PhD thesis "Security in Next Generation Air Traffic Communication Networks" is pretty sobering reading and goes into a lot of detail. http://www.bcs.org/upload/pdf/security-air-traffic.pdf

For example, you don't even need to exploit any systems to cause chaos. You could create a lot of trouble in busy airspace by creating endless TCAS RAs from ghost planes, as the transponders TCAS uses to calculate collision avoidance are not authenticated.

As a suspicion based on what little information is contained in the article, I'd bet that they were messing with ACARS to some degree. This is something you could easily do with off-the-shelf SDR hardware, and the protocol itself has no inherent security features.

As other posters have noted, this could mess with FMS flight plans as well as other logistics (which could be significant from an operational standpoint), but for actual safety of flight it's probably a non-issue.

This isn't new by any means: http://www.aviationtoday.com/2006/06/01/securing-acars-data-...

This actually blow my mind. Here's the gist:

The issue was found last year but the response of "experts" was that it was known issue? But then turns out pilots didn't know about this. To top it, there is no concept of patching and cost of change per line is $1 million along and will take years to implement.

Such critical infrastructure but so poorly maintained. I wonder what is the excuse?

> Such critical infrastructure but so poorly maintained.

I don't think the article (pretty vague on details) supports that damning conclusion.

EDIT to add quote from article:

> Hickey said newer models of 737s and other aircraft, like Boeing’s 787 and the Airbus Group A350, have been designed with security in mind

Here’s where I come off as ass, but what do you expect? These are complex systems with millions of moving parts and millions of lines of code. The chances of anyone ever being able to fully secure all systems (physical and virtual) is literally zero.

Combined with truly awe inspiring lifespans (how many coders truly have systems running mostly unmodified thirty years later?) this means that many many defects and vulnerabilities will be discovered over the lifespan of an aircraft.

Add in avionics and flight control upgrades designed to interface with legacy controls, and I consider it a miracle these amazing machines are as secure as they are.

It’s a testament to the engineering that goes into these machines that more stuff isn’t found or (god forbid) actively exploited.

A major hack like this, in which all planes or even a large percentage of them were vulnerable, could severely constrict the world economy and lead to a stock market crash. It is basically a matter of when, not if that happens.

> It is basically a matter of when, not if

I might be repeating myself, but I don't think the (vague) article supports any such alarm.

Aircraft are an interesting case where nobody except state actors can really afford to evaluate their security.

White hats and grey hats know the whole area is a minefield, and even a whiff of impropriety can bring the heel of the law down upon you. Airlines and aircraft makers both have a financial conflict of interests, discovering vulnerabilities and deploying fixes in existing aircraft could cost millions.

For NEW aircraft designs there is an incentive to discover and mitigate potential issues, but given aircraft's shelf life that might not be good enough over the long haul.

What can be done? I guess schemes like this one, that bring industry experts together with a real working aircraft and letting them try. But for political reasons even schemes like this could be unpopular if Boeing's shares take a hit and aircraft are grounded for service.

Apparently it's not too hard to evaluate the security, it's just costly to publicize it:

> The initial response from experts [I assume in the aerospace industry?] was, “’We’ve known that for years,’” and, “It’s not a big deal,” Hickey said.

> But in March 2017, at a technical exchange meeting, he said seven airline pilot captains from American Airlines and Delta Air Lines in the room had no clue.

> “All seven of them broke their jaw hitting the table when they said, ‘You guys have known about this for years and haven’t bothered to let us know because we depend on this stuff to be absolutely the bible,'” Hickey said.

> Aircraft are an interesting case where nobody except state actors can really afford to evaluate their security

Would this be true in countries where aircraft manufacturers aren’t also defence contractors? Or even for American non-defence plane makers, e.g. Cessna?

There is no such thing.

Cessna makes light attack aircraft (https://en.wikipedia.org/wiki/Cessna_A-37_Dragonfly) and variants of its unarmed aircraft for tasks like forward air control and reconnaissance (https://en.wikipedia.org/wiki/Cessna_O-2_Skymaster)

Beechcraft (formerly a Raytheon subdivision) makes utility aircraft (usually variants of civilian models), trainers, and target drones. They also have a light attack variant (AT-6) of one of their trainers, which as far as I know has not managed to get adopted; and have proposed a from-scratch jet-powered light attack aircraft as part of a USAF competition.

EDIT: And they also use this class of commercial jetliners; the main USAF mid-air refueler is a 767 variant, and the military has a dozen or so C-40s (a 737 variant) for logistics and airborne command posts.

Did a bit of not-super-random sampling; the only ones I'm seeing that don't produce for the military are kitplane manufacturers and this lovely oddity: https://en.wikipedia.org/wiki/Terrafugia

(And of those kitplane manufacturers, many of them also make drones for the Army and Navy.)

There is just so much overlap between civilian and military models (much more so than in, say motor vehicles) that the line between military and civilian products gets fuzzy.

How embarrassing that a bumbling government agency was able to find security vulnerabilities in a multi billion dollar corporation's product.

yeah id say that DHS is bumbling - but I would say that the FAA & NTSB, for all their faults, has a freaking stellar track record.

I admire them, but CMV

imho, civil servants get a bad rap. We can all point out specific examples of government interaction sucking, but there aren't exactly a lot of comcast cheerleaders around.

DHS may indeed be a disaster. I think if you talk to the actual people doing they work, you'll find they're generally smart capable human beings who want to do good work, but are hamstrung by insane bureaucracy. At the end of the day, that's really more our fault than theirs.

>you'll find they're generally smart capable human beings who want to do good work

Or authoritarian types that want to torture people.

Yes, these agencies are largely the reason that air travel is significantly safer than driving (or even crossing the street). They are pretty much the poster-children for how regulation should work, in a lot of ways. Not a popular opinion among the "move-fast-and-break-things" crowd but one you'll appreciate the next time you and 300 other people are strapped into a flying bomb.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact