Can You Really Hack An Aircraft?

Wednesday, April 24, 2013

Keith Mendoza


I was really hesitant to throw myself into this mix; however, as a member of the aviation community (as a lowly private pilot), I feel that I need to do my part to help clear things up and put things in perspective. By this time, I'm sure that many people have heard of Hugo Teso's "Aircraft Hacking Practical Aero Series" presentation (PDF here). He does have a point; unfortunately I feel that more hype is placed than substance because Mr Teso holds a commercial certificate.

One tech news website went so far as to state that his license qualifies him to fly a commercial airliner. I believe, this is caused by confusion with the use of "commercial". US Federal Aviation Regulation Part 61.133 lays the "privileges and limitations" of a commercial certificate. At its core a commercial certificate allows a pilot to basically be paid to fly airplanes--whether there are passengers or not. However, a commercial certificate does not qualify the holder to fly your typical airliners; that would require an Airline Transport Pilot rating since those airliners requires a type rating because those aircraft have a maximum gross weight of over 12,000 pounds. Unfortunately, I feel that Mr Teso's research is being hyped up more than it should be because of the fact that he holds a commercial pilot certificate.

There are some glaring questions that I feel needs to be answered by Mr Teso: First, does he have domain knowledge of cockpit processes and procedures to show that his attack vectors are indeed valid? Second, if it is indeed possible to acquire avionics hardware from eBay, why not purchase the real thing?

I question his domain knowledge because of his claim that a message sent via ACARS can alter the programmed flight plan. ACARS is a communication method that airline management uses to send messages to the flight crew. If you've ever been in a flight that lists out the gate information for your connecting flight on a seat-back screen chances are that information was transmitted using ACARS. However, before that was made available to you a flight attendant is expected to review the information and basically "approve" it. Since I'm no expert on airliner flight ops, I asked Karlene Petitt who is an international airline pilot "Type rated on A330, B747-400, B747, B757, B767, B737, B727".

I asked her that my assumption is that dispatch is able to send modified flight plans via ACARS, and it's possible for that information to be sent directly to the FMS without the pilot having to re-enter the information from the ACARS screen to the FMS; however, that is reviewed and approved before it goes to the FMS. Is this assumption correct? Her answer: "I agree with you. I don't buy it." She also posed the question her blog that "if someone has the ability to send data to our aircraft, can they take control?" Her answer: No. In closing she states

We the pilots can kick off the automation and fly the planes without it. We are kind of like superman that way. Seriously, the most automated plane today can be hand flown without the autopilot.

When a third-party vendor does a vulnerability scan, it's usually done on the client's production network; not on a lab configuration. Mr Teso claims that the avionics he's testing is readily available on eBay; so why didn't he purchase the avionics hardware and test on that? Granted, that it won't be attached to a real working aircraft; however, it could have been attached to a test harness that would show what messages the FMS and autopilot is sending out.

As an infosec professional, and a member of the global aviation community, I am personally disappointed that Hugo Teso's research sounds like FUD. However, I would say he's got a point considering that the FAA did issue a special condition aptly titled "Isolation or Protection From Unauthorized Passenger Domain Systems Access". Sadly enough, the aviation community is appearing to disregard his research as such because, in all honesty, we won't believe what Mr Teso is claiming until he produces a video showing that his android app is indeed capable of taking over the aircraft. Even then, there will still be those who will dissect every second of that video and discredit the whole thing because of one errant item on the avionics display or a "misplaced" position of the aircraft controls. It pains me to think that this would be treated the same way that ADS-B security concerns are currently being handled; even though an FAA personel himself has written a paper outlining these security concernes right after 9/11.

Cross posted from Home+Power

Aircraft Hacking Hugo Teso
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked