[Plane Games Tu 46 Hacked At Hacked
Amancio Mccrae
All this confusion over flight 370 has me wondering if it would be possible to hack into an airplane and control the autopilot or other on-board systems in a way that the pilots couldn't regain control.
Disclaimer: I know 0 about aviation, but I am a programmer. So my guess would be that anything that doesn't have a physical disconnect would be vulnerable to being hacked without being able to override it.
Aircraft systems could probably be 'hacked'- assuming you could for instance screw up the flight computer by changing the chips in the belly- but there is no way you could really pull this off without the pilots noticing the course being way off from the compass for instance, so they'd figure out and shut it off. Many systems are not connected in a way that allows them to be cause damage to others. Systems are also pretty dedicated- if it's supposed to fly the plane, that's what it does, if it's supposed to navigate, that's what it does.
Systems on aircraft generally a have limited, if any, connection to the outside world. There are a few systems that have the ability to connect to the ground, and this is generally limited to simple text messages. Most of the electronics on the 777 are from the type's introduction in 1994. A decent analogy I think is trying to hack an early cell phone remotely.
Aircraft are generally very stiff when it comes to changes- they are often approved in a certain configuration, and that then sticks, so there's little need to change stuff, and hence it's not possible. This applies to the autopilot and flight controls- once it's there, it stays there.
On a similar accord, I think I heard a story about a Bombardier Dash 8 that got a computer virus once, but I think it never got beyond the navigation system, the most processing intensive part. Unfortunately, I can't find a source for this.
There are certain communication systems that theoretically could be hacked into. CPDLC is used to communicate digitally between pilots and controllers, so if it were to be hacked someone could send instructions to the pilot that would look like they were coming from a controller, and the pilots would not know the difference.
One thing to keep in mind though is that the pilots are still intimately involved. They see and approve all changes. Minor changes might go unnoticed, but if they were instructed to fly in a completely different direction or to a different destination, they would probably start asking questions. If they were sent directly towards a mountain or another airplane, they would likely notice or other safety systems would step in to warn them.
"Hack" has a variety of definitions, from reading private data off a non-critical system, to disrupting or confusing an avionics mode, to taking control of the plane and locking out pilots. This complicates the discussion of how likely planes are to be "hacked".
In general, the recent consensus seems to be that under some definitions of "hack", this certainly is possible, even without insider knowledge. There's some reports of successful hacks out there, though since the details are confidential it's hard to tell what researchers accomplished or their method of attack. Both researchers and plane manufacturers seem to agree that taking control of an airplane for more than a few seconds would be extremely difficult, but not impossible, and that's even with insider knowledge or prolonged access the plane.
I'm going to provide some information on safety and integrity measures that are standard in the industry and make hacking avionics difficult. In particular, hacking avionics is a type of safety-critical embedded device hacking, not server or personal computer hacking. Safety critical embedded devices have a much smaller attack surface and many more mitigation methods in place, as outlined below.
The threats you face on planes are very different from servers and laptops. Especially for the most critical systems like displays and autopilots, datatypes are strict, messaging is scheduled, processing time is limited, and strings are rarely used. To accomplish most traditional attacks, you would have to break these protocols. This is similar to other kinds of embedded programming where the software is so inflexible that the attack surface is small.
Some things that definitely help attackers here include physical access to the software update process, being able to work with the plane for several days, insider knowledge, simple RF equipment, or ability to hijack satellite communications to the plane. If your attacker has some of those the threat is much more serious.
Is it possible to mess with the availability of aircraft systems? Yes, if you can manipulate the right signals. You could, for example, make the flight control computer think a sensor has gone bad. You could throw off a lot of sensors with powerful enough radio signals. A bug in 787 NG display software once led to all displays going black. Also, most flight computers use off-the-shelf processors with lots of weird behaviors, and especially if an exploit lets you execute arbitrary assembly code, you could exploit some of these to take the avionics system offline.
However, availability isn't as big of a concern as integrity of the avionics. Most people are really concerned about a hacker taking complete control of the plane, not forcing the pilot to fly by hand.
Different functions, especially ones at different safety levels, are by regulation insulated from each other. Although aircraft have historically had dedicated hardware for each component, nowadays much of this software is run on shared LRU computers (this is called an IMA architecture). But despite sharing hardware, the software processes are strictly insulated from each other and it is proved during certification that no processor faults, error conditions, overflows, etc. could transfer from one process to another, especially not a higher level process. Yes, signals pass between partitions, but any signals passing from a lower safety level to a higher level are individually justified to ensure they won't cause safety issues.
In order for an exploit to have catastrophic effect, it would have to get around these by either by 1) working directly with level-A hardware and processes 2) finding a poor assumption about the impact of a lower-level signal. These poor assumptions exist, but they're rare.
Many hacks in personal computers happen because of inadequate testing that lets exceptions and faults into the system. Level A software is tested far more comprehensively than most apps or PC software. Every line is tested for MC-DC coverage (not exhaustive, but every decision has to be exercised as both True and False). Structural coverage is also evaluated to make sure unintended interactions don't occur. If faults do occur, the RTOS is designed to take care of these faults predictably and reliably.
Ok, say you can't find a way to execute arbitrary code, can you mess up the software update process? This initially seems viable, especially given the new tendency to update avionics firmware over networks. There are several issues here.
For more analysis of safety measures to prevent corrupt software or databases from being uploaded, I'd suggest you consult the standards for this process: DO-200A, Chapter 5 of FAA Order 8110.49,and FAA AC 20-153.
Usually the autopilot and other software is managed by another system which has interlocks and disengage logic. These have safety standards and tests written to make sure they work reliably, including a requirement for a software-free method of disengaging autopilot. This make it very tricky to find an exploit here without, say, already being able to execute arbitrary code.
Even if this disengagement software doesn't work, pilots have circuit breakers and can disable the entire avionics system, then fly the airplane by hand. See BigHomie's answer for a discussion of how feasible it is to hack this (answer: not very).
In theory, this should work, but in certain situations the plane could be put in an unsafe situation before the pilot could regain control. As the 737 Max incidents showed, sudden pitch down when close to the ground can be difficult to recover from, even if you can manually disengage the autopilot or manually disengage the trim system.
Any computer can be hacked. I'm not saying I have the knowledge to do it, or even know much about airplanes to tell you how. However if someone with the knowledge required had the proper time, motivation, and access to an aircraft, it could most definitely be done. If you're asking if a plane can be taken over from the ground midflight, without any prior modification, I can't answer that because I don't know enough about the system.
However, one must think about what wireless protocols are used for a plane to talk to the ground, what computer subsystems can access that physical link, and if those subsystems can control the plane, or access other subsystems that can control the plane.
'Locking a pilot out' probably involves disabling a manual switch somewhere, tricky to do via computer, but can be done given enough amperage was passed through the switch to blow it, or if it were rigged before hand (prior modification).
The claims were outlined in a newly released FBI affidavit, which says that Denver computer security expert Chris Roberts told investigators that he not only hacked into in-flight entertainment systems 15 to 20 times but also at one point \"caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane.\"
\"While we will not comment on specific allegations, there is no credible information to suggest an airplane's flight control system can be accessed or manipulated from its in-flight entertainment system,\" a senior law enforcement official said. \"Nevertheless, attempting to tamper with the flight control systems of aircraft is illegal and any such attempts will be taken seriously by law enforcement.\"
\"Nobody can take control of the airplane right now,\" Ganyard said. \"I think somebody can insert bad data. They can spoof and fool the crew. They can say that they are in one place when they're really in another. They can do all sorts of things that could potentially be dangerous. But at this point, we don't have any reason to suggest that somebody can take over the airplane and fly it into a mountainside.\"
795a8134c1