Defcon 22 Two seasoned pilots, one of whom is a published hacking expert, have been puncturing some of the myths about aircraft hacking at Defcon 22.
Dr. Phil Polstra, professor of digital forensics at Bloomberg University (and a qualified commercial pilot and flight instructor) and "Captain Polly," professor of aviation at the University of Dubuque, explained that there are some very simple reasons why aircraft can't be digitally hijacked.
Firstly, no commercial airliner's avionics systems can be accessed from either the entertainment system or in-flight Wi-Fi. Avionics systems are also never wireless, but always wired, and don't even use standard TCP/IP to communicate.
Commercial aircraft networks use a variety of standards for data traffic, all derived from Ethernet but all subtly different in a way that would give hackers a very tough time.
In all cases the signals sent are time-sliced to ensure controls respond instantly and signals are monitored to ensure latency is within precisely allowed margins.
Older commercial airplanes use a system called ARINC 429, which uses specialized hardware to communicate between endpoints and is not connected to anything useful in any case, Polstra said.
More modern aircraft use an updated standard, ARINC 664 - except for Airbus planes that use a modified version dubbed AFDX. This retains the non-TCP/IP nature of the earlier standard and adds unidirectional data traffic control via paired cables and only ever accepts one sending system, although data can be sent to multiple endpoints.
The one exception to this is the Boeing 777, which uses a modified version of ARINC dubbed 629, which allows Boeing to use off-the-shelf network components in the aircraft. Boeing was also granted special leave to allow ARINC 629 to be linked into a standard IP network, but only for data outputs not inputs, and with no connections to the flight management or avionics systems.
"ARINC 629 is actually harder to hack that ARINC 664," Polstra said. "I'm not saying it's impossible, but it is harder."
It has been suggested that a cunning hacker could use an aircraft's network to sabotage the flight instruments if the avionics are unavailable. This would be useless Polstra said, since all critical electronic instruments in the cockpit have a mechanical backup - although whether the pilots would remember how to use them was another matter he joked.
That also holds true for critical flight controls and engine systems he said. While most aircraft these days used electronic systems for control there are almost always mechanical backup for critical and engine management components. Even if a commercial aircraft took a major hit to its electrical systems it would still be able to fly, albeit with much reduced efficiency, and should be able to land in one piece.
Ground control to Major dumb
Earlier this week at the Black Hat conference security researchers from IOActive told of code flaws in the satellite communications equipment used by aircraft. It should be possible to disrupt communications with an aircraft and feed it false data they said, thanks to shoddy coding by the equipment's manufacturers.
This looked possible, Polstra said, but it wasn't the full story. While satellite communications are important, when out of range of radar, the aircraft would still be able to communicate via VHF or HF, and it also neglected to take into account the judgement of the two pilots every commercial airliner must carry.
Aircraft are in constant communication with the ground, and regular updates are sent out hourly, along with real-time transmission of engineering functions to ground stations - even down to if the on-board toilet is out of order. While it might be possible to, for example, instruct the pilots to follow a new flight plan it was highly unlikely a pilot would blindly follow it without checking up first.
It might be feasible to send false messages to an aircraft's collision avoidance systems Polly said, but it would be very difficult to do effectively. An attacker would need to be travelling at nearly the same speed as an attacker to fool the aircraft for any appreciable time, the directional antennas used by commercial aircraft would make getting a bogus signal to the pilots difficult, and again they could always ignore it.
One way around this would be to hack into the transponders used to show the aircraft's position and feed in false location data, thus getting air traffic control to redirect the flight. But even if such a hack could be done (which is unlikely) on both transponders commercial airlines have to carry air traffic control would ignore their feedback in favor of radar information from the ground.
Attempts to reroute the autopilot would be treated similarly by air traffic control Polstra said, and the human factor remains the hardest for a hacker to overcome. There is no way of forcing a commercial airline to maneuver unless the pilot decides to let it make the move, and even a 90lb pilot can still disengage the autopilot and fly the plane to safety.
For the moment at least
Polstra did however have words of warning; all of this information is as of the present day and things are changing in the aviation industry.
Airline companies are increasingly using computer control systems to make aircraft more efficient, easier to repair, and more fun to fly in. But at the same time he acknowledged that such control system have little or no security architecture built into the software.
While it's highly unlikely that any aircraft designer would make the avionics systems accessible to outsiders there was always the chance that some enterprising hacker could cause a serious kerfuffle on a flight in the future, either from the ground or as a passenger.
But in the meantime there was nothing to worry about he said. Flying is still one of the safest forms of transport out there and stories of planes being hacked will remain works of fiction or the ravings of some of the more excitable sections of the press. ®