back to article How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

At least some commercial aircraft are vulnerable to wireless hacking, a US Department of Homeland Security official has admitted. A plane was compromised as it sat on the tarmac at a New Jersey airport by a team of boffins from the worlds of government, industry and academia, we're told. During the hack – the details of which …

  1. eldakka
    Holmes

    How can airlines stop hackers pwning planes over the air?

    How about not connecting any flight/control systems to a network that has wireless access?

    Flight control, entertainment, and, for example, crew non-control systems (e.g. passenger lists, stock levels of food/drinks, etc.) should all be air-gapped from each other.

    1. Anonymous Coward
      Anonymous Coward

      Re: How can airlines stop hackers pwning planes over the air?

      This.

      Airgaps. Airgaps. Airgaps! I assume the reason there is a connection between the avionics and in flight entertainment so they can put up those nice little maps showing where you are, current airspeed, etc. There probably isn't even a firewall, because the interface was designed back when they couldn't foresee everyone bringing a personal device with them that has the computing power of a high end mid 90s server that would be permitted wireless access to the in flight entertainment network.

      The story is the same as automotive entertainment and CAN bus, if you want to get data out of the important systems responsible for stuff that matter like flaps, brakes and what not, you can't use TCP/IP. Use a serial connection, with one direction clipped, so it is one way data only. Then you can get the data to make the pretty displays about where your flight is, or access engine data like rpms, without worrying about leaving security holes that let a passenger crash the plane.

      At least planes can't be hacked from the ground (well maybe they can, but not without some insider info, and there are a few people out there who would love to crash the plane they are riding on) and so long as cars could only be hacked from the inside it wasn't an issue. After all, if you want to crash a car, the steering wheel is an easier method than the ODB-II connector. But now that more and more cars can be accessed remotely, this is a real concern. Someone is going to die from this someday...or maybe already has and the crash investigators didn't realize it because they didn't know where to look!

      1. hplasm
        Coat

        Re: How can airlines stop hackers pwning planes over the air?

        "Airgaps. Airgaps. Airgaps!"

        Aren't all 'planes airgapped, by their very nature?

        I know, I'm going already!

        1. Bronek Kozicki
          Coat

          Re: How can airlines stop hackers pwning planes over the air?

          Aren't all 'planes airgapped, by their very nature?

          Yes, unless there's been a horrible accident. I will meet you by the door.

    2. Richard 12 Silver badge

      Satcom remote monitoring

      It's both really useful and mandated by law.

      The large commercial aircraft ping their location and a lot of running parameters out over satcomm at regular intervals.

      This is necessary for air traffic control, and very useful for maintenance as the mechanics can be ready and waiting for the plane to land, with the right components to fix a problem or perform preventative maintenance as the aircraft lands.

      So a full airgap isn't possible.

      A one-way airgap might be, but I suspect there is a lot of "that value is odd, plane, tell me these extra parameters" going on as well.

      And I bet that's all squirted through the same link as the onboard wifi.

      1. Charles 9

        Re: Satcom remote monitoring

        Plus I suspect one of the bigger problems is accidental bridging, probably with degrees of separation. You set up a WiFi Hotspot, for example, and it's supposed to be on a separate subnet, but maybe something internal unintentionally connects to the hotspot's subnet. Or some component links to another component that links to yet another component that just happens to have an open interface.

        Quite simply, with the way aircraft (especially older, retrofitted aircraft) are put together, finding all the links, intentional and not, is bound to be complicated.

        1. Chris Miller

          Re: Satcom remote monitoring

          A physical airgap would require duplicating a lot of equipment and cabling, which means significant extra weight - a huge issue for an aircraft manufacturer.

      2. Pascal Monett Silver badge

        Re: Satcom remote monitoring

        "So a full airgap isn't possible."

        Sorry but I disagree. The WiFi-accessible entertainment system does not need to run over the same wires as the nav/control systems.

        Physically separate the buses for the two and you have an airgap that is a chasm for hackers. There is no reason other than convenience that the two networks run over the same wires, and security says they shouldn't. So put in a separate Ethernet cable for fracks' sake.

        1. Adam 52 Silver badge

          Re: Satcom remote monitoring

          There's quite a lot of cable in an airliner and it isn't insignificant weight. Each cable needs mounting brackets. Weight is important in something that's supposed to fly. Apparently they use multiple 10GB Ethernet runs just for the inflight WiFi.

          If you want an isolated passenger airspeed indicator then that's going to involve punching another hole in the hull, same with a new GPS antenna, and I bet there's a whole world of risk in that.

          Even Concorde's famous Mach indicator was driven off the pilots' instrument, until it got replaced with a computer that lied.

          1. LoPath

            Re: Satcom remote monitoring

            It isn't what you think it is. SkyConnect is a GPS and Iridium box all-in-one. The basic unit has two functions: 1) Get the GPS coordinates and send them to Honeywell with the aircraft ID over Iridium; and 2) Allow Iridium phone calls. They do have higher level boxes that add internet, but even with that, I don't see you bringing down a plane with it. You could possibly really confuse dispatch if you could change their coordinates, but that's not that much fun.

            1. Anonymous Coward
              Anonymous Coward

              Weight of cables

              Use fiber, not copper. Much lighter, and smaller.

        2. Anonymous Coward
          Anonymous Coward

          Cost is king.

          Safety may be what the industry figureheads talk about in public, but what drives their purchasing and operational decisions is profit ie cost. Watch what these people actually do, not what they say they will do.

          "The WiFi-accessible entertainment system does not need to run over the same wires as the nav/control systems."

          It doesn't *need* to, but it's more profitable (cheaper) to buy and run planes if it does. Unless the manufacturers/operators have to pick up the cost when it goes wrong. Which it will, sooner or later.

          1. Anonymous Coward
            Anonymous Coward

            Re: Cost is king.

            "Watch what these people actually do, not what they say they will do".

            As explained in that classic book, Henry Petroski's "To Engineer is Human", they will wait until there have been enough disasters to cost them a noticeable amount. Then they will do the sums, and some action might result.

            More likely the politicians will do their sums (slightly different) and order them to take action.

            1. Anonymous Coward
              Anonymous Coward

              Re: Cost is king.

              The definitive tome is Weir, "The Tombstone Imperative".

      3. anothercynic Silver badge

        Re: Satcom remote monitoring

        This may not necessarily be a dangerous interface (i.e. two air-gapped networks meeting at the satcom interface), but certainly the whole concept (that Boeing espoused in the 787) of VLANs rather than separately-cabled networks can be. This is why aviation professionals continue to probe and prod the OEMs who are not used to that kind of questioning. It would be useful for everyone if infosec bods and aviation security bods worked together closer to validate the design of such on-board networks and made sure they truly are not a danger to the SLF inside that tube....

    3. Kev99 Silver badge

      Re: How can airlines stop hackers pwning planes over the air?

      The most sensible and cheapest solution for this and tons other vulnerable devices but it won't happen. The C-class farts are more concerned with Wall Street and their bonuses than security, safety, and common sense.

    4. TheRealRoland

      Re: How can airlines stop hackers pwning planes over the air?

      No, even easier. Do not allow anything that can act as a computer on board anymore. And the US is moving towards that model, right? Because the batteries can explode. Or something.

      1. veti Silver badge

        Re: How can airlines stop hackers pwning planes over the air?

        Do not allow anything that can act as a computer on board anymore.

        Not good enough, unless you mean to prohibit all electronic avionics as well (which is a whole 'nother idea, and comes with its own costs). The plane could be pwn3d remotely while sitting at the boarding gate, and the effects not noticed until after takeoff.

  2. Kernel

    Here's a thought

    Keep the the control and management network physically separate from the WiFi/entertainment network - the latter needs wireless access, but the former has no requirement to ever be accessed wirelessly - any access to this network for day-to-day aircraft operations should be done by the in-built displays and controls, any maintenance access should be via a cable that can only be connected when the aircraft is safely on the ground and in a maintenance facility.

    Working on aircraft already has plenty of complications and detailed processes to follow - the additional burden of having to find and connect a cable over clicking on a WiFi connection is not that significant in the scheme of things.

    Edit: Hmm, obviously two minds thinking alike (and simultaneously).

    1. Bubba Von Braun
      Joke

      Re: Here's a thought

      Ah but the convenience, to allow an engineer diagnose faults in all of the aircraft no pesky cables just walk up connect and go.

      Better yet lets manage it in the cloud.. download the flight computer databases, no longer do I have to send an engineer around to download it from a 3.5" floppy disk (Airbus A320 style :-)) nah push them out to the entire fleet with the push of a button.

      Sadly there are few (read: NO) Pilots in Airline management these days, all bean counters looking to squeeze the extra buck out of everything. They are wedded to the security through obscurity mantra and we all know how flawed that approach is. Its cheap and they can get their obscene bonuses at the end of the year.

      As always common sense becomes road kill in the rush to profits/convenience.

      1. EarthDog

        Re: Here's a thought

        I'm done with air travel. Train or bus, preferably train.

        1. JimC

          Re: Here's a thought

          If you think train travel is any less vulnerable to malign interference... Coincidentally there was a feature on Railway signalling on BBC this am... http://www.bbc.co.uk/news/av/business-41970331/signal-failure-the-train-traveller-s-nightmare-explained Talk about a target rich environment...

          1. HieronymusBloggs

            Re: Here's a thought

            "If you think train travel is any less vulnerable to malign interference..."

            Trains don't hit the ground as hard as a plane.

            1. Charles 9

              Re: Here's a thought

              Still plenty hard enough, though. We've had our share of derailments and station crashes to keep that fresh in our minds.

              Also hate to think what your options will be if you have to take a transoceanic trip.

            2. Muscleguy

              Re: Here's a thought

              You are obviously too young to remember SPAD's: Signals Passed At Danger which was all the rage back in the last big UK train crash. That caused a big spend on tech. Now trains should automatically slow or stop if the driver goes past a Stop signal and alarms should sound in the cab.

              Trains also have dead man's switches, driver has to depress a pedal at all times or train stops. Except those were vulnerable to workarounds such as lunchboxes being put on the pedals. Humans will always find a way to work around tech limitations.

              1. tiggity Silver badge

                Re: Here's a thought

                lunchbox on the pedals - that's an uncomfortable position

            3. Anonymous Coward
              Anonymous Coward

              Re: Here's a thought

              "Trains don't hit the ground as hard as a plane."

              Might want to check the math on that impact equation.

              The weight of a fully loaded 747 is less than the weight of three modern diesel electric locomotives by themselves. These locomotives whisk freight trains weighing easily up to fifteen thousand tons (thirty million pounds) at speeds of over sixty miles an hour.

            4. Dagg Silver badge

              Re: Here's a thought

              Trains don't hit the ground as hard as a plane.

              Yep, but they can hit other trains and be hit by other trains a hell of lot harder especially those huge freight trains.

        2. Anonymous Coward
          Facepalm

          Re: Here's a thought

          "preferably train"

          Those computer controlled ones with the easy to access signalling boxes deciding if you are going to slam into an oncoming train or not?

          Off you go.

      2. Anonymous Coward
        Anonymous Coward

        Re: Here's a thought

        "Ah but the convenience, to allow an engineer diagnose faults in all of the aircraft no pesky cables just walk up connect and go."

        I worked with one company that was interested in having a Bluetooth/WiFi dongle that they could use for exactly this problem. Plug in the dongle and you get wireless access to the plane's hardware, remove it and no one has access to that hardware anymore. It ensures that physical access is required, but you don't have to be standing right next to the plane the entire time.

      3. hplasm
        Holmes

        Re: Here's a thought

        "As always common sense becomes road kill in the rush to profits/convenience."

        maxim: any problems may be traced to either Accountants or Lawyers, eventually.

      4. Anonymous Coward
        Anonymous Coward

        Re: Here's a thought

        Sadly there are few (read: NO) Pilots in Airline management these days, all bean counters looking to squeeze the extra buck out of everything.

        Not true. I know of at least one very high up executive in the UK who still flies on a semi-regular basis...and frequently turns heads in the crewroom when he shows up in uniform...

      5. Anonymous Coward
        Anonymous Coward

        Re: Here's a thought

        "As always common sense becomes road kill in the rush to profits/convenience".

        And fashion! Let's not forget the vital need to be up with the latest fashion!

      6. JimboSmith Silver badge

        Re: Here's a thought

        Off the top of my head Willie Walsh the head of IAG was a pilot. IAG own BA, Iberia, Veuling & Aer Lingus.

    2. Anonymous Coward
      Anonymous Coward

      Re: Here's a thought

      This is already the case. Passenger wi-fi is separate from avionics. This is just more nonsense. The register themselves even did a sum-up of why your plane isn't going to be hacked anytime soon because they use ARINC ....

      here's one: https://www.theregister.co.uk/2014/08/08/dont_panic_satellite_comms_hacking_wont_be_able_to_crash_an_aircraft/

      Here's a second one:

      https://www.theregister.co.uk/2014/08/10/why_hackers_wont_be_able_to_hijack_your_next_flight_the_facts/

      People have short memories but it does make a good headline I admit.

  3. David 132 Silver badge
    Coat

    Oo-er

    "Two days later, I was successful in accomplishing a remote, non-cooperative, penetration"

    mumblemumble fnarrr mumble harvey weinstein mumblemumble

  4. Herby
    Coat

    This gives new meaning to...

    The friendly skies. Friendly to WiFi intrusions.

    My coat is already on.

  5. Long John Brass
    Coat

    Meh

    Don't all airline systems belong in the cloud(s)?

    ok, ok I'm going; No need to push

  6. Milton

    Beware the idiots

    Beware the idiots (some in the national security apparatus; many politicians, though it's a tautology in their case) who would like to be able to remotely take control of an aircraft suspected of being hijacked. The topic has been revisited by morons several times since 9/11, and more recently MH370's disappearance.

    And if you think that can't happen, there are greedy airline bosses who have seriously suggested reducing flight crew to *one* pilot, and even wondered aloud if they could allow plans to be completely automated¹.

    Now, Reg readers are smart enough to know that when an robocar fails, it can fail-over to drift to an embarrassing stop at the side of the road, at the small risk of maybe four or five people; whereas a roboplane may fail into the ground at 500 kts, at the major risk of 600 people (in the aircraft alone). It's an important difference, but greedmongering executives and imbecile politicians are easily blinded by cash and flattery, so ... like I said, beware ...

    ¹ Yes, the obnoxious pillock O'Leary: how did you know?

  7. Nick Kew

    When you land in serious weather and can't see a thing ...

    You want connectivity between the plane's telemetry and the airport. Not to mention weather information that tells you what you're descending into as you go down.

    How do you do that with an airgap?

    1. HieronymusBloggs

      Re: When you land in serious weather and can't see a thing ...

      "How do you do that with an airgap?"

      You put the airgap (or at least restrict communication to a single direction) between information gathering systems and those controlling the aircraft.

    2. michael.moon

      Re: When you land in serious weather and can't see a thing ...

      encrypted coms ?

    3. Sherminator
      IT Angle

      Re: When you land in serious weather and can't see a thing ...

      ILS... It's been around a long time.

      Way longer than everyone's incessant need to have everything connected and accessible at all times.... can't survive without my social media on my 10 hour flight....

      How about we go old school on aircraft journeys? Just get pissed and fall asleep... :)

      https://en.wikipedia.org/wiki/Instrument_landing_system

    4. grumpy-old-person

      Re: When you land in serious weather and can't see a thing ...

      Why not just have 2 totally separate networks (surely they are not THAT heavy?)

  8. jaywin

    Once again...

    ... A story about "I hacked into a plane!" with no information about what they actually got access to, or if they were able to change anything.

    It's one thing entirely if they were able to change the displays in the cockpit, or to alter flight plans. It's a completely different story if all they managed was to get read only access of the plane's current location, or the listings of the inflight movies.

    1. Anonymous Coward
      Anonymous Coward

      Re: Once again...

      "no information about what they actually got access to, or if they were able to change anything."

      Sad, isn't it.

      In one previous similar alleged incident, I eventually found out that the 'hacker' had found himself accessing a Solaris logon screen from the entertainment network.

      Anyone see any credibility issues with that?

      1. Charles 9

        Re: Once again...

        Depends on the underlying OS. On a flight to LAX once on a 777, every time the In-Flight monitors switched over from a certain state, you would see some kind of diagnostics screen. Seemed to be a Honeywell unit IIRC. Anyway, it was novel enough I took a picture of it as proof, though it's mothballed by now.

        1. Charles 9

          Re: Once again...

          Not Honeywell, Rockwell. See for yourself what I saw.

  9. Anonymous South African Coward Bronze badge

    As usual nothing will be done until two or three planes get pwned successfully.

    Now.

    The usual run-of-the-mill hacker will most probably not crash the plane as he/she will most probably value his/her life as well.

    Unfortunately, on the other side of the coin, certain types of people would love to gain control of an aeroplane and make it meet Terra Firma most spectacularly. Bonus points if any military installations/bases/buildings/whatever is also included in the place where the plane is going to crash.

    Just give it two or three planes going down in the second manner, then people will have a rude awakening.

    1. Anonymous Coward
      Anonymous Coward

      Don't crash the thing, that's just nasty

      Put hardcore pr0n on all the screens and the tannoy for some lulz.

  10. Aladdin Sane
    Terminator

    Didn't something like this happen

    in Short Circuit 2?

    1. Black Rat

      Re: Didn't something like this happen

      X-files spin off The Lone Gunmen predicted 9/11 with an attempt to crash a hacked aircraft into New York

  11. rmason

    Mountain out of a molehill

    come on guys and girls, be realistic!!

    Who is EVER going to want to hack a plane?? Come on now.

    1. Sssss

      Re: Mountain out of a molehill

      Well, the people wanting to hack one your on may have have just increased?

      Do they still hand out the Darwin reward. Doesn't this man watch American movies and TV?

  12. steelpillow Silver badge
    Holmes

    No easy answers

    Things like digital weather and traffic updates become increasingly relevant to flight systems as they become more automated and intelligent. Airgapping, data diodes and the like cannot shield the machine from stuff the pilot used to deal with over voice radio.

    There are no glib answers to be had, just careful hardening, thorough testing and eternal vigilance.

  13. trevorde Silver badge

    All your planes are belong to us!

  14. BeakUpBottom

    A plane has additional risks ...

    Even airgapping isn't quite enough, leaving aside the problems that presents.

    Planes are frugally designed and inherently vulnerable. Even with a nicely separated customer Wi-Fi/ents network you need to be sure what could be done to it by someone gaining access with elevated privileges. I don't see that they even need to be on board, necessarily, there's those seat phones for one thing, and the possibility of getting a device on board you have control of remotely, like a compromised smartphone. Both vectors present major challenges to a hacker, but there's some very motivated miscreants out there, and some suicidal ones, lets not forget.

    Simply knowing a way to cause the entertainment system to communicate misleading information to passengers could cause all sorts of peril. Working out how to overload part of it to cause, say, a cabin power problem or even a fire ..... a power-slurpy IFE was a factor in the total loss of Swissair 111.

  15. Destroy All Monsters Silver badge
    Windows

    Old News!

    We know that Russians have been doing since "Die Hard on a tarmac".

    But seriously, we need more details on this "hack". These things are always overblown for fame and ego-stroking.

  16. Wim Ton

    Not exactly new:

    http://www.heise.de/imgs/18/1/4/9/3/2/0/8/gross-5ef9ea01a8d439d3.jpeg

  17. Aodhhan

    Parrots... shaddup!

    Air gap, air gap, air gap... sqwaaaak. Bunch of parrots repeating crap, without any talent to quiet themselves for 5 minutes so they can think critically.

    Experienced security professionals know air gap isn't necessarily the answer. There are plenty of ways to connect to an enclosed gapped network. Especially when 200+ people have access to a few of them on each flight.

    The answer is early and proper security injected into the systems development lifecycle. An aircraft connected to a WAN or cloud can be perfectly safe provided security is considered from day one until they retire the plane.

    Because loss of network/computer systems on an airplane is an obvious security concern as well as a target for terrorists... governments should get involved in protecting these systems with compliance standards.

    Airlines and aircraft manufacturers may scream about cost and delays, but consider a worst case scenario... where malware is launched quietly into the systems of 10+ aircraft, placed by malicious insiders, staying dormant until a particular date/time.

    1. Charles 9

      Re: Parrots... shaddup!

      I got you a worse one. Same thing done by an actual tech who's a sleeper. No possible defense against a well-hidden sleeper, and you don't even need a wireless anything to raise havoc. If someone REALLY wants to raise havoc, they can do it in spite of God, Man, or the Devil. Remember, no guns used for 9/11, and even after 9/11 some intentional crashes were done by the pilots themselves: insiders.

    2. Anonymous Coward
      Anonymous Coward

      Re: perfectly safe

      "An aircraft connected to a WAN or cloud can be perfectly safe "

      Really? Don't think so. There are very few things that can be perfectly safe, and airliners certainly aren't amongst them, though in recent years airliners have been sufficiently safe that complacency has unfortunately set in at the builders and operators and regulators, just as it did in the UK's rail industry after privatisation.

  18. Starace
    Flame

    Bullshit!

    The story - just like those that went before it - is misrepresentative bullshit by someone implying one thing was something altogether different to make a name and generate headlines.

    Nothing was compromised remotely or otherwise.

    Anyone with even a vague understanding of old and new aircraft and avionics knows the story to be bullshit.

    Sadly credulous journalists fall for it, maybe mix in a bit of irrelevant IT knowledge and then a load of commenters drop in and it spins on from there.

    So much security 'research' is like this but I guess tech fake news is as good as any other type for generating traffic.

  19. This post has been deleted by its author

  20. Kiwi
    Trollface

    It's seem pretty obvious.

    Separate your control systems networks (and they shouldn't be on Wireless - if they are I may not be able to hack in but I could jam) from your nav systems networks, and keep them separate from the public wireless and entertainment stuff.

    It may take time and cost to test and start to implement, but what is the cost of paying out compensation to a few hundred families because you didn't do this, and a plane crashed as a result of your failure to fix a suspected-if-not-known security flaw? Hell, next time a plane comes down and someone suggests to a family that maybe someone hacked the plane and caused the crash, what sort of problems will that cause for the specific airline or manufacturer?

    And keep the entertainment systems separate from any wifi or internet-connected networks!. Someone might want to do a murder-suicide on a plane load of republicans, which they could achieve by having all the screens show a picture of a couple of Arab men holding hands (a common practice in many mid-eastern countries which has nothing to do with sex,I am told). This would cause at least one of the passengers to go into such a violent rage that they explode, and failing that the rest would go mad rushing around trying to smash everything electronic to make the pictures go away.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's seem pretty obvious.

      "It may take time and cost to test and start to implement, but what is the cost of paying out compensation to a few hundred families because you didn't do this, and a plane crashed as a result of your failure to fix a suspected-if-not-known security flaw?"

      Probably less. See Unsafe At Any Speed.

  21. Sssss

    Cut a long story short. Keep he plane's sysyem a closed system off wireless and the internet. Have consumers net services system completely seperate and incompatible. Doesn't anybody watch Battle Star Galactica??

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like