mpdpilot
Topic Author
Posts: 715
Joined: Fri Jul 28, 2006 6:44 am

Hijacking Aircraft Computer Systems, Possible?

Thu Apr 11, 2013 1:24 pm

I found this article today, and I admit, I am a bit skeptical. With that in mind I am no expert on the matter and am curious what others think.

The article talks about how someone could hijack on board computer systems and take control of an airliner. It mentions that control could even be given to an app on an android phone. Read on to hear more about the details.

Hijacking Aircraft with an Android phone
One mile of highway gets you one mile, one mile of runway gets you anywhere.
 
bueb0g
Posts: 656
Joined: Fri Jul 02, 2010 5:57 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Thu Apr 11, 2013 3:40 pm

Possible, I guess... But screw around all you want with the FMS/ancilliary systems, the pilots can just turn the AP off and land at the nearest airport...
Roger roger, what's our vector, victor?
 
chuchoteur
Posts: 609
Joined: Tue Sep 12, 2006 9:17 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Thu Apr 11, 2013 7:47 pm

he may have used bits of actual hardware, but on the software side he used a pc simulated environment, which isn't the same as an actual architecture. He got ripped to bits in other articles (on Forbes in particular) where he admitted that an actual architecture has added features that means his mode of hacking wouldn't work.

He's plugging a software tool he developed that scans code lines for vulnerabilities. It may be a good product, but I doubt that going on stage with a presentation like that will impress a lot of people in the security industry....

http://www.forbes.com/sites/andygree...s-in-airplanes-navigation-systems/

[Edited 2013-04-11 12:49:57]
 
KELPkid
Posts: 5247
Joined: Wed Nov 02, 2005 5:33 am

RE: Hijacking Aircraft Computer Systems, Possible?

Thu Apr 11, 2013 7:57 pm

The flaws I see here:

Sure, if you built a (highly illegal) transmitter, you *could* broadcast your own ADS-B misinformation. However, both the guys in the pointy end of the bird and the guys at the TRACON have good old fashioned technology that will reveal the truth about what's going on. And as long as the aircraft is in VMC, a quick peek out the cockpit windows can help sort out misinformation. As long as VHF voice communications exist, it is relatively easy to know the truth  

I wasn't aware that ACARS could transmit messages to the FMS to cause alerts to go off? I thought ACARS was mostly for the aircraft self-reporting data back to the airline (like flight progress and equipment malfunctions)...I could see it used for things like automatically loading a flight plan from dispatch and transmitting that same flight plan to ATC...
Celebrating the birth of KELPkidJR on August 5, 2009 :-)
 
flyingturtle
Posts: 4778
Joined: Mon Oct 31, 2011 1:39 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Thu Apr 11, 2013 10:19 pm

http://www.scifiworld.es/imagenes/fotos/14439747_CRM114_01.jpg


Airlines routinely encrypt such ACARS messages in order not to give the competitors any hints about enroute weather, fuel consumption and such things.

IMHO, this thing could be easily patched, for example by technique called one-time pad. At the briefing, the captain is given a slip of paper with a handful of codes on it, while the dispatcher keeps an identical slip. And then, messages will only be trusted and loaded into the FMS if the message contains one of the codes on the slip.

Not hackable in any way, except somebody knows how to cheat sheer luck - or steals the slip.



David
Keeping calm is terrorism against those who want to live in fear.
 
User avatar
Starlionblue
Posts: 17212
Joined: Fri Feb 27, 2004 9:54 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Thu Apr 11, 2013 11:32 pm

Quoting flyingturtle (Reply 4):
MHO, this thing could be easily patched, for example by technique called one-time pad. At the briefing, the captain is given a slip of paper with a handful of codes on it, while the dispatcher keeps an identical slip. And then, messages will only be trusted and loaded into the FMS if the message contains one of the codes on the slip.

Paper? This is not the Napoleonic era.  Nowadays, one time pads are more easily implemented with electronic tokens that rotate codes.

"There are no stupid questions, but there are a lot of inquisitive idiots." - John Ringo
 
rcair1
Crew
Posts: 1143
Joined: Wed Oct 28, 2009 8:39 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Fri Apr 12, 2013 12:01 am

Quoting flyingturtle (Reply 4):
IMHO, this thing could be easily patched, for example by technique called one-time pad

Would the plane have the auto destruct button like the radio?
rcair1
 
roseflyer
Posts: 9606
Joined: Fri Feb 13, 2004 9:34 am

RE: Hijacking Aircraft Computer Systems, Possible?

Fri Apr 12, 2013 2:00 am

I don't quite understand what he is trying to do. He can hack into two transmitting functions of the airplane. Yes he can get transmitted messages such as acars, and then the flight parameters transmitted, but other than knowing where and what the p,and is doing, how does that help hijack an airplane. If he got into ARINC then he could do damage, but I am not sure what can be do e with ACARS.
If you have never designed an airplane part before, let the real designers do the work!
 
rwessel
Posts: 2448
Joined: Tue Jan 16, 2007 3:47 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Fri Apr 12, 2013 6:34 am

Quoting flyingturtle (Reply 4):
IMHO, this thing could be easily patched, for example by technique called one-time pad. At the briefing, the captain is given a slip of paper with a handful of codes on it, while the dispatcher keeps an identical slip. And then, messages will only be trusted and loaded into the FMS if the message contains one of the codes on the slip.

And after the captain exchanges a handful of short messages with the dispatcher, and uses all of the OTP, what then? Can't talk anymore?

Quoting Starlionblue (Reply 5):
Nowadays, one time pads are more easily implemented with electronic tokens that rotate codes.

A security token is nothing at all like an OTP.
 
User avatar
Starlionblue
Posts: 17212
Joined: Fri Feb 27, 2004 9:54 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Fri Apr 12, 2013 6:47 am

Quoting rwessel (Reply 8):
Quoting Starlionblue (Reply 5):
Nowadays, one time pads are more easily implemented with electronic tokens that rotate codes.

A security token is nothing at all like an OTP.

The authentication principle is the same, exactly like a paper OTP since a security token generates One Time Pads. In printed form you choose the correct code as requested by the party you wish to authenticate with. Security tokens come in various guises but for the simple one in the picture a new code is generated at set intervals. The server end knows the code that will be generated on the token at the time of authentication and can thus verify that the user has the correct token. This is know as a "time-synchronized OTP".

[Edited 2013-04-11 23:48:22]

[Edited 2013-04-11 23:48:56]

[Edited 2013-04-11 23:51:19]
"There are no stupid questions, but there are a lot of inquisitive idiots." - John Ringo
 
flyingturtle
Posts: 4778
Joined: Mon Oct 31, 2011 1:39 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Fri Apr 12, 2013 8:43 am

Quoting rcair1 (Reply 6):
Would the plane have the auto destruct button like the radio?

Of course. We're talking about modern aviation. 
Quoting rwessel (Reply 8):
And after the captain exchanges a handful of short messages with the dispatcher, and uses all of the OTP, what then? Can't talk anymore?

Depends on how many critical messages have to exchanged - they're not in the range of ten or twenty per flight. Basically, there are zero critical messages because the crew can always ask on HF or satellite phone for a confirmation if the new routing is dubious. And ATC will ask anyway when the routing looks strange.

But the principle stands that OTP is an extremely simple method to defeat such hacking attempts.


David
Keeping calm is terrorism against those who want to live in fear.
 
User avatar
Starlionblue
Posts: 17212
Joined: Fri Feb 27, 2004 9:54 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Fri Apr 12, 2013 8:51 am



Quoting flyingturtle (Reply 10):
But the principle stands that OTP is an extremely simple method to defeat such hacking attempts.

Indeed, and since it can be integrated into the systems it can be made completely transparent to the user.

Quoting rwessel (Reply 8):
And after the captain exchanges a handful of short messages with the dispatcher, and uses all of the OTP, what then? Can't talk anymore?

With electronic authentication, there is no limitation in practice.

Also:

Quoting flyingturtle (Reply 10):
Basically, there are zero critical messages because the crew can always ask on HF or satellite phone for a confirmation if the new routing is dubious. And ATC will ask anyway when the routing looks strange.


[Edited 2013-04-12 01:53:15]
"There are no stupid questions, but there are a lot of inquisitive idiots." - John Ringo
 
MD11Engineer
Posts: 13916
Joined: Sun Oct 26, 2003 5:25 am

RE: Hijacking Aircraft Computer Systems, Possible?

Fri Apr 12, 2013 9:02 am

Quoting flyingturtle (Reply 4):
Airlines routinely encrypt such ACARS messages in order not to give the competitors any hints about enroute weather, fuel consumption and such things.

Actually many airlines don´t worry too much about the competition getting those messages, but about pimply spotters or the press receiving ACARS messages and publishing them out of context.

Quoting rcair1 (Reply 6):
Quoting flyingturtle (Reply 4):
IMHO, this thing could be easily patched, for example by technique called one-time pad

Would the plane have the auto destruct button like the radio?

The picture shows an old military IFF transponder. These things often contained selfdestruct charges, which would explode or burn oif somebody unauthorised opened the housing to destroy critical compenents responsible for coding. The charge could also be activated by the pilot if he was forced to land or crash in enemy territory.

Jan
Je Suis Charlie et je suis Ahmet aussi
 
User avatar
airmagnac
Posts: 367
Joined: Wed Apr 18, 2012 10:24 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Fri Apr 12, 2013 9:40 am

Quoting MD11Engineer (Reply 12):
The picture shows an old military IFF transponder.


Actually, I believe it's a CRM-114, or How I learned to stop worrying and love communication systems  
My goal as an engineer is to fill my soul with coffee and become immortal
 
flyingturtle
Posts: 4778
Joined: Mon Oct 31, 2011 1:39 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Fri Apr 12, 2013 10:52 am

Quoting MD11Engineer (Reply 12):
The picture shows an old military IFF transponder. These things often contained selfdestruct charges, which would explode or burn oif somebody unauthorised opened the housing to destroy critical compenents responsible for coding. The charge could also be activated by the pilot if he was forced to land or crash in enemy territory.

It's not an IFF transponder. Though very credible, it was invented for a certain film airmagnac is referring to. In that Cold War satire, one central topic is how to authenticate messages sent to B-52 bombers. If somebody could fake them, one could start the end of the world with the push of a button.

Wikipedia:

"Lacking cooperation from the Pentagon in the making of the film, the set designers reconstructed the aircraft cockpit to the best of their ability by comparing the cockpit of a B-29 Superfortress and a single photograph of the cockpit of a B-52, and relating this to the geometry of the B-52's fuselage. The B-52 was state-of-the-art in the 1960s, and its cockpit was off-limits to the film crew. When some United States Air Force personnel were invited to view the reconstructed B-52 cockpit, they said that "it was absolutely correct, even to the little black box which was the CRM." It was so accurate that Kubrick was concerned whether Ken Adam's production design team had done all of their research legally, fearing a possible investigation by the FBI."

Are any B-52 air crew around here? I might have a few questions concerning this very thread.

David
Keeping calm is terrorism against those who want to live in fear.
 
rwessel
Posts: 2448
Joined: Tue Jan 16, 2007 3:47 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Sun Apr 14, 2013 7:36 am

Quoting Starlionblue (Reply 9):
Quoting rwessel (Reply 8):
Quoting Starlionblue (Reply 5):
Nowadays, one time pads are more easily implemented with electronic tokens that rotate codes.

A security token is nothing at all like an OTP.

The authentication principle is the same, exactly like a paper OTP

The use of an uncommon acronym (outside of marketing) and an the incorrect definition for the acronym (although the correct definition for the *common* use of the acronym), threw me.

Almost always, an OTP is a One Time *Pad*, which is a special type of cipher which has the interesting property that it's provably secure. It also has certain disadvantages, namely that no key material can ever be reused, all bits of the key are fully independent, and that the key has to be as long as the messaged being encoded. And in general authentication requires something in addition to the OTP.

A One Time *Password* is something rather different, and nobody technical in the industry uses the acronym OTP for that, since it has a much more common definition. marketing departments go their own way, however. Probably the (false) association with the unbreakable one-time-pad is "good" thing for marketing. In any event, while the traditional paper based one-time-password, when combined with fully independent passwords and no password reuse can manage a few of the same properties, although authentication is still probabilistic. Nor does any electronic security token implement the "fully independent" criteria (one could, by simply storing a large about of properly generated key material, and then emitting it a bit at a time, but I know of none that do - all of the ones out there are based on a cryptographically secure pseudo random number generator of some sort). Nor does a security token generate anything that could be remotely considered a one-time-*pad*.

A security token plus a password can provide a reasonable level of security, although passwords are compromised constantly (should this become common practice I guarantee we'll see passwords on a post-it on the panels of half the airliners out there), and several of the security tokens have been broken as well.

But yes, a password, plus a token, plus some certificate based authentication, if done properly, should be adequate. OTOH, given the dismal record of security on SCADA and similar systems, I'm not holding my breath for the "done properly" part.

At the end of the day, there are no authentication protocols that *prove* identity, although you can make it arbitrarily hard (or improbably) to fake an identity.
 
MD11Engineer
Posts: 13916
Joined: Sun Oct 26, 2003 5:25 am

RE: Hijacking Aircraft Computer Systems, Possible?

Sun Apr 14, 2013 8:19 pm

Quoting flyingturtle (Reply 14):
Quoting MD11Engineer (Reply 12):
The picture shows an old military IFF transponder. These things often contained selfdestruct charges, which would explode or burn oif somebody unauthorised opened the housing to destroy critical compenents responsible for coding. The charge could also be activated by the pilot if he was forced to land or crash in enemy territory.

It's not an IFF transponder. Though very credible, it was invented for a certain film airmagnac is referring to. In that Cold War satire, one central topic is how to authenticate messages sent to B-52 bombers. If somebody could fake them, one could start the end of the world with the push of a button.

Wikipedia:

"Lacking cooperation from the Pentagon in the making of the film, the set designers reconstructed the aircraft cockpit to the best of their ability by comparing the cockpit of a B-29 Superfortress and a single photograph of the cockpit of a B-52, and relating this to the geometry of the B-52's fuselage. The B-52 was state-of-the-art in the 1960s, and its cockpit was off-limits to the film crew. When some United States Air Force personnel were invited to view the reconstructed B-52 cockpit, they said that "it was absolutely correct, even to the little black box which was the CRM." It was so accurate that Kubrick was concerned whether Ken Adam's production design team had done all of their research legally, fearing a possible investigation by the FBI."

Are any B-52 air crew around here? I might have a few questions concerning this very thread.

David

My mistake. I worked on a T-33 and still have the manuals around. There the old maintenance manuals from the 1950s warned the mechanics from working on the IFF unless certain procedures have been carried out to prevent the selfdestruct charge in the IFF encoder from firing. E.g. the guys were not allowed to open the box.

Jan

[Edited 2013-04-14 13:22:46]
Je Suis Charlie et je suis Ahmet aussi
 
flyingturtle
Posts: 4778
Joined: Mon Oct 31, 2011 1:39 pm

RE: Hijacking Aircraft Computer Systems, Possible?

Mon Apr 15, 2013 9:02 am

Quoting MD11Engineer (Reply 16):

No problem, Sir.

The T-33 is my favourite aircraft in FlightGear.  


David
Keeping calm is terrorism against those who want to live in fear.

Who is online

Users browsing this forum: No registered users and 12 guests

Popular Searches On Airliners.net

Top Photos of Last:   24 Hours  •  48 Hours  •  7 Days  •  30 Days  •  180 Days  •  365 Days  •  All Time

Military Aircraft Every type from fighters to helicopters from air forces around the globe

Classic Airliners Props and jets from the good old days

Flight Decks Views from inside the cockpit

Aircraft Cabins Passenger cabin shots showing seat arrangements as well as cargo aircraft interior

Cargo Aircraft Pictures of great freighter aircraft

Government Aircraft Aircraft flying government officials

Helicopters Our large helicopter section. Both military and civil versions

Blimps / Airships Everything from the Goodyear blimp to the Zeppelin

Night Photos Beautiful shots taken while the sun is below the horizon

Accidents Accident, incident and crash related photos

Air to Air Photos taken by airborne photographers of airborne aircraft

Special Paint Schemes Aircraft painted in beautiful and original liveries

Airport Overviews Airport overviews from the air or ground

Tails and Winglets Tail and Winglet closeups with beautiful airline logos