Security

That was some of the best flying I've seen to date, right up to the part where you got hacked

Raytheon has a punt at aviation security with bus software suite


US defence firm Raytheon is punting a security suite that apparently promises to harden military aircraft against "cyber anomalies".

The company is reportedly developing "a new warning system that tells pilots when their planes are being hacked".

"Basically, we're trying to give the pilot the information about what's happening internally on his aircraft in real time," Amanda Buchanan, the project's engineering lead, told American military news website Defense One.

The basic pitch is that most military aircraft electronics are relatively simple compared to modern ground-based systems. With even modern designs using serial data buses*, Raytheon reckons there's a niche in the market for startling the hell out of pilots by giving them something else to worry about while flying over a warzone.

Defense One reported that during a sales demo, Raytheon engineers ran a simulation of a helicopter flight and injected "malicious code wirelessly from a tablet", causing the simulated aircraft's engines to shut down and crash, with the pilot at least getting to see a red caption titled "cyber anomaly" before his virtual demise. The attack vector was described as being one of the heli's various wireless receivers.

A Raytheon marketing article notes that its CADS monitoring system can be retrofitted to monitor ARINC-429 buses, which are the civilian equivalent of MIL-STD-1553 and are used on airliners. The firm also says the system can be modded for automotive-grade CAN buses.

Another marketing feature mentions a highly specific use case: "Operational threats that can come either from an enemy or from a US soldier inadvertently causing a cyber intrusion to propagate by plugging his malware-infected cell phone into a USB port on a Stryker vehicle, for example."

Frequent flyers

It has been the dream of certain hackers for years to compromise an in-flight airliner by using a laptop from the passenger seat. Infamously, back in 2015, Chris "Plane Hacker" Roberts claimed to have hacked an airliner by doing just that – though the rest of the world scoffed at his claims. A couple of years before that, some chancer claimed he had written an Android app that could completely compromise airliner flight control systems to the point of flying the aeroplane by tilting the hacker's handset – all through the aviation equivalent of SMS messages.

It is notable that in the latter case, part of the proof-of-concept testing was carried out using the X-Plane flight simulator software. While X-Plane can be used as part of a professional-grade setup that can be certified for real-world pilot training – and that capability forms part of its vendors' marketing spiel, quite rightly – if it isn't installed on a certified system, it's just a consumer-grade flight sim.

In addition, the danger of "proving" a hack against flight simulator software is that simulated systems do not always reflect real-world systems; the frontend might function identically to the user (make input, see same reaction as the real aeroplane) but the backend can be vastly different in how it achieves the same visual effects. Radio signals, for example, are simulated through defining origin points and ranges; they don't degrade dirtily over distance as real-world signals do, nor can directional signals be bent or rebroadcast using real-world RF principles because the simulator engine simply doesn't reproduce any of that.

In more recent years, aircraft security has become a bit more serious. The American Department of Homeland Security said in 2017 that it had successfully accessed some systems on a Boeing 757 as part of a "remote, non-cooperative penetration" testing exercise. Earlier this year an infosec pro poked around some general aviation-grade kit to see how vulnerable that was, but his efforts, while valuable, were a long way from an in-flight compromise. ®

Busnote

* This website lists aircraft using the US MIL-STD-1553 spec serial data bus. They range from the brand new F-35 Lighting II supersonic stealth fighter jet to – entirely implausibly – the 1950s vintage Hawker Hunter. The authors of that list were evidently a bit too keen.

Wikipedia, unfortunately, has a detailed breakdown of the standard itself.

Send us news
36 Comments

Uncle Sam wants to know how big airlines use passenger data

'Problematic' carriers can look forward to scrutiny, fines, and new rules

Justice Dept reportedly starts criminal probe into Boeing door bolt incident

Plus: Pilots on Lion Air’s Batik fall asleep and miss Jakarta

Boeing paper trail goes cold over door plug blowout

Safety watchdog bemoans lack of cooperation with probe

Boeing-backed air taxi upstart Wisk plans to fly you across town at UberX prices by 2030

Absence of an on-board pilot will lower costs and raise blood pressure, starting soon in Texas

Google co-founder Brin named a defendant in wrongful death complaint

Lawsuit accuses contractor and co-defendants of 'pacify and delay' tactics

Are you ready to back up your AI chatbot's promises? You'd better be

Air Canada discovered the hard way that when your ML model makes a commitment, your biz will be on the hook for it

Alaska Airlines' door-dropping flight was missing bolts

Preliminary investigation confirms pilot chat was overwritten but doesn't mention attempts to recover data

UK Civil Aviation Authority ponders vertiports for flying taxis

eVTOL to use existing aerodrome infrastructure

Mars Helicopter Ingenuity will fly no more, but is still standing upright

In Memoriam for plucky robot that brushed off dead sensors and dust like they were nothing

Software troubles delay F-35 fighter jet deliveries ... again

There's more than one way for these things to crash

Boeing goes boing: 757 loses a wheel while taxiing down the runway

That old kit isn't our fault Boeing tells us

NASA, Lockheed Martin reveal subtly supersonic X-59 plane

Boffins say the quiet part out loud: There's no room for the sonic boom