Slashdot Mirror
Calling Out a GAO Report That Says In-Flight Wi-Fi Lets Hackers Access Avionics
An anonymous reader writes A new report from the U.S. Government Accountability Office (GAO) warns that in-flight W-Fi, including wireless entertainment and internet-based cockpit communications, may allow hackers to gain remote access to avionics systems and take over navigation. At the same time, a cyber expert and pilot called the report "deceiving" and said that "To imply that because IP is used for in-flight WiFi and also on the avionics networks means that you can automatically take over the avionics network makes about as much sense as saying you can take over the jet engines because they breathe air like the passengers and there is no air gap between passengers who touch the plane and the engines which are attached to the plane."
This is a dup story, so here's my dup comment:
See DefCon 22's avionics preso from 2014 to see what you can and can't do from a hacker's perspective.
https://www.defcon.org/images/...
(Since the summary doesn't even often a link or name...this MIGHT even be exactly what the submitter is talking about.)
So, Mr cyber Expert and Pilot, other than saying "nuh uh", do you have anything to suggest there is no chance of this?
We know people can hack air gaps, and if the in-flight wi-fi is at all connected to the electronics in the airplane, there's potentially a lot of attack vectors.
And since there is no actual article, just a summary which says some guy says it can't happen ... I call "bullshit" on the whole story.
Seriously, timothy, a link to a story or this is nothing more than innuendo.
Lost at C:>. Found at C.
Its a brand new concept called "crowd-piloting". The plane goes wherever its passengers feel to go. Very nice!
I mean to say there is a potential air gap with 2.4GHz and bluetooth and who knows what else if someone's laptop or smartphone was hacked remotely. But the cockpit door is RF shielded so that's the end of that.
:)
Do the two networks share a piece of networking equipment at any point on the plane? Is it just two subnets with a [buggy] firewall between them?
This report is just a warning, then CNN gets it and asks broad questions "could someone do this??" and an expert who hasn't seen the architecture says, "sure, it could happen". He wants to say "but, in the real world, no!", of course the CNN anchor cut him off. It is possible that the pilots iPad may be connected to the passenger cabin WiFi if the pilot was connected earlier, but forgot to switch over. Connecting the iPad to the aircraft will only bring in power, nothing else. There is no way to control the autopilot from the iPad, no way to reroute the plane from the iPad.
Most connected aircraft will have two routes to the ground, the cockpit and the IFE (passenger cabin). There are many documents about the thoughts that the manufacturers have. Firewalls are good, and may be used in some cases, but so far that is rare.
I know no one reads TFA, but is there TFA? Or is this simply an anonymous submission referring to an anonymous cyber expert and pilot?
If there's no air gap between the passengers and the engines on your flights, then I'll take another flight please.
https://www.eff.org/https-everywhere
I am sure in-flight Wi-Fi can be used by pedophiles to watch child porn! And by terrorists to plan terror attacks!!!
OMG!! We must ban it
Pilot: US Government Claims Of Plane Wi-Fi Hacking Wrong And Irresponsible
I am Slashdot. Are you Slashdot as well?
poorly implemented In-flight W-Fi, including wireless entertainment and internet-based cockpit communications, may allow hackers to gain remote access to avionics systems and take over navigation
There fixed that for them.
Running them on entirely separate IP-based networks would prevent it being a possibility. Coupled with secure software and firewalls for good measure, just in case.
There's a risk if everything is on the same network, but there's absolutely no reason it would need to be.
Mod this up - Seriously, if you're at all thinking this stuff might be possible read the paper for a good analysis of what is and isn't possible. (hint: your probably more at risk from signals outside of the plane then from someone inside it, and not all that much risk (for now) even then.)
Min
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
No its really the internet tubes that cause drag and could cause the plane to stall. If this were true, how come the GAO is not feverishly contacting the FAA and asking why public in flight WiFi is piggy backing on aircraft avionics? I'm no expert on aircraft engineering, but this does not even sound remotely feasible.
Is warning me that $DEVICE that can kill hundreds of people if hacked is insecure.
Oh, the horror!!!
At the very least, I'd expect a VLAN.
In actuality, I'd expect disparate, unconnected systems possibly even running in separated VLANs and subnets with IPS on the avionics controls JUST IN CASE.
Given that avionics are used to dealing with highly technological and highly critical systems, I think I could trust them to not mess it up. Especially if it in any way could even theoretically allow a possibility for an attacker to affect a flight path.
Airport security, the guy loading my luggage, or the guest wifi in the lounge? Yeah, separate problem with trust in question. But on-board wifi? I'd be damned if you could send a single packet from the wifi to the avionics even in theory.
Seriously, if you're at all thinking this stuff might be possible...
Perhaps Jeff Goldblum can upload a virus that makes an animated skull and cross-bones appear on the pilot's view screen - "ar, ar, ar" - 'cause he did it in Independence Day - to an *alien* space ship. Why would human airships be any less secure? It's possible, just not very probable...
It must have been something you assimilated. . . .
I think this is quite obvious to most engineers that have worked on safety critical systems. This whole issue is just about creating fear so some security consulting firms can make extra money. It is a tried and true method.
Every time there is an energy crisis I see a new guy on TV who has 'invented' a water powered car and just needs some money to commercialise it. Every time. They all do the same thing, have some technobabble, accept a challenge to be black-box tested by a professor at a reputable university, who writes an overly technical report explaining why it is rubbish, and then they add 'tested by the University of XXX' to their prospective to elicit even more money. It is the same formula and it works every time.
Your understanding of avionics design is non-existant. First, avionics are designed rigorously, unlike damn near everything else. All input is validated. All software is validated. Each module running on a processor is segregated in software, and routine code and state validation checks are done to protect from code tampering. In fact, most systems do not dynamically allocate memory and memory allocation is disabled in firmware. The stack is protected from buffer overflows in a couple of ways, and the software is rigorously tested to certify it's behavior against bad inputs. Aditionally RTCA DO-178B/C specific design procedures that lead to robust design.
TL;DR: Avioncs software is very well hardened.
If you're talking about passengers and engines breathing air, then any separation wouldn't be an air gap.
The separation we have now is an aluminum and plastic gap. And it works.
No seriously, the radio is not connected to the computer system, the comptuer system is extremely conservative by many standard and is not connected to the in flight wifi. You cannot have an air-gap attack without a microphone or similar device.
The gao report is a complete nonsense and was laughed out by all technical people involved in the computer system of airplane or in flight entertainment.
"So, Mr cyber Expert and Pilot, other than saying "nuh uh", do you have anything to suggest there is no chance of this?"
Aside complete network separation and absence of microphone ? Really guys sometimes there is absolutely NOTHING about threat reports.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Mod parent down. I attended the presentation in person. The presenter is full of shit.
He based his presentation on flight simulators and utter conjecture. Flight simulators do not model the internal workings of an airplane, but rather the flight characteristics. You can't learn how the internals work without any reference to the internals. The guy made claims about things that just aren't true. He also spread a lot of FUD - "isn't it scary that landing times are on the Internet? What evil things could I do with that?!?" Idiot. Flight plans have to be public, because they're offering travel to the public. If you don't know when the plane lands, you can't schedule a ride from family. If they don't know when it lands, they can't schedule their pickup of you.
The 'hacker' that presented that tripe doesn't know what he's talking about.
This story is just a slashvertisement.
The story linked (now linked in the summary) is to a guy making silly ignorant statements about how the GAO is wrong but in such a vague way that I can safely say the guy making these silly comments is wrong. He's arrogantly implying that no aircraft can be hacked because they never make any mistakes and use separate systems and a special software device (thats not a firewall!) that acts as a firewall and doesn't let the two connected networks communicate with each other ...
Also he seems to think that engines 'breath' air, and that the air inside the cabin of an airliner is not at all isolated from the air that goes into the engines.
In short, the summary refers to an article written by someone that claims to be a security expert AND pilot while at the same time making incredibly stupidly inaccurate blanket statements that any useful security officer and certainly any pilot know are too broad and vague to be true or just flat out wrong.
There most certainly IS a firewall between the passengers and the engines on commercial jet aircraft, otherwise the people would die at 30k feet. The fact that he claims to be a pilot and then claims there is no separation between the cabin and exterior is just scary.
And claiming that this other special box ... that acts as a firewall ... but since they gave it another name, its not actually a firewall, so therefor its not possible to be hacked and bypassed.
The reality of it is, what the GAO said IS TRUE. IT IS possible that 'hackers' MIGHT be able to cross the network boundaries if they are physically connected, anyone who claims this is not true knows absolutely nothing about IT security or security on complex systems in general. You work really hard to prevent it, and make certain design decisions to make it hard to cross that gap, but the instant they are connected, you've created the possibility. You can't honestly claim that your network is 100% secure and impeneratble which is what this guy is trying to claim ... about aircraft that he's never had anything to do with, never seen, knows nothing about the internal operation of ... just because he's a pilot doesn't make him suddenly privy to private information internal to Airbus or Boeing.
Once again, I repeat, this is nothing but a shitty slashvertisement. They probably paid timothy to post it to the front page, which explains why it was done in such a hurry the first time and didn't even have a fucking link in it.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
It's the same for all the hype over car systems. EVERY SINGLE EXAMPLE they have to install hardware to get access to the data interface.
So yes Terrorists can take over the airplane from their cellphones if the flight crew let them into the maintenance areas and help them install several specialized devices that give them access.
The terrorists need to make appointments so they can make sure that avionics technicians are on hand to help them
Do not look at laser with remaining good eye.
We also have been running out of IPV4 space for over a decade now. we will run out any day now.....
Hackers have a better chance of deorbiting a satellite and hitting the aircraft while it is in flight than they do taking it over from the in flight wifi.
Do not look at laser with remaining good eye.
1. My First Ever Post, please go easy
2. I'm an aircraft engineer with about 12 years in the industry with experience of small and large jets, with both the big orange airline in Europe and the "other" british long haul carrier based at Heathrow.
The WiFi system on board arrives at the plane via a dedicated satellite reciever designed for the specific task of internet connectivity. From there it plugs into the In Flight Entertainment system and the signal is projected via specially designed wifi routers that allow passengers to connect. At no point do the IFE system and the Avionics systems inter-connect physically. Furthermore, the IFE computers are actually stored under each row of seats and drive that row's IFE. Ever kicked that steel box under the end row? Thats the IFE controller for your row.
The avionics systems are connected using an ARINC 429 system - http://en.wikipedia.org/wiki/ARINC_429. This is similar to a home network, but extremely specialised and focused on the job at hand. You cannot hack the IFE system and "get" into the Avionics. Yes, "Air Gap" hacking has been proven. Thats on computers that are next to eachother, not sat 100+' away through aluminium floor supports and all the other cabin interior. Who ever wrote the subject article has clearly never looked at the technicalities of what he is suggesting.
Thanks
I didn't know jet engines were this unsafe. I'm only flying turboprop henceforth.
It's FALLING!!
about coordinated attacks leveraging onboard wifi.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
I will not have networked computers on this ship!
These are not IP networks they are Ethernet networks which means they are susceptible to ARP Spoofing attacks and other Ethernet tricks
Is how do you explain this to the sheep without coming across as condescending.... see what I did there?
"If any question why we died, Tell them because our fathers lied."
Flight plans have to be public, because they're offering travel to the public. If you don't know when the plane lands, you can't schedule a ride from family.
While the two kinds of data are similar, they are not identical.
The flight schedule has to be online for the reasons you gave. But the flight schedule is not the flight plan, and the times can differ by a significant amount. Every time you've arrived or left early or late, you're comparing your watch to the scheduled time. The flight plan will be much more accurate and be based on existing conditions.
For example, the "book" time for a United flight from PDX (Portland OR) to ORD (Orchard, I mean O'Hare Chicago) is 3 hours 55 minutes. Depending on the position of the jetstream and other winds aloft, the flight can take as little as 3 hours 20 minutes. The flight plan will take into account the jetstream; the schedule does not.
But the engineers checking airplane safety aren't computer netwrok security experts. I really worry that the systems interconnected somewhere or shared some components they assumed safe. Automobiles got them mingled already.
Fortunately pilots are less likely to do it to themselves then drivers are :).
http://jalopnik.com/progressiv...
Min
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
Yep, it's possible. There's a couple of places listed in the talk that a skilled enough attacker could maybe make inroads, but the probability is limited by the fact that the networks speak VASTLY different networking protocols. Jeff *might* be able to infect the network bridge on a couple of specific airplane models.
Of course, if it's Bruce Schneier, just let him into the cockpit and give him the flight yoke, it'll be slower :)
Min
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
This is next weeks episode of CSI:CYBER - they're looking for opinions to see if they can improve realism. Or maybe its a story board for Scorpion. Either way - mildly entertaining. ;P
"i lost my dignity on a slippery wiener"
You are correct (same AC as before). I erred when i said 'flight plan'. That should have read 'flight times'.
Unless they have a malicious actor that bridges the two networks during a maintenance operation. That was the GAO's issue -- yea, they're essentially air-gapped, but in the same server cabinet. A 1' piece of ethernet cabling bridging them and now you have a pretty good chance. There's a good reason why DOD requires 1m+ separation between air-gapped systems and ridiculously clear labeling and instructions, and different cables colors. Because before they were doing that, there was a high preponderance of just such stupidity. The only way they solved it was by adding a huge airgap between all cabling and connectors, which I don't believe is done on planes.
Now not to say that this isn't easy or that there aren't other protections -- but the point that if those networks somehow get bridged, then in some instances you could potentially have wireless access to Command and Control of the plane is likely a true statement.
Human airships would be more secure. They don't have the ability to recompile untrusted PowerPC code.
As soon as people start talking about what "hackers" might or might not do you really can stop reading.
The GAO report is actually about the cybersecurity of the FAA. The comment about security on the airplane actually starts out by explicitly pointing out that this isn't a problem right now. It MIGHT become one in the future and they aren't satisfied with how the FAA would deal with hybrid system in modern planes. This entire blogpost is a bullshit response to a rather good report.
The GAO simply wants the FAA to increase their cybersecurity. I don't think that is a big problem.
The 777 is unique in its vulnerability to precisely what you mention. The avionics bay access hatch is conveniently next to the toilet but behind a corner. An anonymous youtube poster who claims to be a pilot recorded a video when flying as a passenger to draw attention to this in the wake of MH370 and showed how he during a flight could get in and out of the avionics bay through that hatch with nobody noticing. Most people on board were sleeping and those who saw him, presumably thought he was just going to the toilet. The first thing to address this problem which no other plane has would be to put a fucking lock on that hatch and keep the key in the cockpit. Currently, two people with nefarious intentions can do anything to a 777 that can be done with access to the avionics and the right know-how. One just has to "stand in line" to the toilet and the other can fiddle undisturbed with all aircraft electronics. Thus I consider precisely such a "hijacking" one of the more plausible scenarios in the case of MH370. And the issue has still not been addressed.
The video was first linked to on pprune but might be unlisted and the thread is long so I can't find it but will post again, if I do find it.
True - ISP level NAT is getting more and more common with some switching customers to IPv6 only and providing a NAT bridge to sites that need IPv4
a special software device (thats not a firewall!) that acts as a firewall
A firewall is a special software device. There are lots of Linux firewalls out there and other purely software firewalls. Aside from protecting against electrical attacks, there is little that can be done to a software firewall that will be different from what can be done to a software firewall. I remember cracking open a Cisco PIX and seeing a bog-standard Intel wireless card plugged into the motherboard that was running an Intel Pentium CPU. But that relatively-standard PC is called a "hardware firewall" by most (and by "most" I mean "all", except for those who would lie to try to prove a point on Slashdot).
Also he seems to think that engines 'breath' air, and that the air inside the cabin of an airliner is not at all isolated from the air that goes into the engines.
"Breathe" The process to take in and expel air.
How is that not what an engine does? And he never said the air in the cabin was not isolated from the engines, but that stating to physically close networks that run over similar protocols are inherently connectable is silly, as silly as saying that a human can hack an engine while strapped into a seat because both the human and the engine take in and expel air.
The reality of it is, what the GAO said IS TRUE.
Yes, the useless GAO report says that "no security is 100%". There is no assessment of risk, recommended changes, or other useful statements being reported from the GAO report. Just FUD.
Learn to love Alaska
Until one understands all the ARINC systems aboard, both the Boeing 777 and Airbus, and the satellites (including the Inmarsat satellites), and the avionics systems at control towers are ARTCCs and earth ground stations and VSATS, and the Microsemi FPGAs installed, and the Freescale chips, etc., and the report on the backdoored Actel/Microsemi chips, etc., this nebulous talk is all soooooo much bullcrap from the yahoos. With hardware trojans and hardware malware pre-installed, especially in any or all of the 1,000Microsemi FPGAs onboard a Boeing 777, plus other ARINC items, one cannot begin to fathom just how easy it is for the guilty parties to hack this and other avionics systems, and all others with such chips, etc.
You saw an article with simplistic pull quotes -- don't assume that's all there is.
Airliners avionics are comparatively stone age. This is not all bad. The connection between the two is one way - out.
Could someone be contemplating a linux based glass panel display that you can e-mail your flight plan to? Yes. Do private pilots often rely upon ipads for display even in IFR conditions -- probably yes. Can those instruments (both the theoretical and the actual) be compromised? Yes.
Are airliners flying that way? I highly doubt it.
Private pilots use ipads or android tablets because they are orders of magnitued cheaper, and have much better user interfaces. A Garmin GTN750 (GPS with map and waypoint database with Comm and Nav radios) is about $20,000 installed - a G500 Glass panel (Attitude inticator, altimeter, navigation display, maps, etc) is about the same ($20k installed) A tablet $500 and an Ilevil AHRS ($1000) + ADS-B receiver ($600) duplicate many / most of those functions, and add a few (No comm/nav radios and guidance - but you get traffic and weather on your device) We're allowed to use these toys, but not RELY upon them. Most commercial pilots are doing milk runs, and are largely following ATC instructions rather than finding their own way. ATC talk to the planes via analog radio transmissions -- My fear for "hijacking" would be based upon taking out a controller's radio antenna and hopping on a radio to give bogus directions. That could be deadly -- and ADB-in receivers could give them info about what to do.
I think a warning to keep things segmented as much as they are is warranted, the scare that they will p0wn the flightdeck is not really believable.
In the car, "hardware" could be the car radio, which likely speaks both bluetooth and canbus. Don't expect car radios to have a lot of security.
It may not have been done yet, but it's only a question of time.
I have been in the aerospace business for many years and have designed avionics (both hardware and software) systems that are used on manned aircraft and also on unmanned military platforms (different systems, of course). There is ZERO chance that ANY of these wild-eyed lunatic claims by "researchers" are EVER true. First, the critical systems are NOT even linked to systems the passengers are accessing. Second, no software unrelated to the flight software is allowed on the cockpit systems (so there ARE no "backdoors", etc). Third, you will not be permitted to even deply the avionics software until you have PROVEN, LINE-BY-LINE that the code allows no buffer overruns or other sloppy garbage that permits common exploits on consumer systems. Hell, you even have to prove full traceability between the source code and the binaries. You cannot get the hardware approved for installation into the aircraft withou full reviews that would expose any hardware exploitation path (the reviews are not for that ppurpose, but they expose any weakness in the architecture and hardware and any unnecessary stuff that should not be there. These claims always play on the ignorance of the masses, as well as everybody's personal experiences with flakey consumer-grade hardware or software in which there is no regulation or oversignt and developer sloppiness fuelled by Mountain Dew-fuelled all-nighters, colliding with management-orderred ship-by dates are commonplace.
It's hard enough to get the necessary hardware and software approved; NOBODY in the business is going to put extra hardware or software in place that permits an attack vector (not because they are fending off hackers but because it's too expensive and time consuming to get each bit of circuit and each line of code reviewd and approved). I call COMPLETE AND UTTER BULL on ANY claims of explaitable avionics.... this stuff is almost always pumped out by professors and "security experts" who are cashing-in on their claims by convincing gullible stupid paranoid people that they need more research grants or that THEY have the expensive "fixes" for these fake would-be problems.
> Flight simulators do not model the internal workings of an airplane, but rather the flight characteristics.
Do you know that for a fact? I am not familiar at all with flight simulators, but I am familiar with car and motorcycle simulation software such as computer games. The reason I am asking you this is because some of these do emulate the internal workings of the cars, to the point that, after a race, you can generate the exact telemetry log file that the real thing would generate, in the very same format used by major race ECU manufacturers such as Motec. I know for a fact that this feature is being used by professional race teams at present day. The guy in charge for the telemetry system in a bike team told me this became a common feature in specific software some time in the '90s.
Like I said, I do not know about flight simulators, but I would presume they do a bit of both (flight characteristics / internal workings), and I would be surprised if they are significantly behind car and motorcycle simulators in terms of technology.
Awe shit. Didn't think of Jeff Goldblum. Now I won't be able to fly ever again without Valium.