GAO Warns FAA of Hacking Threat To Airliners

chicksdaddy writes: A report from the Government Accountability Office (GAO) warns that the U.S. Federal Aviation Administration may be failing to address cyber security vulnerabilities that could allow remote attacks on avionics systems needed to keep the plane airborne. In a report issued Tuesday (PDF), the GAO said, "significant security-control weaknesses remain that threaten the agency's ability to ensure the safe and uninterrupted operation of the national airspace system." Among those: a lack of clear certification for aircraft airworthy readiness that encompasses cyber security protections. That lapse could allow planes to fly with remotely exploitable vulnerabilities that could affect aircraft controls and guidance systems.

The GAO report did not provide details of any specific vulnerability affecting any specific aircraft. Rather, GAO cited FAA personnel and experts, saying that the possibility exists that "unauthorized individuals might access and compromise aircraft avionics systems," in part by moving between Internet-connected in-flight entertainment systems and critical avionics systems in the aircraft cabin.

Security researchers have long warned that hackers could jump from in-flight entertainment systems in the passenger cabin to cockpit avionics systems if airlines did not take proper precautions, such as so-called "air gapping" the networks. At last year's Black Hat Briefings, researcher Ruben Santamarta of IOActive demonstrated a method of hacking the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems.

Avoincs design is already robust.

TLDR: The current systems are already very good, but it wouldn't be bad to look at it also from a malicious perspective.

TFS is misleading. The airworthiness criteria currently do not address "hacking" or "malicious data." However, airworthiness criteria do require input validation on all inputs to all flight safety avionics systems. They also require continuous internal consistency checks, to protect from code changes, and strict segregation between all software on a processos and continuous validation of the state of each module. Further, almost all of the software is required to be strictly deterministic, and as such, no dynamic memory allocation occurs in flight critical and safety critical systems. Between this and the design procedures in RTCA DO-178, and the testing requirements, most avionics software is extremely hard to exploit.

Oh, and by the way, the complete lack of all of these is why current UAVs are not airworthy (the large military ones are close) and should not be allowed to fly near or over people. The UAV revolution will implode when they're held to the standards required for digital fly by wire airplanes and start costing as much as real airplanes.

Re:Of Course It Is

[bobbied]

Look, don't be so jaded about the aircraft industry... They are not the ones the GAO is going after...

This is about the FAA and the regulations they enforce when certifying aircraft are safe to fly, not about Boeing's CEO making more money or shareholders getting their profits by cutting safety corners. Where it MIGHT be a political issue, where Boeing hires lobbyists to try and get the rules the FAA enforces changed, it's not directly related to cutting corners for profits.

Of course the GAO is right, sort of.. The possibility exists for someone to hack the flight controls from the entertainment systems if they are connected in some way. However, if the systems are properly designed and firewalled and the software properly vetted, I believe that you can eliminate the chances of having a successful attack vector. The problem though is how to write regulations that can assure something doesn't get overlooked and how you could prove that to the GAO so they will get off the FAA's back...

Wisdom follows, pay attention!

Hello,

Here is some crushed FUD for thought:

- As long as pilots are in the cockpit, they can pull circuit breakers and then it's game over for Stuxnet worm or whatever e-threat. For example in the Airbus A-320 there are 3 or 4 (3 digital +1 analogue) flight control computers, depending on how old or new make the plane is. Their juice can be denied by breakers on the cockpit overhead panel, one-by-one. This is how the logic works:

- When all 3 digital flight computers run and agree about the situation, it is "normal law": pilot moves joystick, computers decide if it is both absolutely safe and comfortable to do so and when affirmative, execute the manouver.

- When only 2 computers run or 1 cpu has been voted out by the majority, it is "alternate law": pilot moves joystick, computers decide if it is reasonably safe to do so and if yes, execute the manouver (maximum pax comfort be damned and alpha floor stall protection is partially lost).

- When only 1 computer runs, it is "direct law": pilot moves joystick and the computer forwards the instruction to electro-hydraulic actuators, to execute the manouver in a brain-dead manner.
(Passanger comfort be damned and for safety, hope that the pilots are skilled and talented aviators who will keep the plane flying. That is not always a given for the younger generation, e.g. the button-pushers who crashed the AF flight 447. On the other hand, computer circuit breaker pulling, until reaching "direct law" was the very method which Lufthansa pilots followed for rescue when the speedometer of their A-320 froze up and confused computers wanted to send the plane into a never-ending descent under "normal law".)

- When 0 digital computers remain running (e.g. giant EMP from a nuke or nearby supernova) pilots would have somewhat limited tools remaining on the newer model year Airbus-320 planes, such as:

The foot pedals (rudder) are still mechanically connected with steel rope and pulley to the rudder sail in the tail, allowing turn to the left and right.
The trim-wheel is also mechanicall connected to the little adjustment tabs on the horizontal flying tail, allowing limited control of descent and climb.
Jet engines' power can also be controlled manually to allow for descend/climb and near-idle before landing (but without FADEC computerized help the pilots must be careful not to wreck the turbines with sudden moves on the thrust levers)
All this is a very tricky situation, therefore much drilled in flight simulator training!

- Unlike the Airbus A-320, the Boeing's B-737 is not fly-by-wire, as it is derived from an early 1960s design and big fleet customers, like Ryanair are outright banning Boeing from any innovation, not willing to spend a penny on pilot re-training!

This legacy-mania is how Helios airlines' B737 crashed: the pressurization to give breathable air at high altitude is completely under manual control on B-737 and activation is often forgotten. By the time the warning siren sounds at over 3000 meters altitude, pilots can be too mountain-sick to react properly in time and faint. A hungarian Malev airlines B-737 almost crashed under eerily similar circumstances a few years ago, so Helios was not a unique occurance. The landing gear is similarly full manual operation, that's how the polish wrecked a B-767 last year. Yet large fleet customers ban Boeing from improving ergonomy and foolproof-ness, not wanting to spend on any pilot re-training.

If it weren't for Airbus, Boeing would still be making airplanes with "swiss watch filled cockpit dashboards" because they carry a lot of legacy and the existing customer base / operators are very resistant to any change that would mandate personnel re-training. Glass cockpit (LCD screen) displays, electronic flight controls are all thanks to Airbus in the world of civilian aviation and Boeing is slowly following, due to the fuel economy benefits fly-by-wire and FADEC provide.

- The big problem is airlines no longer allow their pilots to fly general aviation (soa