back to article How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

At least some commercial aircraft are vulnerable to wireless hacking, a US Department of Homeland Security official has admitted. A plane was compromised as it sat on the tarmac at a New Jersey airport by a team of boffins from the worlds of government, industry and academia, we're told. During the hack – the details of which …

Silver badge
Holmes

How can airlines stop hackers pwning planes over the air?

How about not connecting any flight/control systems to a network that has wireless access?

Flight control, entertainment, and, for example, crew non-control systems (e.g. passenger lists, stock levels of food/drinks, etc.) should all be air-gapped from each other.

50
1
Silver badge

Re: How can airlines stop hackers pwning planes over the air?

This.

Airgaps. Airgaps. Airgaps! I assume the reason there is a connection between the avionics and in flight entertainment so they can put up those nice little maps showing where you are, current airspeed, etc. There probably isn't even a firewall, because the interface was designed back when they couldn't foresee everyone bringing a personal device with them that has the computing power of a high end mid 90s server that would be permitted wireless access to the in flight entertainment network.

The story is the same as automotive entertainment and CAN bus, if you want to get data out of the important systems responsible for stuff that matter like flaps, brakes and what not, you can't use TCP/IP. Use a serial connection, with one direction clipped, so it is one way data only. Then you can get the data to make the pretty displays about where your flight is, or access engine data like rpms, without worrying about leaving security holes that let a passenger crash the plane.

At least planes can't be hacked from the ground (well maybe they can, but not without some insider info, and there are a few people out there who would love to crash the plane they are riding on) and so long as cars could only be hacked from the inside it wasn't an issue. After all, if you want to crash a car, the steering wheel is an easier method than the ODB-II connector. But now that more and more cars can be accessed remotely, this is a real concern. Someone is going to die from this someday...or maybe already has and the crash investigators didn't realize it because they didn't know where to look!

23
1
Silver badge

Satcom remote monitoring

It's both really useful and mandated by law.

The large commercial aircraft ping their location and a lot of running parameters out over satcomm at regular intervals.

This is necessary for air traffic control, and very useful for maintenance as the mechanics can be ready and waiting for the plane to land, with the right components to fix a problem or perform preventative maintenance as the aircraft lands.

So a full airgap isn't possible.

A one-way airgap might be, but I suspect there is a lot of "that value is odd, plane, tell me these extra parameters" going on as well.

And I bet that's all squirted through the same link as the onboard wifi.

8
0
Silver badge

Re: Satcom remote monitoring

Plus I suspect one of the bigger problems is accidental bridging, probably with degrees of separation. You set up a WiFi Hotspot, for example, and it's supposed to be on a separate subnet, but maybe something internal unintentionally connects to the hotspot's subnet. Or some component links to another component that links to yet another component that just happens to have an open interface.

Quite simply, with the way aircraft (especially older, retrofitted aircraft) are put together, finding all the links, intentional and not, is bound to be complicated.

7
1
Silver badge

Re: Satcom remote monitoring

A physical airgap would require duplicating a lot of equipment and cabling, which means significant extra weight - a huge issue for an aircraft manufacturer.

6
4
Silver badge

Re: Satcom remote monitoring

"So a full airgap isn't possible."

Sorry but I disagree. The WiFi-accessible entertainment system does not need to run over the same wires as the nav/control systems.

Physically separate the buses for the two and you have an airgap that is a chasm for hackers. There is no reason other than convenience that the two networks run over the same wires, and security says they shouldn't. So put in a separate Ethernet cable for fracks' sake.

14
0
Silver badge
Coat

Re: How can airlines stop hackers pwning planes over the air?

"Airgaps. Airgaps. Airgaps!"

Aren't all 'planes airgapped, by their very nature?

I know, I'm going already!

17
0
Silver badge

Re: Satcom remote monitoring

This may not necessarily be a dangerous interface (i.e. two air-gapped networks meeting at the satcom interface), but certainly the whole concept (that Boeing espoused in the 787) of VLANs rather than separately-cabled networks can be. This is why aviation professionals continue to probe and prod the OEMs who are not used to that kind of questioning. It would be useful for everyone if infosec bods and aviation security bods worked together closer to validate the design of such on-board networks and made sure they truly are not a danger to the SLF inside that tube....

3
0
Silver badge

Re: Satcom remote monitoring

There's quite a lot of cable in an airliner and it isn't insignificant weight. Each cable needs mounting brackets. Weight is important in something that's supposed to fly. Apparently they use multiple 10GB Ethernet runs just for the inflight WiFi.

If you want an isolated passenger airspeed indicator then that's going to involve punching another hole in the hull, same with a new GPS antenna, and I bet there's a whole world of risk in that.

Even Concorde's famous Mach indicator was driven off the pilots' instrument, until it got replaced with a computer that lied.

3
1
Silver badge
Coat

Re: How can airlines stop hackers pwning planes over the air?

Aren't all 'planes airgapped, by their very nature?

Yes, unless there's been a horrible accident. I will meet you by the door.

4
0
Bronze badge

Re: How can airlines stop hackers pwning planes over the air?

The most sensible and cheapest solution for this and tons other vulnerable devices but it won't happen. The C-class farts are more concerned with Wall Street and their bonuses than security, safety, and common sense.

3
0

Re: How can airlines stop hackers pwning planes over the air?

No, even easier. Do not allow anything that can act as a computer on board anymore. And the US is moving towards that model, right? Because the batteries can explode. Or something.

4
0

Re: Satcom remote monitoring

It isn't what you think it is. SkyConnect is a GPS and Iridium box all-in-one. The basic unit has two functions: 1) Get the GPS coordinates and send them to Honeywell with the aircraft ID over Iridium; and 2) Allow Iridium phone calls. They do have higher level boxes that add internet, but even with that, I don't see you bringing down a plane with it. You could possibly really confuse dispatch if you could change their coordinates, but that's not that much fun.

1
0
Silver badge

Weight of cables

Use fiber, not copper. Much lighter, and smaller.

3
1
Silver badge

Re: How can airlines stop hackers pwning planes over the air?

Do not allow anything that can act as a computer on board anymore.

Not good enough, unless you mean to prohibit all electronic avionics as well (which is a whole 'nother idea, and comes with its own costs). The plane could be pwn3d remotely while sitting at the boarding gate, and the effects not noticed until after takeoff.

1
1
Anonymous Coward

Cost is king.

Safety may be what the industry figureheads talk about in public, but what drives their purchasing and operational decisions is profit ie cost. Watch what these people actually do, not what they say they will do.

"The WiFi-accessible entertainment system does not need to run over the same wires as the nav/control systems."

It doesn't *need* to, but it's more profitable (cheaper) to buy and run planes if it does. Unless the manufacturers/operators have to pick up the cost when it goes wrong. Which it will, sooner or later.

2
0
Silver badge

Re: Cost is king.

"Watch what these people actually do, not what they say they will do".

As explained in that classic book, Henry Petroski's "To Engineer is Human", they will wait until there have been enough disasters to cost them a noticeable amount. Then they will do the sums, and some action might result.

More likely the politicians will do their sums (slightly different) and order them to take action.

2
0
Anonymous Coward

Re: Cost is king.

The definitive tome is Weir, "The Tombstone Imperative".

1
0
Silver badge

Here's a thought

Keep the the control and management network physically separate from the WiFi/entertainment network - the latter needs wireless access, but the former has no requirement to ever be accessed wirelessly - any access to this network for day-to-day aircraft operations should be done by the in-built displays and controls, any maintenance access should be via a cable that can only be connected when the aircraft is safely on the ground and in a maintenance facility.

Working on aircraft already has plenty of complications and detailed processes to follow - the additional burden of having to find and connect a cable over clicking on a WiFi connection is not that significant in the scheme of things.

Edit: Hmm, obviously two minds thinking alike (and simultaneously).

20
1
Joke

Re: Here's a thought

Ah but the convenience, to allow an engineer diagnose faults in all of the aircraft no pesky cables just walk up connect and go.

Better yet lets manage it in the cloud.. download the flight computer databases, no longer do I have to send an engineer around to download it from a 3.5" floppy disk (Airbus A320 style :-)) nah push them out to the entire fleet with the push of a button.

Sadly there are few (read: NO) Pilots in Airline management these days, all bean counters looking to squeeze the extra buck out of everything. They are wedded to the security through obscurity mantra and we all know how flawed that approach is. Its cheap and they can get their obscene bonuses at the end of the year.

As always common sense becomes road kill in the rush to profits/convenience.

18
0
Bronze badge

Re: Here's a thought

I'm done with air travel. Train or bus, preferably train.

6
3
Anonymous Coward

Re: Here's a thought

"Ah but the convenience, to allow an engineer diagnose faults in all of the aircraft no pesky cables just walk up connect and go."

I worked with one company that was interested in having a Bluetooth/WiFi dongle that they could use for exactly this problem. Plug in the dongle and you get wireless access to the plane's hardware, remove it and no one has access to that hardware anymore. It ensures that physical access is required, but you don't have to be standing right next to the plane the entire time.

7
0
Silver badge

Re: Here's a thought

If you think train travel is any less vulnerable to malign interference... Coincidentally there was a feature on Railway signalling on BBC this am... http://www.bbc.co.uk/news/av/business-41970331/signal-failure-the-train-traveller-s-nightmare-explained Talk about a target rich environment...

3
0
Silver badge

Re: Here's a thought

"If you think train travel is any less vulnerable to malign interference..."

Trains don't hit the ground as hard as a plane.

7
2
Silver badge

Re: Here's a thought

Still plenty hard enough, though. We've had our share of derailments and station crashes to keep that fresh in our minds.

Also hate to think what your options will be if you have to take a transoceanic trip.

5
1
Facepalm

Re: Here's a thought

"preferably train"

Those computer controlled ones with the easy to access signalling boxes deciding if you are going to slam into an oncoming train or not?

Off you go.

4
1
Silver badge
Holmes

Re: Here's a thought

"As always common sense becomes road kill in the rush to profits/convenience."

maxim: any problems may be traced to either Accountants or Lawyers, eventually.

5
0
Silver badge

Re: Here's a thought

You are obviously too young to remember SPAD's: Signals Passed At Danger which was all the rage back in the last big UK train crash. That caused a big spend on tech. Now trains should automatically slow or stop if the driver goes past a Stop signal and alarms should sound in the cab.

Trains also have dead man's switches, driver has to depress a pedal at all times or train stops. Except those were vulnerable to workarounds such as lunchboxes being put on the pedals. Humans will always find a way to work around tech limitations.

4
0
Anonymous Coward

Re: Here's a thought

This is already the case. Passenger wi-fi is separate from avionics. This is just more nonsense. The register themselves even did a sum-up of why your plane isn't going to be hacked anytime soon because they use ARINC ....

here's one: https://www.theregister.co.uk/2014/08/08/dont_panic_satellite_comms_hacking_wont_be_able_to_crash_an_aircraft/

Here's a second one:

https://www.theregister.co.uk/2014/08/10/why_hackers_wont_be_able_to_hijack_your_next_flight_the_facts/

People have short memories but it does make a good headline I admit.

5
0
Silver badge

Re: Here's a thought

lunchbox on the pedals - that's an uncomfortable position

1
0
Anonymous Coward

Re: Here's a thought

"Trains don't hit the ground as hard as a plane."

Might want to check the math on that impact equation.

The weight of a fully loaded 747 is less than the weight of three modern diesel electric locomotives by themselves. These locomotives whisk freight trains weighing easily up to fifteen thousand tons (thirty million pounds) at speeds of over sixty miles an hour.

1
0
Anonymous Coward

Re: Here's a thought

Sadly there are few (read: NO) Pilots in Airline management these days, all bean counters looking to squeeze the extra buck out of everything.

Not true. I know of at least one very high up executive in the UK who still flies on a semi-regular basis...and frequently turns heads in the crewroom when he shows up in uniform...

1
0
Silver badge

Re: Here's a thought

"As always common sense becomes road kill in the rush to profits/convenience".

And fashion! Let's not forget the vital need to be up with the latest fashion!

3
0
Silver badge

Re: Here's a thought

Off the top of my head Willie Walsh the head of IAG was a pilot. IAG own BA, Iberia, Veuling & Aer Lingus.

0
0

Re: Here's a thought

Trains don't hit the ground as hard as a plane.

Yep, but they can hit other trains and be hit by other trains a hell of lot harder especially those huge freight trains.

2
0
Silver badge
Coat

Oo-er

"Two days later, I was successful in accomplishing a remote, non-cooperative, penetration"

mumblemumble fnarrr mumble harvey weinstein mumblemumble

18
3
Silver badge
Coat

This gives new meaning to...

The friendly skies. Friendly to WiFi intrusions.

My coat is already on.

1
0
Silver badge
Coat

Meh

Don't all airline systems belong in the cloud(s)?

ok, ok I'm going; No need to push

18
0
Silver badge

Beware the idiots

Beware the idiots (some in the national security apparatus; many politicians, though it's a tautology in their case) who would like to be able to remotely take control of an aircraft suspected of being hijacked. The topic has been revisited by morons several times since 9/11, and more recently MH370's disappearance.

And if you think that can't happen, there are greedy airline bosses who have seriously suggested reducing flight crew to *one* pilot, and even wondered aloud if they could allow plans to be completely automated¹.

Now, Reg readers are smart enough to know that when an robocar fails, it can fail-over to drift to an embarrassing stop at the side of the road, at the small risk of maybe four or five people; whereas a roboplane may fail into the ground at 500 kts, at the major risk of 600 people (in the aircraft alone). It's an important difference, but greedmongering executives and imbecile politicians are easily blinded by cash and flattery, so ... like I said, beware ...

¹ Yes, the obnoxious pillock O'Leary: how did you know?

10
1
Silver badge

When you land in serious weather and can't see a thing ...

You want connectivity between the plane's telemetry and the airport. Not to mention weather information that tells you what you're descending into as you go down.

How do you do that with an airgap?

4
5
Silver badge

Re: When you land in serious weather and can't see a thing ...

"How do you do that with an airgap?"

You put the airgap (or at least restrict communication to a single direction) between information gathering systems and those controlling the aircraft.

4
0

Re: When you land in serious weather and can't see a thing ...

encrypted coms ?

2
0
IT Angle

Re: When you land in serious weather and can't see a thing ...

ILS... It's been around a long time.

Way longer than everyone's incessant need to have everything connected and accessible at all times.... can't survive without my social media on my 10 hour flight....

How about we go old school on aircraft journeys? Just get pissed and fall asleep... :)

https://en.wikipedia.org/wiki/Instrument_landing_system

3
0

Re: When you land in serious weather and can't see a thing ...

Why not just have 2 totally separate networks (surely they are not THAT heavy?)

0
0

Once again...

... A story about "I hacked into a plane!" with no information about what they actually got access to, or if they were able to change anything.

It's one thing entirely if they were able to change the displays in the cockpit, or to alter flight plans. It's a completely different story if all they managed was to get read only access of the plane's current location, or the listings of the inflight movies.

9
0
Anonymous Coward

Re: Once again...

"no information about what they actually got access to, or if they were able to change anything."

Sad, isn't it.

In one previous similar alleged incident, I eventually found out that the 'hacker' had found himself accessing a Solaris logon screen from the entertainment network.

Anyone see any credibility issues with that?

1
0
Silver badge

Re: Once again...

Depends on the underlying OS. On a flight to LAX once on a 777, every time the In-Flight monitors switched over from a certain state, you would see some kind of diagnostics screen. Seemed to be a Honeywell unit IIRC. Anyway, it was novel enough I took a picture of it as proof, though it's mothballed by now.

0
1
Silver badge

Re: Once again...

Not Honeywell, Rockwell. See for yourself what I saw.

1
0
Silver badge

As usual nothing will be done until two or three planes get pwned successfully.

Now.

The usual run-of-the-mill hacker will most probably not crash the plane as he/she will most probably value his/her life as well.

Unfortunately, on the other side of the coin, certain types of people would love to gain control of an aeroplane and make it meet Terra Firma most spectacularly. Bonus points if any military installations/bases/buildings/whatever is also included in the place where the plane is going to crash.

Just give it two or three planes going down in the second manner, then people will have a rude awakening.

4
0
Anonymous Coward

Don't crash the thing, that's just nasty

Put hardcore pr0n on all the screens and the tannoy for some lulz.

2
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018