concentriq
Topic Author
Posts: 283
Joined: Mon Jan 24, 2005 11:37 am

Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 5:06 pm

Just like the headline says, and here is a link:

http://www.cnn.com/2013/04/11/tech/m...-hijack-plane/index.html?hpt=hp_t2

this is most prolific source, but others out there go into more detail.
Mobilis In Mobili
 
incitatus
Posts: 2713
Joined: Wed Feb 09, 2005 1:49 am

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 5:08 pm

Did this conference happen 11 days ago?
Stop pop up ads
 
User avatar
Tugger
Posts: 6080
Joined: Tue Apr 18, 2006 8:38 am

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 5:17 pm

I was just reading this. I am sure it will be addressed pretty quickly and of course as many here point out, the human pilot of course is the controlling authority in the plane.

Quote:
With these vulnerabilities in mind, he used virtual planes in a lab to demonstrate his ability to hijack a plane rather than attempting to take over a real flight as that was “too dangerous and unethical.” He used ACARS to gain access to the plane’s onboard computer system and uploaded Flight Management System data.

Once in, he demonstrated how it was possible to manipulate the steering of a Boeing jet while it was in autopilot mode. The security consultant said he could cause a crash by setting the aircraft on a collision course with another jet or even give passengers a scare by dropping down the emergency oxygen masks without warning.

A pilot could thwart an attack by taking the plane out of autopilot although he pointed out that several newer systems no longer include manual controls. Some systems could be updated to patch the vulnerabilities but many legacy systems would be difficult, if not impossible, to update.
http://www.techspot.com/news/52211-h...airplane-using-an-android-app.html

Tugg
I don’t know that I am unafraid to be myself, but it is hard to be somebody else. -W. Shatner
 
0newair0
Posts: 314
Joined: Fri Jun 01, 2007 12:21 am

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 5:39 pm

I don't know if I believe in the legitamacy of his conclusions resulting from the tests. Yes, he has proven that the app can control the equipment he used in his test but he has not controlled a real airplane with it.

It reminds me of the tap-and-go credit card security issues. Various people have proven that special devices can pull your credit card number and expiration date by being in close proximity to the card; however, this has failed to present as a real and substantial risk in real world use.

[Edited 2013-04-11 10:40:50]
"The future belongs to those who believe in the beauty of their dreams."
 
speedbird128
Posts: 1562
Joined: Tue Oct 28, 2003 2:30 am

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 5:49 pm

Aren't cockpit lights physical switches with dimmer knobs? I'd like to see an android app to do that for my household lighting.
A306, A313, A319, A320, A321, A332, A343, A345, A346 A388, AC90, B06, B722, B732, B733, B735, B738, B744, B762, B772, B7
 
glbltrvlr
Posts: 753
Joined: Wed Oct 10, 2007 4:28 pm

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 6:14 pm

Very old news, rehashed as some new crisis.

No secret that ACARs traffic is open to monitor. You've been able to read that traffic on web sites if you don't have the radio for years. Nobody is using ACARS for ATC over domestic US airspace. In the EU, they use a newer version of ACARS called ATN for which you could uplink flight plan change requests, but it isn't automatic. Yes, it is possible to uplink a message to a specific aircraft, if you knew they were equipped to receive it and you knew which provider frequency to use.

His demo was stupid because he would have had to authorize the FMS to accept the plan change, but no real pilot is going to respond to an ACARS message that shows up at random with a flight plan change. Nothing he could do would cause the masks to deploy or turn off any lighting systems.

In short, the guy is trying to make a name for himself.
 
ouboy79
Posts: 4113
Joined: Sun Nov 18, 2001 1:48 pm

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 6:17 pm

Quoting 0NEWAIR0 (Reply 3):
I don't know if I believe in the legitamacy of his conclusions resulting from the tests. Yes, he has proven that the app can control the equipment he used in his test but he has not controlled a real airplane with it.

Do you really want to see a real world test of a phone app taking over a 737? No thanks.

I don't think we are talking about someone with an iPhone flying an aircraft per se, more like interrupting commands being sent to the controls that can cause it to depart normal flight. Getting the patches deployed to the software packages on the aircraft will likely be rushed out and keep this from being an issue. Thankfully we had people like this that push technology to find faults to safeguard against those that aren't as noble.
 
speedbird128
Posts: 1562
Joined: Tue Oct 28, 2003 2:30 am

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 6:36 pm

Quoting ouboy79 (Reply 6):
that can cause it to depart normal flight

I'd debate the legitimacy of that... I would be interested to see exactly how he manages to insert messages in the CPDLC system...
A306, A313, A319, A320, A321, A332, A343, A345, A346 A388, AC90, B06, B722, B732, B733, B735, B738, B744, B762, B772, B7
 
User avatar
Tugger
Posts: 6080
Joined: Tue Apr 18, 2006 8:38 am

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 7:03 pm

Quoting Speedbird128 (Reply 7):

I'd debate the legitimacy of that... I would be interested to see exactly how he manages to insert messages in the CPDLC system...

I guarantee you that there are industry personnel right now looking into that with him (probably at whatever hourly rate he charges...). If the issue is real then it will be addressed.

Tugg
I don’t know that I am unafraid to be myself, but it is hard to be somebody else. -W. Shatner
 
glbltrvlr
Posts: 753
Joined: Wed Oct 10, 2007 4:28 pm

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 7:20 pm

Quoting tugger (Reply 8):
I guarantee you that there are industry personnel right now looking into that with him

I seriously doubt it. The industry (airlines, ANSPs, airframers and avionics manufacturers) are very aware of the open nature of air-ground datalink and how messages can be spoofed. There's also been a significant amount of non-public analysis performed on what the safety implications are of having such a system currently as well as what needs to be done in followon systems like NextGen and SESAR. While I'm willing to make allowances for stupid reporters, much of what appears in that article is complete tosh.
 
User avatar
lightsaber
Crew
Posts: 11862
Joined: Wed Jan 19, 2005 10:55 pm

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 7:34 pm

Quoting tugger (Reply 2):
He used ACARS to gain access to the plane’s onboard computer system and uploaded Flight Management System data.

How to do that on a real airplane? We control software tightly and the new software *must* match the bit check or the old software is kept by default.

Quoting glbltrvlr (Reply 9):
The industry (airlines, ANSPs, airframers and avionics manufacturers) are very aware of the open nature of air-ground datalink and how messages can be spoofed.

   Those messages are firewalled from the flight control boxes.

Quoting glbltrvlr (Reply 9):
While I'm willing to make allowances for stupid reporters, much of what appears in that article is complete tosh.

   Or else what I learned in system center labs is 'tosh.' I just do not see how this gets past the protocols...

Lightsaber
"They did not know it was impossible, so they did it!" - Mark Twain
 
chuchoteur
Posts: 609
Joined: Tue Sep 12, 2006 9:17 pm

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 7:40 pm

Quoting tugger (Reply 8):
I guarantee you that there are industry personnel right now looking into that with him (probably at whatever hourly rate he charges...). If the issue is real then it will be addressed.

I don't think anyone wants to work on security issues with a guy who's gone up on stage and told the whole world about such topics...

I'm given to understand that he has developed a software that scans code for vulnerabilities, and he's trying to push that product. Nice commercial pitch, shame it won't work out.
 
0newair0
Posts: 314
Joined: Fri Jun 01, 2007 12:21 am

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 7:46 pm

Quoting ouboy79 (Reply 6):
Do you really want to see a real world test of a phone app taking over a 737? No thanks.

Why not? It wouldn't have to be in the air. The plane could be on the ground in a controlled environment.
"The future belongs to those who believe in the beauty of their dreams."
 
User avatar
airmagnac
Posts: 359
Joined: Wed Apr 18, 2012 10:24 pm

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 7:54 pm

Quoting glbltrvlr (Reply 9):
much of what appears in that article is complete tosh.

  
Although I would not be so harsh, generally speaking I agree. The story disregards completely any notions of critical system design, with integrity checks, redundancies and airplane-level back-ups. And as all these features would be the first to be removed from a commercial PC simulation, his demo is meaningless.

Even assuming he did manage to upload his garbage data to the FMS, then what would happen ? The FM is a long-term control, so it won't make the airplane do aerobatics, just change direction. If he gets too close to the edges of the envelope, the AP should switch off and eliminate the problem. And newer aircraft have envelope protections.
If he makes the plane head towards the ground or another plane, GPWS or TCAS will pop up and say hello.
And any indirect control on other systems (lights, oxygen) is heavily dependant on aircraft architecture, so you can't make general conclusions.

So not very worrying. Certainly not terrifying.
My goal as an engineer is to fill my soul with coffee and become immortal
 
glbltrvlr
Posts: 753
Joined: Wed Oct 10, 2007 4:28 pm

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 9:15 pm

Quoting lightsaber (Reply 10):
How to do that on a real airplane? We control software tightly and the new software *must* match the bit check or the old software is kept by default.

He's not claiming to have modified the FMS code itself, only to have uplinked messages that modified the FMS flight plan, caused the cabin to decompress and turn off all the lights. Of those three, only the first one is technically possible even by an authorized message. For the aircraft that even have that capability (which is by no means the majority of aircraft flying today), there are procedures and other means of ensuring that the message is legitimate.

He's also conflating ACARS and ADS-B. ADS-B is a surveillance system. It is not a control system and cannot be used to modify anything in the FMS, or anything else on the aircraft. While it is possible to spoof ADS-B messages and create ghost aircraft, there are other systems in place to identify spoofed aircraft and unauthorized transmissions of ADS-B messages.

In effect, he has discovered the digital equivalent of purchasing a voice radio and pretending to be a controller.
 
speedbird128
Posts: 1562
Joined: Tue Oct 28, 2003 2:30 am

RE: Hacker Says Phone App Could Hijack Plane

Thu Apr 11, 2013 9:24 pm

Quoting tugger (Reply 8):
I guarantee you that there are industry personnel right now looking into that with him

I doubt that everybody will be hopping to his tune. In my not so big understanding of the onboard systems design, I don't see what he says as remotely feasible... The messaging system between atc and pilot is a secure closed loop with sender and recipient "addresses" required for authentication of the instruction. It's not just a case of sending an email to tell the plane to dive into the ground.

I still don't believe him - you cannot manipulate a physical switch with an android phone. But that's my opinion.

Quoting glbltrvlr (Reply 9):
I seriously doubt it. The industry (airlines, ANSPs, airframers and avionics manufacturers) are very aware of the open nature of air-ground datalink and how messages can be spoofed. There's also been a significant amount of non-public analysis performed on what the safety implications are of having such a system currently as well as what needs to be done in followon systems like NextGen and SESAR. While I'm willing to make allowances for stupid reporters, much of what appears in that article is complete tosh.

   Kind of agree with that.
A306, A313, A319, A320, A321, A332, A343, A345, A346 A388, AC90, B06, B722, B732, B733, B735, B738, B744, B762, B772, B7
 
QualityDr
Posts: 56
Joined: Sat Sep 22, 2007 9:57 am

RE: Hacker Says Phone App Could Hijack Plane

Fri Apr 12, 2013 2:52 am

I believe I could cobble together an app that would break into Microsoft's Flight Simulator X remotely, and do everything he claimed to a sophisticated airframe model (such as the PMDG 744, for instance). I don't see getting any of that done on an operational flight...
All you need in this life is ignorance and confidence; then success is sure. -- Mark Twain
 
cornutt
Posts: 333
Joined: Sun Jan 20, 2013 6:57 am

RE: Hacker Says Phone App Could Hijack Plane

Fri Apr 12, 2013 3:19 am

Quoting airmagnac (Reply 13):
Although I would not be so harsh, generally speaking I agree. The story disregards completely any notions of critical system design, with integrity checks, redundancies and airplane-level back-ups.

What he said. These things aren't running WIndows.
 
User avatar
lightsaber
Crew
Posts: 11862
Joined: Wed Jan 19, 2005 10:55 pm

RE: Hacker Says Phone App Could Hijack Plane

Fri Apr 12, 2013 4:24 am

Quoting glbltrvlr (Reply 14):
For the aircraft that even have that capability (which is by no means the majority of aircraft flying today), there are procedures and other means of ensuring that the message is legitimate.

Exactly. Something isn't adding up. Normal protocols would have to be bypassed.

Lightsaber
"They did not know it was impossible, so they did it!" - Mark Twain
 
winstonlegthigh
Posts: 130
Joined: Fri Nov 09, 2012 5:15 pm

RE: Hacker Says Phone App Could Hijack Plane

Fri Apr 12, 2013 4:54 am

Quoting chuchoteur (Reply 11):
I don't think anyone wants to work on security issues with a guy who's gone up on stage and told the whole world about such topics...

Obviously I can't say for sure whether they are or aren't, but McAfee and Symantec, for example, have all relied on characters such as Hugo Teso to improve their product. Who better to help plug the holes than the very people that make it their hobby to squeeze through them? IIRC, that's exactly how Symantec was able to understand and appreciate the complexity of what Stuxnet was.

[Edited 2013-04-11 21:55:47]
Never has gravity been so uplifting.
 
User avatar
Francoflier
Posts: 3727
Joined: Wed Oct 31, 2001 12:27 pm

RE: Hacker Says Phone App Could Hijack Plane

Fri Apr 12, 2013 8:52 am

I wouldn't completely dismiss this as a trivial issue, as many seem to do...

While you can't 'take over' an aircraft from the ground, it remains that if the ACARS coms can be hacked, then fake ATC or company messages can be sent to aircrafts.

It could lead to potentially unsafe scenarios where an aircraft was instructed by a fake ATC message to climb, descend or turn into the path of traffic. By the time the real ATC figured it out, the maneuver would have long been initiated.

There are several lines of defense to cross before a disaster occured, one of which would be basic airmanship, common sense, and that eternal defiance and distrust of anyone on the ground that pilots have.

It's still a hole in one of the cheese slices and I'm hoping someone's working on it.
I'll do my own airline. With Blackjack. And hookers. In fact, forget the airline.
 
r2rho
Posts: 2441
Joined: Tue Feb 27, 2007 10:13 pm

RE: Hacker Says Phone App Could Hijack Plane

Fri Apr 12, 2013 12:24 pm

Quoting glbltrvlr (Reply 5):
no real pilot is going to respond to an ACARS message that shows up at random with a flight plan change

even then, upon acceptance, IIRC the new uploaded flight plan is routed to the secondary flight plan, it does not simply replace the active flight plan.
 
thrufru
Posts: 117
Joined: Tue Feb 10, 2009 3:48 pm

RE: Hacker Says Phone App Could Hijack Plane

Fri Apr 12, 2013 2:37 pm

Oh for goodness sake, just click off the freakin' automation and fly the damned plane.
 
kazim786
Posts: 41
Joined: Sat Apr 09, 2011 10:19 pm

RE: Hacker Says Phone App Could Hijack Plane

Fri Apr 12, 2013 4:38 pm

Quoting Speedbird128 (Reply 4):

I think there is an app for that!   
 
IBOAviator
Posts: 91
Joined: Sat Sep 04, 2010 2:40 am

RE: Hacker Says Phone App Could Hijack Plane

Fri Apr 12, 2013 5:04 pm

Quoting francoflier (Reply 20):
It could lead to potentially unsafe scenarios where an aircraft was instructed by a fake ATC message to climb, descend or turn into the path of traffic. By the time the real ATC figured it out, the maneuver would have long been initiated.

TCAS? Assuming airliners having the FMS would have an operational TCAS, the possibility of instructing an aircraft to "turn" into another is highly unlikely. It's still the pilot's call to make the turn, etc.

Quoting thrufru (Reply 22):
Oh for goodness sake, just click off the freakin' automation and fly the damned plane.

Ahha Yes! But I think in today's world, automation onboard modern airliners will always be a necessity.
Keep Calm and Go Around!
 
chuchoteur
Posts: 609
Joined: Tue Sep 12, 2006 9:17 pm

RE: Hacker Says Phone App Could Hijack Plane

Fri Apr 12, 2013 7:28 pm

Quoting winstonlegthigh (Reply 19):
Obviously I can't say for sure whether they are or aren't, but McAfee and Symantec, for example, have all relied on characters such as Hugo Teso to improve their product. Who better to help plug the holes than the very people that make it their hobby to squeeze through them? IIRC, that's exactly how Symantec was able to understand and appreciate the complexity of what Stuxnet was.


I think that in most cases, those people used to test systems for sensitive industries are very much required to maintain confidentiality, and I believe that in some cases this is done via the suspended sentences that they are under for some of their previous actions.

[Edited 2013-04-12 12:35:01]
 
SKC
Posts: 162
Joined: Sat Oct 06, 2012 12:48 pm

RE: Hacker Says Phone App Could Hijack Plane

Sun Apr 14, 2013 12:36 pm

Quoting IBOAviator (Reply 24):
Ahha Yes! But I think in today's world, automation onboard modern airliners will always be a necessity.


A convenience and a means for fuel efficient flight, sure, but certainly not a necessity.
ALL views, opinions expressed are mine ONLY and are NOT representative of those shared by Southwest Airlines Co.
 
nightfox365
Posts: 49
Joined: Mon Jul 25, 2011 2:55 pm

RE: Hacker Says Phone App Could Hijack Plane

Sun Apr 14, 2013 11:49 pm

Quoting r2rho (Reply 21):
I wouldn't completely dismiss this as a trivial issue, as many seem to do...

While you can't 'take over' an aircraft from the ground, it remains that if the ACARS coms can be hacked, then fake ATC or company messages can be sent to aircrafts.

It could lead to potentially unsafe scenarios where an aircraft was instructed by a fake ATC message to climb, descend or turn into the path of traffic. By the time the real ATC figured it out, the maneuver would have long been initiated.

There are several lines of defense to cross before a disaster occured, one of which would be basic airmanship, common sense, and that eternal defiance and distrust of anyone on the ground that pilots have.

It's still a hole in one of the cheese slices and I'm hoping someone's working on it.

Problem with what you say is, pilots would check to see if such a change was authorised, secondly, ATC instructs pilots of their intentions to change their flight plan. Then they send the changes. I am also pretty sure, the pilots would realise that the flight plan that was sent to them is odd, and would then confirm it with ATC. So before any change of altitude or direction or speed, they would have gotten the answer they thought and would disregard such messages.
Flown on: bae146, bn2 islander, 741, A320, A321, A333, A332, MD80, 738, AT76, Cessna 150, Piper Cherokee.