Announcement

Collapse
No announcement yet.

"Airliners", meet "hackers"...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • "Airliners", meet "hackers"...

    I'm not completely against technological progress, really! But here's an issue I'm willing to bet money a DC-9 isn't susceptible to: http://www.cnn.com/2015/04/14/politics/gao-newer-aircraft-vulnerable-to-hacking/index.html
    Be alert! America needs more lerts.

    Eric Law

  • #2
    it's only a matter of time. and someone will do it just to prove it can be done. the idea that an airplane needs to be connected to the internet for any purpose whatsoever is simply horseshit. any needed ground to air connections should be on private networks NOT connected to the internet.

    in short, cut the friggin hardline and end all the possible scenarios.

    Comment


    • #3
      These new aircraft have very complex internal networks, and yes, there is data sharing between the avionics and the 'user' segments, in a one way direction.

      Airbus say this is through a one way diode that only allows information to flow out of the Avionics domain, and not into it.

      I have no idea if this is in the format of a software, or hardware device. Not an area I'm expert in.

      I would have to say though, there's a few lines in that article that make me seriously wonder if the 'experts', while being experts in data security, have any idea how the aircraft avionics system is set up.

      Comment


      • #4
        Yeah you definitely have to wonder about the qualifications of the "experts", although the scary thing is almost no matter how good they are at their job, there's probably a hacker or 10 (or 100 or 1000) out there who are better.

        Re the firewall, hardware vs. software is a bit of a misnomer as pretty much every "hardware firewall" has a processor in it that's running software, which of course can have flaws.

        The only way I can think of to get 100% guaranteed one-way data flow is something I did in my job once. I actually didn't think it would work until I tried it, but the trick was to take an ethernet cable and actually cut the wires that carry data in the backward direction so transmission could only occur from A to B and not B to A.
        Be alert! America needs more lerts.

        Eric Law

        Comment


        • #5
          Originally posted by TeeVee View Post
          the idea that an airplane needs to be connected to the internet for any purpose whatsoever is simply horseshit.
          Tell that to all the people who think they'll die if they're unable to send/receive text messages for more than a few minutes at a time...
          Be alert! America needs more lerts.

          Eric Law

          Comment


          • #6
            Starring Steven Segal...

            Originally posted by MCM View Post
            I would have to say though, there's a few lines in that article that make me seriously wonder if the 'experts', while being experts in data security, have any idea how the aircraft avionics system is set up.
            ...or the difference between IP and embedded computing. There may be systems that are potentially vulnerable such as those that communicate via datalinks but not the dedicated systems that control the flight path, certainly not in manual flight. Those systems use redundant processor cores with dissimilar 'sterile' software and are not datalinked for IP access. If it were possible for a hacker to affect the flight control in automated flight (a stretch) the pilots could simply take control. If if were possible for a hacker to affect FBW flight control (a fantastic leap) the pilots could degrade the FBW and take control. Because all FBW systems are degradable in flight, the pilot always has priority over them. Where do I find that in the report?

            This sounds more like a bored agency with no accountability and very little technical understanding of the issue at hand. In other words, the United States government. (They also thought they could plant democracy in Iraq, so that's what you're dealing with here.)

            Comment


            • #7
              I found a link to the actual report, it's here: http://www.gao.gov/assets/670/669627.pdf

              I haven't read the whole thing, but to me it seems like it's the fairly common scenario of a report being released saying "it's possible there could be a problem because certain things haven't been examined closely enough" and the press turning that into "OMG we're all going to die!".

              As far as I can tell, the report does not state that someone could take control of an airplane directly, but that there are areas of the "NextGen" ATC system that could be hackable, including communications between controllers and pilots (which apparently in the new system can be in text form rather than verbal). If such vulnerabilities exist, it's certainly within the realm of possibility that a hacker could pretend they're ATC and send a message to an airliner telling it to turn toward a mountain or something. And/or manipulate navigational info to make the aircraft/pilot think it's on a course different from what they're really flying. Especially if the A/C is on autopilot, that could have disastrous results.
              Be alert! America needs more lerts.

              Eric Law

              Comment


              • #8
                Interesting report.

                As you say elaw, it is a case of the media cherry-picking a few bits for the papers, but ignoring what the audit was actually about.

                Sending false messages to an aircraft is certainly within the realms of possibility (and is something that we've seen over voice communications previously), but I think the greater risk is general disruption of ATC services and the huge economic impact that it would have.

                Always good to see they're working to improve things!

                Comment


                • #9
                  Originally posted by MCM View Post
                  Sending false messages to an aircraft is certainly within the realms of possibility (and is something that we've seen over voice communications previously), but I think the greater risk is general disruption of ATC services and the huge economic impact that it would have.
                  It's comforting to know that the pilots can 'always' fly the filed flight plan with no input from ATC and using a paper chart and frequencies and radials...as long as the bad guys don't lower the ILS by 200 feet.
                  Les règles de l'aviation de base découragent de longues périodes de dur tirer vers le haut.

                  Comment


                  • #10
                    Originally posted by 3WE View Post
                    as long as the bad guys don't lower the ILS by 200 feet[/COLOR].
                    That's harder than killing John McClane.

                    --- Judge what is said by the merits of what is said, not by the credentials of who said it. ---
                    --- Defend what you say with arguments, not by imposing your credentials ---

                    Comment


                    • #11
                      Originally posted by elaw View Post
                      Tell that to all the people who think they'll die if they're unable to send/receive text messages for more than a few minutes at a time...
                      i know ur joking but my point was that the aircraft need not be connected to the internet. sure, have wifi for people like me--i love it!--but the avionics have absolutely no need or business being connected. and there should be zero connections--one way or otherwise--between avionics and the public wifi system.

                      Comment


                      • #12
                        Originally posted by 3WE View Post
                        ...as long as the bad guys don't lower the ILS by 200 feet.
                        You know, as we eliminate classic phugoid behavior and trim wheels and the need to remember to not pull up relentlessly nor watch the airspeed and and work the throttles on short final, why is it that we are navigating off of 1950's VHF radio beams that depend on a gross time differential of a unidirectional pulsating blip versus a continuous directional blip?
                        Les règles de l'aviation de base découragent de longues périodes de dur tirer vers le haut.

                        Comment


                        • #13
                          Originally posted by 3WE View Post
                          ...as long as the bad guys don't lower the ILS by 200 feet.
                          Don't be ridiculous, I saw the movie, you need SCSI to do that.

                          Comment


                          • #14
                            Originally posted by TeeVee View Post
                            i know ur joking but my point was that the aircraft need not be connected to the internet. sure, have wifi for people like me--i love it!--but the avionics have absolutely no need or business being connected. and there should be zero connections--one way or otherwise--between avionics and the public wifi system.
                            Well that hinges around one important question: is or is not it important that the a/c have a real-time datalink to the ground?

                            The "NextGen" ATC system has such a link as part of its design, and there are already other data-based services being used in aircraft like real-time weather info.

                            If you're going to do that, you need a wide-area network to carry the data between the aircraft and suppliers/consumers of data on the ground. And then you're faced with a choice: use the Internet which is already in place and goes pretty much everywhere, or build your own nationwide or even global network. The second option would be prohibitively expensive.
                            Be alert! America needs more lerts.

                            Eric Law

                            Comment


                            • #15
                              Originally posted by elaw View Post
                              Well that hinges around one important question: is or is not it important that the a/c have a real-time datalink to the ground?

                              The "NextGen" ATC system has such a link as part of its design, and there are already other data-based services being used in aircraft like real-time weather info.

                              If you're going to do that, you need a wide-area network to carry the data between the aircraft and suppliers/consumers of data on the ground. And then you're faced with a choice: use the Internet which is already in place and goes pretty much everywhere, or build your own nationwide or even global network. The second option would be prohibitively expensive.
                              there are already links between the aircraft and the ground outside of internet. keep using them and if necessary enhance them.

                              this is childishly simple. should we connect the president's "football" to the internet since it is cheaper?

                              Comment

                              Working...
                              X