GAO Warns FAA of Hacking Threat To Airliners

chicksdaddy writes: A report from the Government Accountability Office (GAO) warns that the U.S. Federal Aviation Administration may be failing to address cyber security vulnerabilities that could allow remote attacks on avionics systems needed to keep the plane airborne. In a report issued Tuesday (PDF), the GAO said, "significant security-control weaknesses remain that threaten the agency's ability to ensure the safe and uninterrupted operation of the national airspace system." Among those: a lack of clear certification for aircraft airworthy readiness that encompasses cyber security protections. That lapse could allow planes to fly with remotely exploitable vulnerabilities that could affect aircraft controls and guidance systems.

The GAO report did not provide details of any specific vulnerability affecting any specific aircraft. Rather, GAO cited FAA personnel and experts, saying that the possibility exists that "unauthorized individuals might access and compromise aircraft avionics systems," in part by moving between Internet-connected in-flight entertainment systems and critical avionics systems in the aircraft cabin.

Security researchers have long warned that hackers could jump from in-flight entertainment systems in the passenger cabin to cockpit avionics systems if airlines did not take proper precautions, such as so-called "air gapping" the networks. At last year's Black Hat Briefings, researcher Ruben Santamarta of IOActive demonstrated a method of hacking the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems.

Pilots will always be needed

[bughunter]

This is why the idea of remote overrides of pilot controls is a particularly BAD idea.

A trained, qualified pilot must always have last resort authority, over any automated system and preferably even over any "assisted" system, whether it be fly by wire, hydraulic, etc. If control can be taken out of his or her hands remotely, because someone (or something) on the ground doesn't agree with the pilot's judgement, I guarantee we'll see more disasters, not fewer.

The instances where intentional pilot misconduct or hijacking occur are few, but notorious. But the instances where human pilots in the cockpit handle minor emergencies that could easily have turned into deadly ones occur regularly and we seldom hear about most of them.

Case in point: Do you think an autopilot on the ground could have heard a stowaway baggage handler?

Re: Of Course It Is

[bobbied]

There are reasons they get connected. Many times the in-flight entertainment systems need to know things like the position, speed, altitude and heading to perform their assigned tasks. You want the entertainment system to be turned off below 10,000 feet AGL, or if you want the system to supply your customers a graphic that gives the position, speed, heading and accurate ETA then you need to get that information from the flight management system. I can imagine that it might be important to change how the data systems connect to the internet based on where the aircraft is (choosing the cheaper data path when it is in range) or use that data connection to report maintenance information to the airline's mechanics.

There are plenty of reasons the flight controls might not be totally air gapped from the in-flight entertainment systems.

Re:Of Course It Is

[hawguy]

However, if the systems are properly designed and firewalled and the software properly vetted, I believe that you can eliminate the chances of having a successful attack vector. The problem though is how to write regulations that can assure something doesn't get overlooked and how you could prove that to the GAO so they will get off the FAA's back...

Lots of companies have gotten hacked through their properly designed and firewalled network -- every software product (even firewalls) has security holes. The only sure way to isolate the avionics from the passenger network is to air gap it. Don't rely on a firewall - I really can't believe that an airgapped network is not standard practice.

MH370, for instance?

[sgt_doom]

Good-bye, Mr. Chips!

(Or, why that missing Malaysian Airlines MH370 is a really, really big deal --- besides the murder of 239 souls aboard.) Onboard flight MH370 were twenty employees of Freescale Semiconductor, a major microchip producer, owner of major fabrication facilities (referred to as foundries in the industry).

Back in 2012, some researchers at an institute connected with Cambridge University discovered a backdoor, at the hardware level, in the Actel/Microsemi chip used for military purposes, designed and manufactured by the Microsemi Corporation. What the authors didn’t mention in their highly technical paper was that these chips are also to be found in ARINC avionics (ACARS: Aircraft Communications and Addressing Reporting System, formerly known as ARINC Communications and Addressing Report System --- plus other avionics communications systems), transponders and the black boxes (flight data recorders, cockpit voice recorders, crash recorders, etc.).

Microsemi chips are produced at Freescale foundries, as well as Freescale chips are also to be found in ARINC avionics, transponders along with a wide range of other industry applications.

It is important to note that the owners of Freescale Semiconductors are the Blackstone Group, the major private equity/leveraged buyout (PE/LBO) firm, and the majority owner, and the Carlyle Group, another PE/LBO firm and a minority owner.

It is also important to note that ARINC (designer and manufacturer of major avionics systems (fly-by-wire) aboard Boeing and Airbus jets was until recently owned by the Carlyle Group, and a portion of ARINC still is, as they moved ARINC’s DoD division over to Booz Allen, the major government intelligence contractor (where Edward Snowden last worked in America), and also owned by the Carlyle Group.

Malaysian Airlines, which may have figured into it, was at that time partially owned by the hedge fund of Lord Jacob Rothschild, long an advisor to the aforementioned Blackstone Group.

The previously mentioned Microsemi Corporation, whose chips are backdoored, or compromised, is managed by James Peterson, CEO and board member. Peterson is one of the sons of Peter G. Peterson, founding member of the Blackstone Group.

Both the process of chipping (purposely introducing defects into chips for cryptographic penetration) and backdoors in chips, dates back to the late 1950s and 1960s.

When the U-2 spy plane was shot down over the Soviet Union, it contained chipped cryptographic communications gear, developed by the NSA at the instigation of the CIA, which the CIA hoped the Soviets would copy, allowing deep penetration by the NSA. Unfortunately, this was around the time of the real defection of two NSA employees (Martin and Mitchell), so after being given the coordinates of the U-2’s air route by previous “defector” Lee Oswald to allow the Soviets to shoot it down, they were now possibly savvy to the covert operation’s agenda.

The first major successful operation involving backdoored chips was supposed to have occurred in the 1980s, when an American industrial controls computer system (SCADA) was sold illegally through a Swiss firm to the Soviets, and resulted in a series of major explosions at their northern Baltic Sea naval installation (chips set to control maximum temperatures of fuels did the opposite).

When a group is seeking to compromise, and therefore control, both the Internet and a wide spectrum of computer hardware applications (communications, transportation, industrial, financial, etc.) the process of chip access is crucial, and to do that covertly it must be done at the chip fabrication point.

Hence the use of, and subsequent disposal (murder), of those Freescale Semiconductor engineers aboard flight MH370. Below is the youtube link to a video from a SAIConference (SAIC, is one of the two government intelligence contractors, the other being Booz Allen), the expert from University College Londo