Slashdot Mirror

← Back to Stories (view on slashdot.org)

Calling Out a GAO Report That Says In-Flight Wi-Fi Lets Hackers Access Avionics

Posted by timothy on from the this-postcard-is-just-an-atom-bomb dept.

An anonymous reader writes A new report from the U.S. Government Accountability Office (GAO) warns that in-flight W-Fi, including wireless entertainment and internet-based cockpit communications, may allow hackers to gain remote access to avionics systems and take over navigation. At the same time, a cyber expert and pilot called the report "deceiving" and said that "To imply that because IP is used for in-flight WiFi and also on the avionics networks means that you can automatically take over the avionics network makes about as much sense as saying you can take over the jet engines because they breathe air like the passengers and there is no air gap between passengers who touch the plane and the engines which are attached to the plane."

24 of 113 comments (clear)

  1. Kind of a dup, but here's a link that explains it by xxxJonBoyxxx · · Score: 5, Informative

    This is a dup story, so here's my dup comment:
    See DefCon 22's avionics preso from 2014 to see what you can and can't do from a hacker's perspective.
    https://www.defcon.org/images/...
    (Since the summary doesn't even often a link or name...this MIGHT even be exactly what the submitter is talking about.)

  2. Hmmm .... by gstoddart · · Score: 4, Insightful

    So, Mr cyber Expert and Pilot, other than saying "nuh uh", do you have anything to suggest there is no chance of this?

    We know people can hack air gaps, and if the in-flight wi-fi is at all connected to the electronics in the airplane, there's potentially a lot of attack vectors.

    And since there is no actual article, just a summary which says some guy says it can't happen ... I call "bullshit" on the whole story.

    Seriously, timothy, a link to a story or this is nothing more than innuendo.

    --
    Lost at C:>. Found at C.
    1. Re:Hmmm .... by st2434 · · Score: 2

      The story isn't saying that there's absolutely no way to hack a plane. Rather, there was a GAO report released saying that in-flight Wi-Fi and entertainment can be used to hack into avionics systems and take over autopilot, and this other expert is saying "that's bullshit."

    2. Re:Hmmm .... by Em+Adespoton · · Score: 4, Informative

      https://www.defcon.org/images/...

      Different physical network. Someone in GAO misread the original report.

    3. Re:Hmmm .... by ledow · · Score: 5, Insightful

      You know that little screen they put in the back of the seats? Do you think they're stupid enough to cable that into the engine management?

      The air-phones? Do you think they're stupid enough to just tie that into the cockpit comms?

      When you're talking life-dependent systems (which pretty much no-one here will ever have to deal with and certify, which is why all your electronics ALL say that it's not to be used in life-support devices etc.) like airbag deployment and plane avionics, it's heavily regulated, heavily specified, heavily tested and heavily scrutinised. Rarely does a aircraft system specified on the "jumbo jet" level do anything more than exactly what it's designed to do. Plane crashes are caused by outside influences, human input overriding the computer and by DESIGN decisions, not software failure because someone forgot to renew the licence of two DHCP servers fought over who assigned IP's to the engines.

      It's an entirely different class of system that you want to hope that you never have to deal with. That's WHY large planes cost HUNDREDS of millions of dollars and you have to train for decades to be allowed near the switches - even if you're servicing them.

      And, no, VLAN's would never operate in a system like that and if they did they'd be proven-safe mathematically and, hell, even my cheap commodity switches only respond to management requests on the management VLAN and no other.

      They is why the guy responding is so clear on this. It's just not done. Ever. If you change a cable, or a panel, or redesign a bit of hatchway, or push out a software upgrade for a commercial airliner, it takes hundreds of people checking it, re-certification of the end-result, testing and all sorts.

    4. Re:Hmmm .... by grimmjeeper · · Score: 3, Interesting

      As someone who has spent a great deal of his career in avionics design, both civilian and military, I fully agree.

      Avionics computers are not PCs running linux or windows. They don't have generic user level applications. They are custom designed, custom built hardware with very specifically chosen components to do the specific job at hand. The application software is pretty much entirely custom. As far as operating systems, many still run home grown schedulers that provide a bare minimum of services. Only in the last 15 years or so have they even started using off the shelf operating systems and so forth. Even then, it's usually something like VxWorks or Green Hills Integrity or some other RTOS like that. But they have to use versions of the operating systems that conform to ARINC 653. And while ethernet has started appearing on modern systems, it's use is highly specialized. They may put an IP stack on the box to facilitate getting packets from one box to another but the content of the packets are very highly specialized and they are carefully scrutinized before they are accepted and acted upon. Not to prevent hacking but to prevent "undefined behavior". Safety requirements mandate that they carefully inspect packets coming in and drop out of spec packets according to the rules established long before the first line of code got written. Not because they're trying to prevent hacking. It's because accepting unexpected and out-of-spec data can lead to problems that make the plane hit the ground. The anti-hacking capabilities are a side effect of that scrutiny.

      But even if you could get your packets into these specialized computers, how do you think you're going to hijack the box and spawn your malicious task that takes over? Like I said before, these computers aren't just PCs running Linux. They're custom built computers with an RTOS that very carefully and very deliberately partition the box to prevent tasks from corrupting each other or the operating system. And each task very specifically inspects every packet coming in before using the data so things like buffer overruns and what not simply won't work. So crafting the right kind of packet to allow you to insert your malicious code is more difficult by many orders of magnitude. Beyond that, you are extraordinarily unlikely to find a random port being open that gives you access to the OS core. That's a safety issue so it's checked before the computer can get FAA certification. The only ports available to be used are the ones that are needed and specified.

      Is it 100% provable that you can't hack into the systems? No. But it's so monumentally unlikely as to be effectively impossible. Are there some systems out there that had vulnerable code make it through certification? More than likely. But even so, the threshold for making it through FAA certification is high enough that even bad code that slips through is far less vulnerable than most everything out on the commercial market.

  3. New concept by courteaudotbiz · · Score: 4, Funny

    Its a brand new concept called "crowd-piloting". The plane goes wherever its passengers feel to go. Very nice!

    1. Re:New concept by snookiex · · Score: 2

      And it totally redefines the concept of "cloud services".

      --
      Open Source Network Inventory for the masses! Kuwaiba
  4. ICAO, RTCA and Avionics manufacturers are thinking by cozytom · · Score: 2

    This report is just a warning, then CNN gets it and asks broad questions "could someone do this??" and an expert who hasn't seen the architecture says, "sure, it could happen". He wants to say "but, in the real world, no!", of course the CNN anchor cut him off. It is possible that the pilots iPad may be connected to the passenger cabin WiFi if the pilot was connected earlier, but forgot to switch over. Connecting the iPad to the aircraft will only bring in power, nothing else. There is no way to control the autopilot from the iPad, no way to reroute the plane from the iPad.

    Most connected aircraft will have two routes to the ground, the cockpit and the IFE (passenger cabin). There are many documents about the thoughts that the manufacturers have. Firewalls are good, and may be used in some cases, but so far that is rare.

  5. Re:Didn't read TFA by courteaudotbiz · · Score: 2

    Well, since no one RTFA, there are no more FA posted on /.

    Twice in 2 days. Good job /.

  6. Uhh by StikyPad · · Score: 4, Insightful

    If there's no air gap between the passengers and the engines on your flights, then I'll take another flight please.

    --
    https://www.eff.org/https-everywhere
  7. A Cloud Security Company by rodrigoandrade · · Score: 2

    Is warning me that $DEVICE that can kill hundreds of people if hacked is insecure.

    Oh, the horror!!!

  8. Sigh by ledow · · Score: 2

    At the very least, I'd expect a VLAN.

    In actuality, I'd expect disparate, unconnected systems possibly even running in separated VLANs and subnets with IPS on the avionics controls JUST IN CASE.

    Given that avionics are used to dealing with highly technological and highly critical systems, I think I could trust them to not mess it up. Especially if it in any way could even theoretically allow a possibility for an attacker to affect a flight path.

    Airport security, the guy loading my luggage, or the guest wifi in the lounge? Yeah, separate problem with trust in question. But on-board wifi? I'd be damned if you could send a single packet from the wifi to the avionics even in theory.

  9. Re:Kind of a dup, but here's a link that explains by monkeyxpress · · Score: 2

    I think this is quite obvious to most engineers that have worked on safety critical systems. This whole issue is just about creating fear so some security consulting firms can make extra money. It is a tried and true method.

    Every time there is an energy crisis I see a new guy on TV who has 'invented' a water powered car and just needs some money to commercialise it. Every time. They all do the same thing, have some technobabble, accept a challenge to be black-box tested by a professor at a reputable university, who writes an overly technical report explaining why it is rubbish, and then they add 'tested by the University of XXX' to their prospective to elicit even more money. It is the same formula and it works every time.

  10. Re:Are the two networks truly separated? by Overzeetop · · Score: 2

    We do, but this aero doesn't do all that electrons stuff. I deal with the magic that makes thousands of pounds magically levitate; it's the EEs that magically make disembodied human voices come out of nowhere and blinky lights obey the commands of hidden daemons. ;-)

    --
    Is it just my observation, or are there way too many stupid people in the world?
  11. Re:all in the implementation by tlhIngan · · Score: 2

    Oh for fuck's sake.. it's very simple: Avionics need to be on a physically separate network from everything else, preferably encrypted. If there was 'air gap hacking' going on or even possible, wouldn't we have seen it long before now? Wouldn't an intelligent, capable, well-organized, well-thought-out terrorist (yes, Virginia, they do exist) have found a way to sneak the equipment necessary aboard a flight and implemented his hack, taken control of the plane?

    Exactly.

    And yes, it's possible to "break through" the airgap - cellphones are known to cause EMI issues with certain equipment on certain planes (e.g., lose GPS lock, increase INS errors, cause drift in the heading indicators, etc).

    If you really wanted to cause problems, I'd go with a broadband transmitter that causes EMI in the airgapped control network more so than trying to hack it through in-flight WiFi.

  12. There is no microphone in an airplane by aepervius · · Score: 2

    No seriously, the radio is not connected to the computer system, the comptuer system is extremely conservative by many standard and is not connected to the in flight wifi. You cannot have an air-gap attack without a microphone or similar device.

    The gao report is a complete nonsense and was laughed out by all technical people involved in the computer system of airplane or in flight entertainment.
     
    "So, Mr cyber Expert and Pilot, other than saying "nuh uh", do you have anything to suggest there is no chance of this?"
      Aside complete network separation and absence of microphone ? Really guys sometimes there is absolutely NOTHING about threat reports.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  13. Re:Kind of a dup, but here's a link that explains by Anonymous Coward · · Score: 5, Informative

    Mod parent down. I attended the presentation in person. The presenter is full of shit.

    He based his presentation on flight simulators and utter conjecture. Flight simulators do not model the internal workings of an airplane, but rather the flight characteristics. You can't learn how the internals work without any reference to the internals. The guy made claims about things that just aren't true. He also spread a lot of FUD - "isn't it scary that landing times are on the Internet? What evil things could I do with that?!?" Idiot. Flight plans have to be public, because they're offering travel to the public. If you don't know when the plane lands, you can't schedule a ride from family. If they don't know when it lands, they can't schedule their pickup of you.

    The 'hacker' that presented that tripe doesn't know what he's talking about.

  14. Re:Kind of a dup, but here's a link that explains by BitZtream · · Score: 4, Interesting

    This story is just a slashvertisement.

    The story linked (now linked in the summary) is to a guy making silly ignorant statements about how the GAO is wrong but in such a vague way that I can safely say the guy making these silly comments is wrong. He's arrogantly implying that no aircraft can be hacked because they never make any mistakes and use separate systems and a special software device (thats not a firewall!) that acts as a firewall and doesn't let the two connected networks communicate with each other ...

    Also he seems to think that engines 'breath' air, and that the air inside the cabin of an airliner is not at all isolated from the air that goes into the engines.

    In short, the summary refers to an article written by someone that claims to be a security expert AND pilot while at the same time making incredibly stupidly inaccurate blanket statements that any useful security officer and certainly any pilot know are too broad and vague to be true or just flat out wrong.

    There most certainly IS a firewall between the passengers and the engines on commercial jet aircraft, otherwise the people would die at 30k feet. The fact that he claims to be a pilot and then claims there is no separation between the cabin and exterior is just scary.

    And claiming that this other special box ... that acts as a firewall ... but since they gave it another name, its not actually a firewall, so therefor its not possible to be hacked and bypassed.

    The reality of it is, what the GAO said IS TRUE. IT IS possible that 'hackers' MIGHT be able to cross the network boundaries if they are physically connected, anyone who claims this is not true knows absolutely nothing about IT security or security on complex systems in general. You work really hard to prevent it, and make certain design decisions to make it hard to cross that gap, but the instant they are connected, you've created the possibility. You can't honestly claim that your network is 100% secure and impeneratble which is what this guy is trying to claim ... about aircraft that he's never had anything to do with, never seen, knows nothing about the internal operation of ... just because he's a pilot doesn't make him suddenly privy to private information internal to Airbus or Boeing.

    Once again, I repeat, this is nothing but a shitty slashvertisement. They probably paid timothy to post it to the front page, which explains why it was done in such a hurry the first time and didn't even have a fucking link in it.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  15. Re:Kind of a dup, but here's a link that explains by Lumpy · · Score: 4, Insightful

    It's the same for all the hype over car systems. EVERY SINGLE EXAMPLE they have to install hardware to get access to the data interface.

    So yes Terrorists can take over the airplane from their cellphones if the flight crew let them into the maintenance areas and help them install several specialized devices that give them access.

    The terrorists need to make appointments so they can make sure that avionics technicians are on hand to help them

    --
    Do not look at laser with remaining good eye.
  16. Re:Kind of a dup, but here's a link that explains by Lumpy · · Score: 3, Insightful

    Hackers have a better chance of deorbiting a satellite and hitting the aircraft while it is in flight than they do taking it over from the in flight wifi.

    --
    Do not look at laser with remaining good eye.
  17. How it all works by Anonymous Coward · · Score: 4, Informative

    1. My First Ever Post, please go easy
    2. I'm an aircraft engineer with about 12 years in the industry with experience of small and large jets, with both the big orange airline in Europe and the "other" british long haul carrier based at Heathrow.

    The WiFi system on board arrives at the plane via a dedicated satellite reciever designed for the specific task of internet connectivity. From there it plugs into the In Flight Entertainment system and the signal is projected via specially designed wifi routers that allow passengers to connect. At no point do the IFE system and the Avionics systems inter-connect physically. Furthermore, the IFE computers are actually stored under each row of seats and drive that row's IFE. Ever kicked that steel box under the end row? Thats the IFE controller for your row.

    The avionics systems are connected using an ARINC 429 system - http://en.wikipedia.org/wiki/ARINC_429. This is similar to a home network, but extremely specialised and focused on the job at hand. You cannot hack the IFE system and "get" into the Avionics. Yes, "Air Gap" hacking has been proven. Thats on computers that are next to eachother, not sat 100+' away through aluminium floor supports and all the other cabin interior. Who ever wrote the subject article has clearly never looked at the technicalities of what he is suggesting.

    Thanks

  18. Re:Kind of a dup, but here's a link that explains by Minupla · · Score: 3, Informative

    Fortunately pilots are less likely to do it to themselves then drivers are :).

    http://jalopnik.com/progressiv...

    Min

    --
    On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
  19. The 777 is unique in its vulnerability by Anonymous Coward · · Score: 4, Informative

    The 777 is unique in its vulnerability to precisely what you mention. The avionics bay access hatch is conveniently next to the toilet but behind a corner. An anonymous youtube poster who claims to be a pilot recorded a video when flying as a passenger to draw attention to this in the wake of MH370 and showed how he during a flight could get in and out of the avionics bay through that hatch with nobody noticing. Most people on board were sleeping and those who saw him, presumably thought he was just going to the toilet. The first thing to address this problem which no other plane has would be to put a fucking lock on that hatch and keep the key in the cockpit. Currently, two people with nefarious intentions can do anything to a 777 that can be done with access to the avionics and the right know-how. One just has to "stand in line" to the toilet and the other can fiddle undisturbed with all aircraft electronics. Thus I consider precisely such a "hijacking" one of the more plausible scenarios in the case of MH370. And the issue has still not been addressed.

    The video was first linked to on pprune but might be unlisted and the thread is long so I can't find it but will post again, if I do find it.