This systems are connected via vhf data channels (dedicated ground stations), or satellite data link.
Even if they manage to crash the flight computer (they sometimes crash on their own) you only have to take manual control and reset everything. But they could never gain control of the autopilot or anything of that kind. They can only (if very very good) manage to impersonate ground controllers, but we are checking via radio comms all the time, so if something doesn't make sense we just have to call to check.
The latest models have more integrated computer systems, like you can open a valve using a trackball in the cockpit (like in the flight simulator) But I don't think they have more connection to the exterior world than older models.
Even wifi access via the inflight entertainment system is going to find a very limited number of ports or protocols to attack.
It's not something that makes even the top 100 things we worry about. We worry more about birds or drones, or dogs running in the runway.
This could change if they keep trying to make more "interactive" the newer models though.
> but I guess the comunication protocol is so basic that no mayor owning can happen.
This would be ideal, but unfortunately even simple communications protocols have room for error in their implementations. I crashed my company's Flight Management System via the software in my ACARS unit by accidentally sending badly-formatted MCDU screens. The FMS has a buffer overflow wherein it doesn't sufficiently validate that the display coordinates are actually within the screen, so I was overwriting "constants" like Vmax and max-turn-angle.
If it turns out there's also an implementation error in our ACARS-to-radio protocol, then it would be possible to remotely exploit the FMS without getting anywhere near the aircraft. I expect this is possible and has already happened.
The airline wants to transfer equipment health data as soon as possible to its headquarters using air/ground communication systems (satcom, cellular, airport wifi...) to plan for maintenance and delays.
Pilots want to use their iPad to browse their mail and the logbook listing the history of system failures and displaying the current state of the aircraft to know if it is flyable.
The centralized maintenance system that provides these information to the airline and the pilots has to be connected to all avionic equipments to collect health data.
Now, everything is connected .
Current systems can not be updated remotely, just send information.
But this could be changing very fast.
A vision of Die Hard 2 just jumped into my mind. I assume that's just fairy tale stuff and there's no risk that the impersonation of ground controllers could lead to false assumptions?
We've known for awhile that avionic systems are vulnerable. Anyone working in the cyber space that has half a brain will tell you that any system can be hacked, and there's no reason to think that airplanes are the exception.
However, there's no reason to believe that any airplanes are currently in any danger. Modern aircraft do not have any systems that allow "remote control" of the aircraft. It's not like a hacker could use an RF penetration to shut down engines or cause a plane to crash into a mountain. The worst I can imagine them doing is confusing the navigation system or impersonating air traffic controllers, but at that point the pilots in the cockpit would still be able to safely fly the plane without issue.
"There are places where the networks are not touching, and there are places where they are" - Boeing's Lori Gunter
2015: Hackers Could Commandeer New Planes Through Passenger Wi-Fi
Seven years after the Federal Aviation Administration first warned Boeing that its new Dreamliner aircraft had a Wi-Fi design that made it vulnerable to hacking, a new government report suggests the passenger jets might still be vulnerable.
This is an overly simplistic view of the world. We should expect that airplanes are more resilient to being compromised than your average system produced by a consumer-focused tech company. The standards of assurance for aviation related software is far higher than most other areas, thanks to extremely tight regulation.
That's not to say aviation software is bulletproof.
Later that day
"l33t h4xx0r buxx for ODNI, Shadowbrokered the sht out of Congress w00t w00t"
really guys thats what just happened, this is how they get down in intelligence
Unless that has changed since the airplane was designed in the early 80's, the pilot should be able to regain control despite the electronics going berserk. Hydraulic power is required to fly, but not electronics.
Source: I worked on 757 flight controls back around 1980.
For the sake of discussion: Now suppose IFR conditions and a hypothetical directed RF attack vector which spoofs instrument nav/pos data...I'm thinking GPS, VOR, radar altimeter.
I'm not a pilot, but if I was "in the soup" when this happens, first I'd try radioing the ATC and asking Victor for a Vector out of it. Then fly that vector straight & level. No radio, then it's old-fashioned map, compass, and dead reckoning. A 757 has a lot of range, so you should be fine.
My father was a navigator in B-17s, and used celestial navigation. I suppose they don't teach pilots that anymore.
They do, but you need to be able to see your references to be able to do that.
Edit: also some aircraft are going totally glass. I've seen some homebuilts and super cubs without steam gauges completely, and it's just a matter of time until Cessna, Boeing, Airbus, etc eliminate them.
That's what I said upthread a couple of posts. The penlight thing was in response to someone saying what to do if it is too dark to read the instruments.
For example, you don't even need to exploit any systems to cause chaos. You could create a lot of trouble in busy airspace by creating endless TCAS RAs from ghost planes, as the transponders TCAS uses to calculate collision avoidance are not authenticated.
As other posters have noted, this could mess with FMS flight plans as well as other logistics (which could be significant from an operational standpoint), but for actual safety of flight it's probably a non-issue.
This isn't new by any means:
The issue was found last year but the response of "experts" was that it was known issue? But then turns out pilots didn't know about this. To top it, there is no concept of patching and cost of change per line is $1 million along and will take years to implement.
Such critical infrastructure but so poorly maintained. I wonder what is the excuse?
I don't think the article (pretty vague on details) supports that damning conclusion.
EDIT to add quote from article:
> Hickey said newer models of 737s and other aircraft, like Boeing’s 787 and the Airbus Group A350, have been designed with security in mind
Combined with truly awe inspiring lifespans (how many coders truly have systems running mostly unmodified thirty years later?) this means that many many defects and vulnerabilities will be discovered over the lifespan of an aircraft.
Add in avionics and flight control upgrades designed to interface with legacy controls, and I consider it a miracle these amazing machines are as secure as they are.
It’s a testament to the engineering that goes into these machines that more stuff isn’t found or (god forbid) actively exploited.
I might be repeating myself, but I don't think the (vague) article supports any such alarm.
White hats and grey hats know the whole area is a minefield, and even a whiff of impropriety can bring the heel of the law down upon you. Airlines and aircraft makers both have a financial conflict of interests, discovering vulnerabilities and deploying fixes in existing aircraft could cost millions.
For NEW aircraft designs there is an incentive to discover and mitigate potential issues, but given aircraft's shelf life that might not be good enough over the long haul.
What can be done? I guess schemes like this one, that bring industry experts together with a real working aircraft and letting them try. But for political reasons even schemes like this could be unpopular if Boeing's shares take a hit and aircraft are grounded for service.
> The initial response from experts [I assume in the aerospace industry?] was, “’We’ve known that for years,’” and, “It’s not a big deal,” Hickey said.
> But in March 2017, at a technical exchange meeting, he said seven airline pilot captains from American Airlines and Delta Air Lines in the room had no clue.
> “All seven of them broke their jaw hitting the table when they said, ‘You guys have known about this for years and haven’t bothered to let us know because we depend on this stuff to be absolutely the bible,'” Hickey said.
Would this be true in countries where aircraft manufacturers aren’t also defence contractors? Or even for American non-defence plane makers, e.g. Cessna?
Cessna makes light attack aircraft (https://en.wikipedia.org/wiki/Cessna_A-37_Dragonfly) and variants of its unarmed aircraft for tasks like forward air control and reconnaissance (https://en.wikipedia.org/wiki/Cessna_O-2_Skymaster)
Beechcraft (formerly a Raytheon subdivision) makes utility aircraft (usually variants of civilian models), trainers, and target drones. They also have a light attack variant (AT-6) of one of their trainers, which as far as I know has not managed to get adopted; and have proposed a from-scratch jet-powered light attack aircraft as part of a USAF competition.
EDIT: And they also use this class of commercial jetliners; the main USAF mid-air refueler is a 767 variant, and the military has a dozen or so C-40s (a 737 variant) for logistics and airborne command posts.
(And of those kitplane manufacturers, many of them also make drones for the Army and Navy.)
There is just so much overlap between civilian and military models (much more so than in, say motor vehicles) that the line between military and civilian products gets fuzzy.
I admire them, but CMV
DHS may indeed be a disaster. I think if you talk to the actual people doing they work, you'll find they're generally smart capable human beings who want to do good work, but are hamstrung by insane bureaucracy. At the end of the day, that's really more our fault than theirs.
Or authoritarian types that want to torture people.