Bit Planes Hacked

[Mireille Kreines]

Asan information security consultant this is an interesting subject for me, and I've kept my ear to the ground. No manned aircraft has ever been controlled by a hacker unless the incident has been kept out of the public domain. The only aircraft I know of that was ever hacked was when Iran used a GPS spoofing attack to fool an American RQ-170 drone into landing in Iran instead of its home base in Afghanistan. It's unlikely that would work with a manned aircraft as pilots would catch on. Even that wasn't directly manipulating the drone's systems, instead attacking the GPS signals it used to navigate. There's been some speculation that Malaysia Flight 370 was remotely taken over, there doesn't appear to be any factual basis for that.

Hackers have successfully attacked entertainment systems in the past, however in Airbus and Boeing airplane those are separated from the flight systems so the compromise of the entertainment system would not allow the compromise of the flight systems. I am not familiar with the security design of other manufacturers. There have been stories in the news saying hackers have managed to control airplanes in flight from their seats, these have not been verified and I do not consider them credible.

Modern airplanes are increasingly e-connected in areas such as communications and radar. They often include in-flight entertainment systems as well as accommodating a growing number of Wi-Fi-enabled devices.

There is growing concern that hackers could launch over-the-air attacks remotely, leading to potentially disastrous consequences, such as rerouting flights. Just how realistic is this threat to planes in the air? What potential damage could be caused? And what mitigations should airlines be putting in place to secure live aircraft?

The risks to the industry span multiple vectors. After the 2008 crash of Spanair flight 5022, it was discovered that a central computer system used to monitor technical problems in the aircraft was infected with malware. Spanish newspaper El Pais reported that the infected computer failed to detect three technical problems with the aircraft, which, if discovered earlier, could have prevented the plane from taking off.

With planes becoming increasingly connected as efficiency and environmental concerns become more important, new systems are emerging to aid pilots. The electronic flight bag (EFB) is typically a tablet or laptop computer that helps the pilot calculate how much power is needed for take-off. These require data such as wind, weight, temperature and runway length to make their calculations.

There have been numerous cases of pilots mis-keying the data, setting too little power and nearly running off the end of the runway or hitting the tail when rotating, says Munro. Yet even worse, he says, Pen Test Partners has found multiple vulnerabilities in EFBs that would cause the engine power to be wrongly set.

The most prominent of these is the Aviation Cyber Initiative, a partnership between the US Federal Aviation Administration, the Cybersecurity and Infrastructure Security Agency and the Department of Defense to work with the industry to enhance aviation cybersecurity.

Multiple layers of protection and monitoring need to be in place to detect any form of attack and make the system fail-safe to prevent damage or take over, says James Griffith, co-founder and technical director of Cyber Security Associates. Most airlines will have security operations staff constantly monitoring systems, he says.

The first episode talks about the most widely accepted theory; a tragic pilot-created murder-suicide. The second episode discusses a scenario where Russian special operations potentially hack the plane. The conspiracy theory was that it was to distract global media from the 2014 events in Crimea and eastern Ukraine.

The documentary proposes that one of the Russian team created a ruckus of some description. This was a distraction so that a member of the team could slip forward unnoticed. They then lift a hatch in the floor to access the EE bay. Once inside they close the hatch, and the carpet on top of the hatch magically falls back into place.

Back to the story. So now the hacker is in the EE bay, and this is where the story goes bananas. Using a simple, unspecified cable connection they plug a laptop into the plane systems and proceed to do all sorts of fantastical and, in our expert opinion, impossible things to the plane. In the story this one cable connection enables them to make the plane vanish from radar and allows them to take control of flight systems:

The Boeing 777 is unique in that it uses a control protocol unlike any other, ARINC 629. Nearly every other plane uses ARINC 429. Some much newer planes (e.g. B787 and A380) use a newer ethernet based protocol called AFDX or ARINC 664.

ARINC 629 was developed partly in order to reduce cabling weight. ARINC 429 was less of a network, more point-to-point cabling. Hence the cabling weight was significant. ARINC 629 moved to an inductively coupled bus network, offering very significant cable saving.

So, decoding and injecting traffic on to a B777 takes more than a laptop. It needs a highly specialised technical device that is about 17.5 inches long, 10 inches deep, and weighs nearly 8 pounds PLUS a laptop, and a selection of cables. It may also require injecting traffic on to multiple networks concurrently, with millisecond precision, owing to the multiple redundant flight control systems.

Worse though, it can come across as misleading. The flying public would benefit from the full story and the truth about how likely the scenarios really are. They need to know about the work being done behind the scenes to prevent even the most fantastic and dangerous scenarios from occurring in the real world.

Tool dealers were a source of information. One steered me to a Stanley #604 Bedrock. I liked the heft of it, the feel of the fine rosewood handle and high front knob, the smooth adjuster. The plane was beat up, the sole worn and scratched. But it was only $25. I invested hours flattening and tweaking it and gave it a new superb blade, and this #604 has lived on my bench ever since. It gets used every day. By now my fingers have polished the sides from the way I hold it. It was a steal.

The most useful old Stanley planes are common and affordable. More specialized planes are a notch up in cost. And the rarest ones, the unusual models that few craftsmen bought, are the most expensive. In the second group is the Stanley #62, a low-angle jointer. I had a vintage Stanley #62, and it should have been really useful, but I found it disappointing, as past craftsmen must have.

Right out of the box I appreciated what it could do, which is everything but the very last polishing cuts. The throat is manufactured a little too wide for those, so I use it in tandem with a heavier and more precise block plane. The block plane stays sharp longer just doing the final cuts, and the apron plane, which is easy to sharpen, gets to do what it does best.

Karl Holtey makes precise infill and other planes that work incredibly well. Some are modeled on classic Norrises, others are his own design. He is meticulous about construction, from fine depth adjusters to space-age steels for blades. We became friends when I bought a couple of planes to test drive and give him feedback.

Japanese planes have always had a mystique, requiring special tuning of the sole and natural stones for sharpening. Wooden planes do need constant attention, which is why my students there had so much interest in consistent western iron planes. While I was there I met a craftsman considered a national treasure who makes just plane bodies. And I learned there are many paths with Japanese planes; now they seem less mysterious, and I remember Japan when I use my little plane.

Mako, part of the Keshet Media Group, wrote that senior El Al officials reported that the incidents took place over the Somali region and had nothing to do with Israel's war against Hamas in Gaza, which is receiving growing criticism from the international community for the mounting death toll among civilians.

The Jerusalem Post reported that "hostile elements" tried to take over the communications network of an El Al plane flying from Phuket, Thailand, to Ben-Gurion airport in Israel on Saturday night. Hackers tried to divert the plane from its destination, giving crew members different directions, but the crew quickly changed means of communication and did not change the flight's route, the newspaper wrote.

An El Al source told The Jerusalem Post that "in Somalia, there have been communication interruptions all week, not only for El Al planes, and the official authorities have issued instructions to all pilots that as soon as this happens with a certain frequency, not to listen to the instructions and to switch to another communication method."

In late November 2023, more than a month after the October 7 attack by the Palestinian militant group Hamas on Israel, El Al Airlines said it was operating in "emergency mode" since the beginning of the war and had experienced a drop in profits.

Since the beginning of the war, the company has increased flights to and from the U.S., Thailand and European capitals like London and Paris. Flights to other destinations, on the other hand, have been temporarily suspended.

Giulia Carbonaro is a Newsweek Reporter based in London, U.K. Her focus is on U.S. and European politics, global affairs and housing. She has covered the ups and downs of the U.S. housing market extensively, as well as given in-depth insights into the unfolding war in Ukraine. Giulia joined Newsweek in 2022 from CGTN Europe and had previously worked at the European Central Bank. She is a graduate of Nottingham Trent University. Languages: English, Italian, French.

Air travel is not only growing, it is also changing as the industry becomes increasingly reliant on technology in this digital age. From digitalising the check-in-processes, to enabling wifi access onboard, to enhancing air traffic management systems, airlines, airports and air traffic control systems have tapped on innovations to improve operational efficiency and personalisation for customers and employees.

3a8082e126