Sponsor Message:
Aviation Technical / Operations Forum
My Starred Topics | Profile | New Topic | Forum Index | Help | Search 
Hijacking Aircraft Computer Systems, Possible?  
User currently offlinempdpilot From United States of America, joined Jul 2006, 993 posts, RR: 0
Posted (1 year 5 months 2 weeks 1 day 14 hours ago) and read 3904 times:

I found this article today, and I admit, I am a bit skeptical. With that in mind I am no expert on the matter and am curious what others think.

The article talks about how someone could hijack on board computer systems and take control of an airliner. It mentions that control could even be given to an app on an android phone. Read on to hear more about the details.

Hijacking Aircraft with an Android phone


One mile of highway gets you one mile, one mile of runway gets you anywhere.
17 replies: All unread, jump to last
 
User currently offlinebueb0g From United Kingdom, joined Jul 2010, 644 posts, RR: 0
Reply 1, posted (1 year 5 months 2 weeks 1 day 11 hours ago) and read 3847 times:

Possible, I guess... But screw around all you want with the FMS/ancilliary systems, the pilots can just turn the AP off and land at the nearest airport...


Roger roger, what's our vector, victor?
User currently offlinechuchoteur From France, joined Sep 2006, 764 posts, RR: 0
Reply 2, posted (1 year 5 months 2 weeks 1 day 7 hours ago) and read 3712 times:

he may have used bits of actual hardware, but on the software side he used a pc simulated environment, which isn't the same as an actual architecture. He got ripped to bits in other articles (on Forbes in particular) where he admitted that an actual architecture has added features that means his mode of hacking wouldn't work.

He's plugging a software tool he developed that scans code lines for vulnerabilities. It may be a good product, but I doubt that going on stage with a presentation like that will impress a lot of people in the security industry....

http://www.forbes.com/sites/andygree...s-in-airplanes-navigation-systems/

[Edited 2013-04-11 12:49:57]

User currently offlineKELPkid From United States of America, joined Nov 2005, 6392 posts, RR: 3
Reply 3, posted (1 year 5 months 2 weeks 1 day 7 hours ago) and read 3705 times:

The flaws I see here:

Sure, if you built a (highly illegal) transmitter, you *could* broadcast your own ADS-B misinformation. However, both the guys in the pointy end of the bird and the guys at the TRACON have good old fashioned technology that will reveal the truth about what's going on. And as long as the aircraft is in VMC, a quick peek out the cockpit windows can help sort out misinformation. As long as VHF voice communications exist, it is relatively easy to know the truth  

I wasn't aware that ACARS could transmit messages to the FMS to cause alerts to go off? I thought ACARS was mostly for the aircraft self-reporting data back to the airline (like flight progress and equipment malfunctions)...I could see it used for things like automatically loading a flight plan from dispatch and transmitting that same flight plan to ATC...



Celebrating the birth of KELPkidJR on August 5, 2009 :-)
User currently offlineflyingturtle From Switzerland, joined Oct 2011, 2414 posts, RR: 13
Reply 4, posted (1 year 5 months 2 weeks 1 day 5 hours ago) and read 3660 times:

http://www.scifiworld.es/imagenes/fotos/14439747_CRM114_01.jpg


Airlines routinely encrypt such ACARS messages in order not to give the competitors any hints about enroute weather, fuel consumption and such things.

IMHO, this thing could be easily patched, for example by technique called one-time pad. At the briefing, the captain is given a slip of paper with a handful of codes on it, while the dispatcher keeps an identical slip. And then, messages will only be trusted and loaded into the FMS if the message contains one of the codes on the slip.

Not hackable in any way, except somebody knows how to cheat sheer luck - or steals the slip.



David



Keeping calm is terrorism against those who want to live in fear.
User currently offlineStarlionblue From Greenland, joined Feb 2004, 17044 posts, RR: 67
Reply 5, posted (1 year 5 months 2 weeks 1 day 3 hours ago) and read 3631 times:

Quoting flyingturtle (Reply 4):
MHO, this thing could be easily patched, for example by technique called one-time pad. At the briefing, the captain is given a slip of paper with a handful of codes on it, while the dispatcher keeps an identical slip. And then, messages will only be trusted and loaded into the FMS if the message contains one of the codes on the slip.

Paper? This is not the Napoleonic era.  Nowadays, one time pads are more easily implemented with electronic tokens that rotate codes.




"There are no stupid questions, but there are a lot of inquisitive idiots."
User currently offlinercair1 From United States of America, joined Oct 2009, 1323 posts, RR: 52
Reply 6, posted (1 year 5 months 2 weeks 1 day 3 hours ago) and read 3622 times:
AIRLINERS.NET CREW
CUSTOMER SERVICE & SUPPORT

Quoting flyingturtle (Reply 4):
IMHO, this thing could be easily patched, for example by technique called one-time pad

Would the plane have the auto destruct button like the radio?



rcair1
User currently offlineRoseflyer From United States of America, joined Feb 2004, 9652 posts, RR: 52
Reply 7, posted (1 year 5 months 2 weeks 1 day 1 hour ago) and read 3564 times:

I don't quite understand what he is trying to do. He can hack into two transmitting functions of the airplane. Yes he can get transmitted messages such as acars, and then the flight parameters transmitted, but other than knowing where and what the p,and is doing, how does that help hijack an airplane. If he got into ARINC then he could do damage, but I am not sure what can be do e with ACARS.


If you have never designed an airplane part before, let the real designers do the work!
User currently offlinerwessel From United States of America, joined Jan 2007, 2353 posts, RR: 2
Reply 8, posted (1 year 5 months 2 weeks 20 hours ago) and read 3494 times:
Support Airliners.net - become a First Class Member!

Quoting flyingturtle (Reply 4):
IMHO, this thing could be easily patched, for example by technique called one-time pad. At the briefing, the captain is given a slip of paper with a handful of codes on it, while the dispatcher keeps an identical slip. And then, messages will only be trusted and loaded into the FMS if the message contains one of the codes on the slip.

And after the captain exchanges a handful of short messages with the dispatcher, and uses all of the OTP, what then? Can't talk anymore?

Quoting Starlionblue (Reply 5):
Nowadays, one time pads are more easily implemented with electronic tokens that rotate codes.

A security token is nothing at all like an OTP.


User currently offlineStarlionblue From Greenland, joined Feb 2004, 17044 posts, RR: 67
Reply 9, posted (1 year 5 months 2 weeks 20 hours ago) and read 3489 times:

Quoting rwessel (Reply 8):
Quoting Starlionblue (Reply 5):
Nowadays, one time pads are more easily implemented with electronic tokens that rotate codes.

A security token is nothing at all like an OTP.

The authentication principle is the same, exactly like a paper OTP since a security token generates One Time Pads. In printed form you choose the correct code as requested by the party you wish to authenticate with. Security tokens come in various guises but for the simple one in the picture a new code is generated at set intervals. The server end knows the code that will be generated on the token at the time of authentication and can thus verify that the user has the correct token. This is know as a "time-synchronized OTP".

[Edited 2013-04-11 23:48:22]

[Edited 2013-04-11 23:48:56]

[Edited 2013-04-11 23:51:19]


"There are no stupid questions, but there are a lot of inquisitive idiots."
User currently offlineflyingturtle From Switzerland, joined Oct 2011, 2414 posts, RR: 13
Reply 10, posted (1 year 5 months 2 weeks 18 hours ago) and read 3445 times:

Quoting rcair1 (Reply 6):
Would the plane have the auto destruct button like the radio?

Of course. We're talking about modern aviation. 
Quoting rwessel (Reply 8):
And after the captain exchanges a handful of short messages with the dispatcher, and uses all of the OTP, what then? Can't talk anymore?

Depends on how many critical messages have to exchanged - they're not in the range of ten or twenty per flight. Basically, there are zero critical messages because the crew can always ask on HF or satellite phone for a confirmation if the new routing is dubious. And ATC will ask anyway when the routing looks strange.

But the principle stands that OTP is an extremely simple method to defeat such hacking attempts.


David



Keeping calm is terrorism against those who want to live in fear.
User currently offlineStarlionblue From Greenland, joined Feb 2004, 17044 posts, RR: 67
Reply 11, posted (1 year 5 months 2 weeks 18 hours ago) and read 3437 times:



Quoting flyingturtle (Reply 10):
But the principle stands that OTP is an extremely simple method to defeat such hacking attempts.

Indeed, and since it can be integrated into the systems it can be made completely transparent to the user.

Quoting rwessel (Reply 8):
And after the captain exchanges a handful of short messages with the dispatcher, and uses all of the OTP, what then? Can't talk anymore?

With electronic authentication, there is no limitation in practice.

Also:

Quoting flyingturtle (Reply 10):
Basically, there are zero critical messages because the crew can always ask on HF or satellite phone for a confirmation if the new routing is dubious. And ATC will ask anyway when the routing looks strange.


[Edited 2013-04-12 01:53:15]


"There are no stupid questions, but there are a lot of inquisitive idiots."
User currently offlineMD11Engineer From Germany, joined Oct 2003, 14027 posts, RR: 62
Reply 12, posted (1 year 5 months 2 weeks 18 hours ago) and read 3432 times:

Quoting flyingturtle (Reply 4):
Airlines routinely encrypt such ACARS messages in order not to give the competitors any hints about enroute weather, fuel consumption and such things.

Actually many airlines don´t worry too much about the competition getting those messages, but about pimply spotters or the press receiving ACARS messages and publishing them out of context.

Quoting rcair1 (Reply 6):
Quoting flyingturtle (Reply 4):
IMHO, this thing could be easily patched, for example by technique called one-time pad

Would the plane have the auto destruct button like the radio?

The picture shows an old military IFF transponder. These things often contained selfdestruct charges, which would explode or burn oif somebody unauthorised opened the housing to destroy critical compenents responsible for coding. The charge could also be activated by the pilot if he was forced to land or crash in enemy territory.

Jan


User currently offlineairmagnac From Germany, joined Apr 2012, 315 posts, RR: 44
Reply 13, posted (1 year 5 months 2 weeks 17 hours ago) and read 3420 times:

Quoting MD11Engineer (Reply 12):
The picture shows an old military IFF transponder.


Actually, I believe it's a CRM-114, or How I learned to stop worrying and love communication systems  



One "oh shit" can erase a thousand "attaboys".
User currently offlineflyingturtle From Switzerland, joined Oct 2011, 2414 posts, RR: 13
Reply 14, posted (1 year 5 months 2 weeks 16 hours ago) and read 3399 times:

Quoting MD11Engineer (Reply 12):
The picture shows an old military IFF transponder. These things often contained selfdestruct charges, which would explode or burn oif somebody unauthorised opened the housing to destroy critical compenents responsible for coding. The charge could also be activated by the pilot if he was forced to land or crash in enemy territory.

It's not an IFF transponder. Though very credible, it was invented for a certain film airmagnac is referring to. In that Cold War satire, one central topic is how to authenticate messages sent to B-52 bombers. If somebody could fake them, one could start the end of the world with the push of a button.

Wikipedia:

"Lacking cooperation from the Pentagon in the making of the film, the set designers reconstructed the aircraft cockpit to the best of their ability by comparing the cockpit of a B-29 Superfortress and a single photograph of the cockpit of a B-52, and relating this to the geometry of the B-52's fuselage. The B-52 was state-of-the-art in the 1960s, and its cockpit was off-limits to the film crew. When some United States Air Force personnel were invited to view the reconstructed B-52 cockpit, they said that "it was absolutely correct, even to the little black box which was the CRM." It was so accurate that Kubrick was concerned whether Ken Adam's production design team had done all of their research legally, fearing a possible investigation by the FBI."

Are any B-52 air crew around here? I might have a few questions concerning this very thread.

David



Keeping calm is terrorism against those who want to live in fear.
User currently offlinerwessel From United States of America, joined Jan 2007, 2353 posts, RR: 2
Reply 15, posted (1 year 5 months 1 week 5 days 19 hours ago) and read 3172 times:
Support Airliners.net - become a First Class Member!

Quoting Starlionblue (Reply 9):
Quoting rwessel (Reply 8):
Quoting Starlionblue (Reply 5):
Nowadays, one time pads are more easily implemented with electronic tokens that rotate codes.

A security token is nothing at all like an OTP.

The authentication principle is the same, exactly like a paper OTP

The use of an uncommon acronym (outside of marketing) and an the incorrect definition for the acronym (although the correct definition for the *common* use of the acronym), threw me.

Almost always, an OTP is a One Time *Pad*, which is a special type of cipher which has the interesting property that it's provably secure. It also has certain disadvantages, namely that no key material can ever be reused, all bits of the key are fully independent, and that the key has to be as long as the messaged being encoded. And in general authentication requires something in addition to the OTP.

A One Time *Password* is something rather different, and nobody technical in the industry uses the acronym OTP for that, since it has a much more common definition. marketing departments go their own way, however. Probably the (false) association with the unbreakable one-time-pad is "good" thing for marketing. In any event, while the traditional paper based one-time-password, when combined with fully independent passwords and no password reuse can manage a few of the same properties, although authentication is still probabilistic. Nor does any electronic security token implement the "fully independent" criteria (one could, by simply storing a large about of properly generated key material, and then emitting it a bit at a time, but I know of none that do - all of the ones out there are based on a cryptographically secure pseudo random number generator of some sort). Nor does a security token generate anything that could be remotely considered a one-time-*pad*.

A security token plus a password can provide a reasonable level of security, although passwords are compromised constantly (should this become common practice I guarantee we'll see passwords on a post-it on the panels of half the airliners out there), and several of the security tokens have been broken as well.

But yes, a password, plus a token, plus some certificate based authentication, if done properly, should be adequate. OTOH, given the dismal record of security on SCADA and similar systems, I'm not holding my breath for the "done properly" part.

At the end of the day, there are no authentication protocols that *prove* identity, although you can make it arbitrarily hard (or improbably) to fake an identity.


User currently offlineMD11Engineer From Germany, joined Oct 2003, 14027 posts, RR: 62
Reply 16, posted (1 year 5 months 1 week 5 days 7 hours ago) and read 3028 times:

Quoting flyingturtle (Reply 14):
Quoting MD11Engineer (Reply 12):
The picture shows an old military IFF transponder. These things often contained selfdestruct charges, which would explode or burn oif somebody unauthorised opened the housing to destroy critical compenents responsible for coding. The charge could also be activated by the pilot if he was forced to land or crash in enemy territory.

It's not an IFF transponder. Though very credible, it was invented for a certain film airmagnac is referring to. In that Cold War satire, one central topic is how to authenticate messages sent to B-52 bombers. If somebody could fake them, one could start the end of the world with the push of a button.

Wikipedia:

"Lacking cooperation from the Pentagon in the making of the film, the set designers reconstructed the aircraft cockpit to the best of their ability by comparing the cockpit of a B-29 Superfortress and a single photograph of the cockpit of a B-52, and relating this to the geometry of the B-52's fuselage. The B-52 was state-of-the-art in the 1960s, and its cockpit was off-limits to the film crew. When some United States Air Force personnel were invited to view the reconstructed B-52 cockpit, they said that "it was absolutely correct, even to the little black box which was the CRM." It was so accurate that Kubrick was concerned whether Ken Adam's production design team had done all of their research legally, fearing a possible investigation by the FBI."

Are any B-52 air crew around here? I might have a few questions concerning this very thread.

David

My mistake. I worked on a T-33 and still have the manuals around. There the old maintenance manuals from the 1950s warned the mechanics from working on the IFF unless certain procedures have been carried out to prevent the selfdestruct charge in the IFF encoder from firing. E.g. the guys were not allowed to open the box.

Jan

[Edited 2013-04-14 13:22:46]

User currently offlineflyingturtle From Switzerland, joined Oct 2011, 2414 posts, RR: 13
Reply 17, posted (1 year 5 months 1 week 4 days 18 hours ago) and read 2937 times:

Quoting MD11Engineer (Reply 16):

No problem, Sir.

The T-33 is my favourite aircraft in FlightGear.  


David



Keeping calm is terrorism against those who want to live in fear.
Top Of Page
Forum Index

Reply To This Topic Hijacking Aircraft Computer Systems, Possible?
Username:
No username? Sign up now!
Password: 


Forgot Password? Be reminded.
Remember me on this computer (uses cookies)
  • Tech/Ops related posts only!
  • Not Tech/Ops related? Use the other forums
  • No adverts of any kind. This includes web pages.
  • No hostile language or criticizing of others.
  • Do not post copyright protected material.
  • Use relevant and describing topics.
  • Check if your post already been discussed.
  • Check your spelling!
  • DETAILED RULES
Add Images Add SmiliesPosting Help

Please check your spelling (press "Check Spelling" above)


Similar topics:More similar topics...
Aircraft Electrical Systems- Types? posted Sat Jul 21 2007 04:52:02 by MissedApproach
Light Aircraft Heating Systems posted Fri Jan 26 2007 17:43:12 by N231YE
Computer Systems Airlines Use posted Thu Aug 11 2005 01:09:24 by FlyerBoyEK
Solar Energy On An Aircraft. Possible? posted Fri Oct 15 2010 14:05:39 by 330lover
Possible Aircraft Damage posted Fri Jan 23 2009 14:54:18 by Legoguy
Is Nuclear Powered Aircraft Now Possible? posted Mon Jan 12 2009 16:59:28 by Ruscoe
Hydro-systems On Aircraft posted Sun Sep 7 2008 07:08:52 by AlexEU
Retired Aircraft In WiG Role? Is It Possible? posted Sat Feb 9 2008 17:57:57 by GolfOscarDelta
Swept-wing Passenger Aircraft..possible? posted Mon Nov 5 2007 06:55:30 by Kmh1956
A Supersonic Propeller Driven Aircraft, Possible? posted Thu Apr 26 2007 06:04:02 by FLY2HMO

Sponsor Message:
Printer friendly format