Hacking an aircraft: is it already real?

August 26, 2015

In-flight security made quite a lot of headlines earlier this summer, but this time at unusual angle. Aviation has always been focused on safety and had remained the most secure industry that ever existed. However, the buzz was about another aspect of security — the one quite surprising for an average passenger and quite expected for an IT specialist.

Hacking an aircraft: is it already real?

It’s not a secret that today’s aircraft are one huge computer, with the pilot being more of a PC operator rather than of an actual ‘ace’ pilot — he handles a single task of supervising smart machinery. An orientation pilot and a panel operator are no more, fully replaced by computers.

As it turned out that those computers are as hackable as the rest. The potential impact of a hacker attack on a plane is devastating: just think of a terrorist who would no longer have to hold passengers hostages, or break into the cockpit. The only thing the culprit would need for him to wreak havoc is a laptop.

The wave of panic emerged in spring with the report on on-board Wi-Fi security published by US Government Accountability Office. The relevance between aviation, cybersecurity and GAO remains unclear, yet some media outlets managed to invent a lot of dreadful stories for the common folk: according to a number of publications, terrorists now would be able to hijack planes while sitting with a tablet in the backyard and making target aircrafts land in the same yard.

Obviously no one bothered to read the full report: aerophobic people craved for another reason to believe airplanes were the most dangerous means of transportation. At the same time, the report is a terrific bore: it contains pages and pages of claims that since Internet is accessible on board through Wi-Fi and satellite, it’s time the industry thought of securing this channel.

An unencrypted 802.11 network is insecure per se, and in this very application it serves as a local network, like the one you have at home or in the office, so someone could log in and hack other devices connected to this on-board network. The possibility of getting access to flight management systems through on-board Wi-Fi is referenced as theoretically plausible, since no one even managed to do that.

However, then an extravagant and, obviously, hungry for fame aviation security researcher popped up out of nowhere. Chris Roberts boarded onto a United flight and tweeted: “Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? :)”

As a result, upon landing in the destination airport he was approached by strangers who urged him to follow them, as it later turned out, into a dimly lit room with FBI agents. His laptop and tablet were confiscated for further investigation and he was held for questioning for hours. The airline, meanwhile, cancelled his return ticket.

The tweet was a joke that was supposed to attract attention to Roberts: he had been dealing with in-flight systems security for a number of years, without particular attention from the industry players.

Later during investigation, Roberts admitted he managed to gain control over flight management system for a brief period of time and even was able to change the direction of the flight. Moreover, he revealed the details of the ‘hack’: he tampered with in-flight entertainment system by connecting to its bus through a custom adapter.

Except for the hacker’s word, there is no proof he actually managed to hijack control over the flight management system. Drawing a different course on the maps broadcasted on the passengers’ multimedia displays and really changing is not the same thing. If the course had really been changed, it would not go unnoticed by pilots and dispatches, which would provide reason enough for a very serious investigation.

Digital Security, a Russian security firm, studied 500 flights of 30 different airlines during five years and found out that there are security vulnerabilities on planes, and hackers have tried to exploit them in order to discover the potential of such hacks. If briefly summarized, there are certain entry points in the aircraft’s IT systems which are of interest for culprits:

  • Flight Management System
  • Router of another networking appliance which facilitates communication between systems, for instance, SATCOM, a satellite communication server
  • Multimedia server
  • Terminal multimedia devices

An easy target would be a multimedia device, which is built into the seat in front of the passenger. Once it is attacked, a hacker is able to infiltrate its operation system and use it to compromise other systems.

There are several ways to execute such an attack. One could leverage a vulnerable USB port to plug in a keyboard emulator and send commands into the system. Or, or instance, it’s possible to exploit a bug in the software responsible for multimedia playback from a thumb drive.

Some aircrafts, in addition to USB, have complementary RJ-45 ports, which enable a wider arsenal of hacking tricks on a connected laptop. A savvy hacker would be able to gain control over the entire in-flight multimedia system and even get hold of a multimedia server, which is challenging but feasible.

The main thing: some aircrafts feature RJ-45 ports marked as “Private use only.” It’s possible that once connected through this port, a hacker would be able to access critical system elements. There is no evidence of such attack offering access to flight management systems, though.

At the same time, there were cases of malfunctioning due to software bugs. Recently, three of four engines of a cargo Airbus failed during takeoff because the calibration data was lost due to incorrect software update, resulting in a crash.

This happened because programmers did not think of an alert for these types of failures. They did not even think that those configuration files would go amiss: software updates are supposed to check whether configuration files are there.

Due to this flaw, the sensor data was interpreted incorrectly; the main computer thought that the affected engines failed and turned them off – software developers did not consider simultaneous failure of more than two engines: with only two functional engines the plane would have continued the flight and successfully performed an emergency landing.

A bug was also discovered in Boeing planes: Boeing 787 Dreamliner may suffer from the complete electrical shutdown during the flight: if all four power generators are launched simultaneously and operate incessantly during 248 days, they’d shut down in an emergency mode, leaving the plane in a blackout.

The reason of the failure is simple: stack overflow in the internal timer. It’s understandable that such a coincidence is hardly plausible in real life scenarios, but this case may serve the reminder that an aircraft managed by a computer is susceptible to the same flaws as any other computer, including your desktop. So, don’t be surprised once you learn about Kaspersky Inflight Security’s availability on the market.