{"id":8504,"date":"2015-04-23T11:59:26","date_gmt":"2015-04-23T15:59:26","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=8504"},"modified":"2020-02-26T11:01:27","modified_gmt":"2020-02-26T16:01:27","slug":"hack-it-in-the-air","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/hack-it-in-the-air\/8504\/","title":{"rendered":"Air raid warning: what hackers can actually do with modern aircrafts?"},"content":{"rendered":"<p>Recently the <a href=\"http:\/\/en.wikipedia.org\/wiki\/Government_Accountability_Office\" target=\"_blank\" rel=\"noopener nofollow\">United States Government Accountability Office<\/a> published a\u00a0<a href=\"http:\/\/www.gao.gov\/assets\/670\/669627.pdf\" target=\"_blank\" rel=\"noopener nofollow\">report<\/a>\u00a0warning the <a href=\"http:\/\/en.wikipedia.org\/wiki\/Federal_Aviation_Administration\" target=\"_blank\" rel=\"noopener nofollow\">Federal Aviation Administration<\/a> that aviation faces cybersecurity challenges in \u201cat least three areas\u201d, including the protection of\u00a0aircraft avionics used to operate and guide aircrafts. The media interpreted this warning to mean, \u201cModern aircrafts can be hacked and commandeered through onboard Wi-Fi\u201d. But, is it really that bad?<\/p>\n<p>We have a detailed statement made by <a href=\"https:\/\/twitter.com\/andreynikishin\" target=\"_blank\" rel=\"noopener nofollow\">Andrey Nikishin<\/a>, Head of Future Technology Projects at Kaspersky Lab, on this controversial topic:<\/p>\n<p>\u201cAs a fairly frequent flyer, I had mixed feelings about <a href=\"http:\/\/www.wired.com\/2015\/04\/hackers-commandeer-new-planes-passenger-wi-fi\/\" target=\"_blank\" rel=\"noopener nofollow\">the news that modern planes can be hacked<\/a>. Readers who are not familiar with how modern planes operate might get the impression that an intruder with a laptop can easily seize full control of a plane. In reality, that isn\u2019t quite the case.<\/p>\n<p>A modern passenger plane has multiple computer networks, and those networks share data of differing levels of importance, transferring the necessary information between them. The most important network is <a href=\"http:\/\/en.wikipedia.org\/wiki\/Avionics_Full-Duplex_Switched_Ethernet\" target=\"_blank\" rel=\"noopener nofollow\">AFDX<\/a>, which is dedicated to transmitting avionics data (i.e., data used to control the plane). This is an isolated bus, which is not connected to Wi-Fi or the onboard entertainment network. On ADFX, signals are always transmitted over wired connections only.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How foolproof are In-flight electronic systems? \u2013 <a href=\"http:\/\/t.co\/WCl6ddMIZV\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/WCl6ddMIZV<\/a> <a href=\"http:\/\/t.co\/R6npgKiKRS\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/R6npgKiKRS<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/585521283858886657?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 7, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>At the same time, there is another network, Information Management On-Board, which covers less important functions, such as monitoring the state of the plane\u2019s various systems, weather data etc., as well as passenger Wi-Fi connections. The passenger network is isolated from other functions by a firewall. The article discussed the possibility of breaking though that firewall and getting into the Information Management network.<\/p>\n<p>In other words, the safety-critical network is ultimately isolated from the Info Management network and nobody can just go ahead and hijack the plane\u2019s operations via a computer. At the same time, at least in theory, an attacker might succeed in influencing the data coming from the health monitor, navigation or weather report systems.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Air raid warning: what #hackers can actually do with modern #aircraft?<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F9Puc&amp;text=Air+raid+warning%3A+what+%23hackers+can+actually+do+with+modern+%23aircraft%3F\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>Naturally, this would require familiarity with the relevant protocols and an understanding of the data formats involved. As far back as 2008, Boeing was warned that a passenger Wi-Fi network should not be physically connected to the plane\u2019s internal networks. The manufacturer promised to fix this issue and, apparently, found an easy fix \u2013 that is, installed a firewall.<\/p>\n<p>I believe, however, that the problem lies much deeper: we cannot use old technologies in the <a href=\"https:\/\/www.kaspersky.com\/blog\/internet-of-crappy-things\/\" target=\"_blank\" rel=\"noopener nofollow\">modern connected world<\/a> and hope that nobody will hack them simply because it is difficult and expensive. It is high time to bring the communication protocols used in aviation up to date and in line with today\u2019s realities. This is a process that should have started yesterday rather than today. Clearly, upgrading planes will be expensive \u2013 but new systems can and should be designed to meet today\u2019s and tomorrow\u2019s needs and requirements\u201d.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recent report by US GAO was treated by medias as \u201cModern aircrafts can be hacked and commandeered through onboard Wi-Fi\u201d. Is it really that bad?<\/p>\n","protected":false},"author":40,"featured_media":8505,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[951,1048,1071,78,82,794,97,84],"class_list":{"0":"post-8504","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-aircrafts","9":"tag-aviation","10":"tag-firewall","11":"tag-hackers","12":"tag-hacking","13":"tag-iot","14":"tag-security-2","15":"tag-wifi"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/hack-it-in-the-air\/8504\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/hack-it-in-the-air\/4776\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/hack-it-in-the-air\/3337\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/hack-it-in-the-air\/5292\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/hack-it-in-the-air\/5671\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/hack-it-in-the-air\/5854\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/hack-it-in-the-air\/7600\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/hack-it-in-the-air\/8731\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/hack-it-in-the-air\/7443\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/hack-it-in-the-air\/7600\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/hack-it-in-the-air\/8504\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/hack-it-in-the-air\/8504\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/aircrafts\/","name":"aircrafts"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/8504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=8504"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/8504\/revisions"}],"predecessor-version":[{"id":33509,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/8504\/revisions\/33509"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/8505"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=8504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=8504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=8504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}