In July 2015, hackers Charlie Miller and Chris Valasek, sitting in a home near St Louis, remotely took control of a Jeep Cherokee sport utility vehicle travelling along an interstate highway.
Using an Internet connection and cellular signal, the pair activated the car’s windshield wipers and blasted its radio before cutting the engine, leaving the driver, though privy to the scheme, noticeably shaken, according to reports.
Now, some aviation cyber-security experts say that hack, which made national news and sparked a government response, should serve as warning to the aviation industry.
Though there have been no proven cases in which a passenger aircraft has been electronically commandeered by a hacker, experts note that at least one hacker claims to have done so. Other hackers have exposed security flaws in various aircraft systems, such as aircraft communications addressing and reporting systems (ACARS) and automatic dependent surveillance-broadcast (ADS-B).
“A plane is something similar to a car from its general architecture,” says Marco Wolf, head of engineering and consulting at Escrypt, a German company that provides cyber-security products designed for automobiles and other vehicles.
“The most important thing is not to deny the threat,” says Wolf. “The first thing you should do is take this seriously.”
Wolf and colleagues Moritz Minzlaff and Martin Moser co-wrote a 2015 paper about aviation cyber vulnerability, in which they highlight recent hackings and specific risks.
“Vulnerability of aircraft information technology is not only an academic possibility, but already a harsh reality,” says that report.
While Wolf concedes hacking an aircraft is more difficult than hacking an automobile, the risk remains real.
“Saying it’s much more difficult is not saying it’s impossible,” he says.
“It is a problem, and we need to take it seriously,” adds Stuart McClure, chief executive of California-based Cylance, a cyber-security company that works on transportation projects. “We have miles to go before we rest.”
“I don’t see anyone sitting around saying, ‘I don’t care’”, McClure adds of the industry. “But they don’t know where to start, and they are afraid of opening a Pandora’s Box”.
Cyber threats to aircraft and air traffic control systems have gained attention in recent months, following news of a possible inflight hacking, and calls from industry players for better standards.
For instance, the Air Traffic Control Association (ATCA) in January published a paper calling on the US federal government to develop aviation-specific cyber-security policies.
Blend Images/REX/Shutterstock
FEDS TO 'DISSECT' AIRCRAFT
In a move signaling the US government may be taking cyber threats more seriously, the Federal Aviation Administration and Department of Defense recently launched an 18-month study of aviation cyber security, Susan Cabler, the FAA's assistant manager of design, manufacturing and airworthiness, told Flightglobal in January.
As part of that effort, the agencies were seeking to acquire a passenger commercial aircraft, which they intend to “dissect”, said Cabler, who sits on the FAA’s cyber security steering committee.
Investigators will "go over that aircraft from nose to tail to see if there are cyber vulnerabilities that have not yet identified themselves”, she said.
In addition, in late December 2014 the FAA tasked its rulemaking advisors with creating a cyber-security panel called the aircraft systems information security/protection (ASISP) working group.
That group aims to recommend cyber-security-related rules and guidelines in a report due during 2016, according to government documents.
For their part, aircraft manufactures insist their aircraft are safe from hacking.
Though Boeing declined to be interviewed, the company issued a statement to Flightglobal saying it has “complete confidence in the cyber-security measures of its airplanes.”
“Multiple layers of protection, including software, hardware and network architecture features, are designed to ensure the security of all critical flight systems from intrusion,” the statement says. “Boeing’s cyber-security measures have been subjected to rigorous testing, including through the FAA’s certification process, and our airplanes meet or exceed all applicable regulatory requirements.”
EXPERTS REMAINED CONCERNED
Speaking during a cyber-security forum in January hosted by ATCA, McClure explained that every cyber attack was thought to be impossible up to the moment “it was successfully proven”.
Modern aircraft are essentially no different than other machines, be they automobiles, insulin pumps or toasters, McClure says. They are mechanical devices that respond to an input, process that input and produce an output.
It’s the input and output points that are vulnerable to hacking, he adds, and modern aircraft have dozens of operating systems sending signals through dozens of ports and antennas.
Though aircraft have used computers for decades, until the 1980s the only communication from the cockpit came in the form of voice and short text communications transmitted via analog radio signals, notes the Escrypt report.
Then in the 1980s airlines began outfitting aircraft with ACARS, a digital message transmission system which was soon integrated with internal flight management systems.
The system now transmits and receives a bevy of data, including aircraft operational information, air traffic control messages, flight plans and weather and maintenance information, the report notes.
ACARS is far from the only airborne system that transmits and receives. Today’s aircraft also have ADS-B, GPS and satellite communications – all of which have antennas.
And aircraft have antennas and receivers for a host of other critical systems, such as automatic direction finders (ADF), VHF and HF radios, altimeters, instrument landing systems (ILS), distance measuring equipment (DME), traffic collision avoidance systems (TCAS), transponders, emergency locator transmitters (ELTs) and VHF omni-directional radio range (VOR) systems.
Modern aircraft also have plug-in ports, and networks often extend into the cabin via inflight entertainment (IFE) systems, experts note.
“Today’s aircraft are virtually nonstop online,” says Escrypt’s report. “The enormous increase of digital communication interfaces leads to significantly growing numbers of potential attack points.”
Possible attacks could take a number of different forms, including those from intelligence services, terrorist organizations or even lone hackers eager for a challenge, says the Escrypt paper.
Cyber-security experts point to at least a few examples in which aircraft systems may have been compromised.
Among them, Iran’s claim that it spoofed the GPS signal of a US military Lockheed Martin RQ-170 unmanned aircraft in 2011, causing the aircraft to land in Iran, Escrypt’s report says.
Though Iran’s claims are not universally accepted, experts have proved that civilian GPS signals can be faked and used to manipulate drones, the report adds.
Perhaps more concerning, at a 2013 cyber security conference in Amsterdam called “Hack in the Box”, an expert named Hugo Teso demonstrated the process of hacking into an aircraft’s flight management system (FMS) though ADS-B and ACARS interfaces.
Teso used equipment available on eBay.com, including real aircraft software and hardware, a flight simulation programme and a tool that could send and receive ADS-B and ACARS messages, the report says.
He reportedly located a simulated aircraft with ADS-B messages, sent malicious code via ACARS to the aircraft’s FMS and then modified the aircraft’s flight plan and changed weather data and other aircraft information, the report says.
Experts seem to agree about ADS-B and ACARS security.
“Current ADS-B specifications are without any authenticity or integrity protection against malicious manipulations or spoofing,” Wolf and his co-authors write in the Escrypt report. “With ADS-B transponders freely available from $2,000, everyone can spoof aircraft and ground control.”
“The classic (and almost universally used) ACARS protocol, apart from basic message integrity checks, has no provisions in the protocol for security of content or authentication of sender or receiver,” Peter Skaves, the FAA’s chief scientific and technical advisor for advanced avionics, writes in a report for the 2015 Integrated Communications Navigation and Surveillance Conference.
HACKING THE IFE
Then there is the case of Chris Roberts, a hacker who claims to have done what aircraft manufactures describe as impossible.
In early 2015, Roberts told Federal Bureau of Investigation agents he had hacked into the FMS of a commercial aircraft while in flight, commanding the thrust computer into climb mode, according to documents filed by the FBI in a US district court.
Roberts told agents he accessed the system by plugging into an under-seat control box for the aircraft’s IFE.
“He stated that he thereby caused one of the airplane engines to climb, resulting in a lateral or sideways movement of the plane during one of these flights,” Roberts told the FBI, according to court documents.
Roberts said he had hacked under-seat IFE boxes 15 to 20 times between 2011 and 2014, targeting Thales and Panasonic Avionics systems on Boeing 737s, 757s and Airbus A320s, documents say.
At least part of Roberts’ story has been corroborated by the FBI, which said agents found evidence of tampering with control boxes under a row of seats on a United Airlines 737-800 where Roberts had sat.
Roberts has not been shy about discussing his methods; videos, available online, show him speaking about aircraft vulnerabilities at conferences.
In one video, Roberts tells audience members to seek vulnerabilities in systems made by suppliers to aircraft manufactures – a route he calls the “side door”.
“Boeing doesn’t build airplanes. Boeing gets hundreds of companies” to build airplanes, Roberts says. “Those become your targets.”
He specifically names IFE provider Gogo.
“I challenge you, next time you are on an airplane that has Gogo wireless, to see how far through the firewall you can get,” Roberts says.
Those claims may sound terrifying, but security experts question Roberts’ veracity.
McClure heard “there was some truth” to Roberts’ claims, but adds that, until independently verified, the IFE route remains partly an “urban myth”.
Still, it is “conceivable”, he adds, noting that many electronic devices are intentionally designed to have “hard-coded back-doors” – entry points often intended to be used for quality testing.
“It’s enough at least to take it seriously,” McClure says.
He also points that, although a hack could cause dangerous confusion in the cockpit, pilots could likely retake full control of a hacked aircraft by disengaging the autopilot.
Wolf is likewise skeptical of Roberts.
“He never showed any proof,” Wolf says.
“I’m not saying it is absolutely impossible”, he adds. “There is probably a firewall, but you can always have a security vulnerability.”
Wolf notes that hacking an aircraft is many times more complex, and much more expensive, than hacking an automobile.
“No hacker would easily get a plane to find a vulnerability,” he tells Flightglobal. “You will find almost no information on the Internet.”
Source: Cirium Dashboard
