Here we go again....

[bronco21016]

Reuters and, slowly, other media outlets are getting a hold of info about a new security vulnerability to be discussed at the BlackHat conference this week. According to Reuters the researcher has found a way to hack an aircraft's avionics through the WiFi system.

http://www.reuters.com/article/2014/08/04/us-cybersecurity-hackers-airplanes-idUSKBN0G40WQ20140804

From my reading of the description about the talk there is nothing to do with the WiFi system and everything to do with SATCOM.

https://www.blackhat.com/us-14/briefings.html#satcom-terminals-hacking-by-air-sea-and-land

I can't really attest to any other aircraft but I'm pretty sure the AirCell WiFi system onboard the aircraft I'm flying is not connected in any way to the avionics or any other critical systems of the aircraft. I know AirCell provides options for connecting to Rockwell equipment for FMS updates and the like but what would that even give an attacker? The ability to upload routes? Surely the database can't be affected during flight.

 

[Roger Roger]

I'd be surprised seeing as most avionics are just getting past the stage of using Hyperterminal and a 15 year old laptop to set them up.

 

[Polar742]

I'd be surprised seeing as most avionics are just getting past the stage of using Hyperterminal and a 15 year old laptop to set them up.

I know my jet uses the super advanced 3.25" drive and runs a pre-x86 processor.

I guess if you could code a TRS-80, you could work it.

 

[drunkenbeagle]

I know my jet uses the super advanced 3.25" drive and runs a pre-x86 processor.

I guess if you could code a TRS-80, you could work it.

You would be shocked at how many 8088's, 6502's and Z-80's ended up in aircraft (and are still there). Lots of the data buses in aircraft cabins are RS-485 (not at all secure).

I personally think that ACARS is the weakest part of all.

 

[Roger Roger]

I know my jet uses the super advanced 3.25" drive and runs a pre-x86 processor.

I guess if you could code a TRS-80, you could work it.

You would be shocked at how many 8088's, 6502's and Z-80's ended up in aircraft (and are still there). Lots of the data buses in aircraft cabins are RS-485 (not at all secure).

I personally think that ACARS is the weakest part of all.

Most of the stuff I work with runs RS232 data buses and uses old school serial cables. Although our very newest ADS B transceivers have a mini USB port on them.

 

[MikeD]

If terrorists can hack into the ILS and lower the GS signal down 200 feet to cause airliners to crash short of the runway, then I have no doubt the jets instrumentation being hacked into is the next technological step............

 

[ClarkGriswold]

If terrorists can hack into the ILS and lower the GS signal down 200 feet to cause airliners to crash short of the runway, then I have no doubt the jets instrumentation being hacked into is the next technological step............

 

[RumpleTumbler]

I thought tittie jobs with plastic explosives were the new thing. Extra armpit hair basted in skunk excretion for the women and the men will comb their hair with dog urine to keep people at arms length.

They say a 900lb man can get enough plastique in his titties to blow up the entire United States.

 

[MikeD]

RIP crew and pax of Windsor 114......

 

[Zidac]

You're in the glide path and you're looking good.

 

[Roger Roger]

View attachment 28529 You're in the glide path and you're looking good.

I like where this has gone.

 

[bronco21016]

You would be shocked at how many 8088's, 6502's and Z-80's ended up in aircraft (and are still there). Lots of the data buses in aircraft cabins are RS-485 (not at all secure).

I personally think that ACARS is the weakest part of all.

From my understanding of the description on the BlackHat page that's essentially what he is going to discuss. ACARS communication has already proven to be easily manipulated by amateurs with SDR so SATCOM is likely just as vulnerable and that's what the researcher plans to show.

The data buses would obviously be a great place for an attacker to go crazy as well but that for the most part is going to require physical access I would think. I'd have to study a bit more about how if at all ACARS can communicate on the buses. I know the ACARS is part of the FMS software so I guess it may be possible to bypass any software that prevents modification during flight. My mindset is CRJ world so I'm not sure how the other airliners implement these types of things.

As far as WiFi though I just can't picture any scenario where some script kiddie in the back connected to GoGo is going to affect my aircraft unless he's using GoGo to connect to the C&C of his SDR botnet on the ground.

 

[drunkenbeagle]

Most of the stuff I work with runs RS232 data buses and uses old school serial cables. Although our very newest ADS B transceivers have a mini USB port on them.

RS-485 is a longer run data bus, really common with multiple transmitters. Things like the flight attendant call button would use it. (Guessing here, but a typical application)

 

[drunkenbeagle]

From my understanding of the description on the BlackHat page that's essentially what he is going to discuss. ACARS communication has already proven to be easily manipulated by amateurs with SDR so SATCOM is likely just as vulnerable and that's what the researcher plans to show.

The data buses would obviously be a great place for an attacker to go crazy as well but that for the most part is going to require physical access I would think. I'd have to study a bit more about how if at all ACARS can communicate on the buses. I know the ACARS is part of the FMS software so I guess it may be possible to bypass any software that prevents modification during flight. My mindset is CRJ world so I'm not sure how the other airliners implement these types of things.

As far as WiFi though I just can't picture any scenario where some script kiddie in the back connected to GoGo is going to affect my aircraft unless he's using GoGo to connect to the C&C of his SDR botnet on the ground.

I would be shocked if there was not an air gap between the wifi and everything else on the aircraft, though I know nothing about those systems. It would be negligent if it were any other way though.

 

[PhilosopherPilot]

I would be shocked if there was not an air gap between the wifi and everything else on the aircraft, though I know nothing about those systems. It would be negligent if it were any other way though.

I'm betting there's a way to hijack the ACARS while on the plane given that it's just a VHF radio that it uses to communicate. But on my aircraft the ACARS can't really mess anything big up.

Do any aircraft upload flight plans through ACARS?

 

[🦈💜]

You would be shocked at how many 8088's, 6502's and Z-80's ended up in aircraft (and are still there). Lots of the data buses in aircraft cabins are RS-485 (not at all secure).

I personally think that ACARS is the weakest part of all.

You don't WANT high-tech.

I swear to...

-Fox

 

[dasleben]

I'm betting there's a way to hijack the ACARS while on the plane given that it's just a VHF radio that it uses to communicate. But on my aircraft the ACARS can't really mess anything big up.

Do any aircraft upload flight plans through ACARS?

Yes, we load flightplans via ACARS. We check it over before it's all executed, though.

I'd be more concerned about CPDLC message spoofing.

 

[cezzna]

I don't know. We could get checklists, ACARS and commentary on twitter feed.

# ops say you're flying to fast/ wasting fuel
# gear down/ before landing checklist
# "worst landing EVERRR!"

 

[jtrain609]

There's a little red button on the yoke, it disconnects the AP and then acts as an interrupt if you continue to hold it down. Additionally, the fadec and fbw boxes are likely isolated from this crap.

As long as I can operate the engines and primary flight controls, I'm not worried.

 

[killbilly]

Is there no authentication methodology with ACARS?