Why hackers won't be able to hijack your next flight - the facts

Commercial aircraft are safe, for the time being

Protecting against web application threats using SSL

Defcon 22 Two seasoned pilots, one of whom is a published hacking expert, have been puncturing some of the myths about aircraft hacking at Defcon 22.

Dr. Phil Polstra, professor of digital forensics at Bloomberg University (and a qualified commercial pilot and flight instructor) and "Captain Polly," professor of aviation at the University of Dubuque, explained that there are some very simple reasons why aircraft can't be digitally hijacked.

Firstly, no commercial airliner's avionics systems can be accessed from either the entertainment system or in-flight Wi-Fi. Avionics systems are also never wireless, but always wired, and don't even use standard TCP/IP to communicate.

Commercial aircraft networks use a variety of standards for data traffic, all derived from Ethernet but all subtly different in a way that would give hackers a very tough time.

In all cases the signals sent are time-sliced to ensure controls respond instantly and signals are monitored to ensure latency is within precisely allowed margins.

Older commercial airplanes use a system called ARINC 429, which uses specialized hardware to communicate between endpoints and is not connected to anything useful in any case, Polstra said.

More modern aircraft use an updated standard, ARINC 664 - except for Airbus planes that use a modified version dubbed AFDX. This retains the non-TCP/IP nature of the earlier standard and adds unidirectional data traffic control via paired cables and only ever accepts one sending system, although data can be sent to multiple endpoints.

The one exception to this is the Boeing 777, which uses a modified version of ARINC dubbed 629, which allows Boeing to use off-the-shelf network components in the aircraft. Boeing was also granted special leave to allow ARINC 629 to be linked into a standard IP network, but only for data outputs not inputs, and with no connections to the flight management or avionics systems.

"ARINC 629 is actually harder to hack that ARINC 664," Polstra said. "I'm not saying it's impossible, but it is harder."

It has been suggested that a cunning hacker could use an aircraft's network to sabotage the flight instruments if the avionics are unavailable. This would be useless Polstra said, since all critical electronic instruments in the cockpit have a mechanical backup - although whether the pilots would remember how to use them was another matter he joked.

That also holds true for critical flight controls and engine systems he said. While most aircraft these days used electronic systems for control there are almost always mechanical backup for critical and engine management components. Even if a commercial aircraft took a major hit to its electrical systems it would still be able to fly, albeit with much reduced efficiency, and should be able to land in one piece.

Ground control to Major dumb

Earlier this week at the Black Hat conference security researchers from IOActive told of code flaws in the satellite communications equipment used by aircraft. It should be possible to disrupt communications with an aircraft and feed it false data they said, thanks to shoddy coding by the equipment's manufacturers.

This looked possible, Polstra said, but it wasn't the full story. While satellite communications are important, when out of range of radar, the aircraft would still be able to communicate via VHF or HF, and it also neglected to take into account the judgement of the two pilots every commercial airliner must carry.

Aircraft are in constant communication with the ground, and regular updates are sent out hourly, along with real-time transmission of engineering functions to ground stations - even down to if the on-board toilet is out of order. While it might be possible to, for example, instruct the pilots to follow a new flight plan it was highly unlikely a pilot would blindly follow it without checking up first.

It might be feasible to send false messages to an aircraft's collision avoidance systems Polly said, but it would be very difficult to do effectively. An attacker would need to be travelling at nearly the same speed as an attacker to fool the aircraft for any appreciable time, the directional antennas used by commercial aircraft would make getting a bogus signal to the pilots difficult, and again they could always ignore it.

One way around this would be to hack into the transponders used to show the aircraft's position and feed in false location data, thus getting air traffic control to redirect the flight. But even if such a hack could be done (which is unlikely) on both transponders commercial airlines have to carry air traffic control would ignore their feedback in favor of radar information from the ground.

Attempts to reroute the autopilot would be treated similarly by air traffic control Polstra said, and the human factor remains the hardest for a hacker to overcome. There is no way of forcing a commercial airline to maneuver unless the pilot decides to let it make the move, and even a 90lb pilot can still disengage the autopilot and fly the plane to safety.

For the moment at least

Polstra did however have words of warning; all of this information is as of the present day and things are changing in the aviation industry.

Airline companies are increasingly using computer control systems to make aircraft more efficient, easier to repair, and more fun to fly in. But at the same time he acknowledged that such control system have little or no security architecture built into the software.

While it's highly unlikely that any aircraft designer would make the avionics systems accessible to outsiders there was always the chance that some enterprising hacker could cause a serious kerfuffle on a flight in the future, either from the ground or as a passenger.

But in the meantime there was nothing to worry about he said. Flying is still one of the safest forms of transport out there and stories of planes being hacked will remain works of fiction or the ravings of some of the more excitable sections of the press. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.