{"id":495,"date":"2009-06-09T23:13:46","date_gmt":"2009-06-10T06:13:46","guid":{"rendered":"http:\/\/lifeboat.com\/blog\/?p=495"},"modified":"2009-06-09T23:13:46","modified_gmt":"2009-06-10T06:13:46","slug":"hack-jet-losing-a-commercial-airliner-in-a-networked-world","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2009\/06\/hack-jet-losing-a-commercial-airliner-in-a-networked-world","title":{"rendered":"Hack-Jet: Losing a commercial airliner in a networked world"},"content":{"rendered":"

Hack-Jet <\/strong><\/p>\n

When there is a catastrophic loss of an aircraft in any circumstances, there are inevitably a host of questions raised about the safety and security of the aviation operation. The loss of Air France flight 447<\/a> off the coast of Brazil with little evidence upon which to work inevitably raises the level of speculation surrounding the fate of the flight. Large-scale incidents such as this create an enormous cloud of data, which has to be investigated in order to discover the pattern of events, which led to the loss (not helped when some of it may be two miles under the ocean surface). So far French authorities have been quick to rule out terrorism it has however, emerged that a bomb hoax against an Air France flight had been made the previous week flying a different route from Argentina. This currently does not seem to be linked and no terrorist group has claimed responsibility. Much of the speculation regarding the fate of the aircraft has focused on the effects of bad weather or a glitch in the <\/span>fly-by-wire system<\/a>that could have caused the plane to dive uncontrollably. There is however another theory, which while currently unlikely, if true would change the global aviation security situation overnight. <\/span>A Hacked-Jet.<\/p>\n

<\/strong>Given the plethora of software modern jets rely on it seems reasonable to assume that these systems could be compromised by code designed to trigger catastrophic systemic events within the aircraft\u2019s navigation or other critical electronic systems. Just as aircraft have a physical presence they increasingly have a virtual footprint and this changes their vulnerability. A systemic software corruption may account for the mysterious absence of a Mayday call \u2014 the communications system may have been offline. Designing airport and aviation security to keep lethal code off civilian aircraft would in the short-term, be beyond any government civil security regime. A malicious code attack of this kind against any civilian airliner would, therefore be catastrophic not only for the airline industry but also for the wider global economy until security caught up with this new threat. The technical ability to conduct an attack of this kind remains highly specialized (for now) but the knowledge to conduct attacks in this mold would be as deadly as <\/span>WMD<\/a> and easier to spread through our networked world. Electronic systems on aircraft are designed for safety not security, they therefore do not account for malicious internal actions.<\/p>\n

While this may seem the stuff of fiction in January 2008 this broad topic was discussed due to the planned arrival of the <\/span>Boeing 787<\/a>, which is designed to be more \u2018wired\u2019 \u2013offering greater passenger connectivity. Air Safety regulations have not been designed to accommodate the idea of an attack against on-board electronic systems and the <\/span>FAA proposed special conditions<\/a> , which were subsequently commented upon by the Air Line Pilots Association and Airbus. There is some interesting back and forth in the proposed special conditions, which are after all only to apply to the Boeing 787. In one section, Airbus rightly pointed out that making it a safety condition that the internal design of civilian aircraft should \u2018prevent all inadvertent or malicious changes to [the electronic system]\u2019 would be impossible during the life cycle of the aircraft because \u2018security threats evolve very rapidly\u2019.<\/span>Boeing responded to these reports in an AP article stating that there were sufficient safeguards to shut out the Internet from internal aircraft systems a conclusion the FAA broadly agreed with - <\/span>Wired Magazine covered much of the ground<\/a>. During the press surrounding this the security writer <\/span>Bruce Schneier<\/a> commented that, \u201cThe odds of this being perfect are zero. It\u2019s possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in the history of mankind anyone\u2019s done that.\u201d Of course securing the airborne aircraft isn\u2019t the only concern when maintenance and diagnostic systems constantly refresh while the aircraft is on the ground. Malicious action could infect any part of this process.<\/span> While a combination of factors probably led to the tragic loss of flight AF447 the current uncertainty serves to highlight a potential game-changing aviation security scenario that no airline or government is equipped to face.<\/span><\/p>\n

Comments on Hack-Jet:<\/p>\n

<\/strong>(Note \u2014 these are thoughts on the idea of using software hacks to down commercial airliners and are not specifically directed at events surrounding the loss of AF447).<\/em><\/span><\/span><\/p>\n


\n<\/span><\/div>\n
From the author of Daemon<\/a> Daniel Suarez:<\/em><\/p>\n

<\/span><\/div>\n

It would seem like the height of folly not to have physical overrides in place for the pilot \u2014 although, I realize that modern aircraft (especially designs like the B-2 bomber<\/a>) require so many minute flight surface corrections every second to stay aloft, that no human could manage it. Perhaps that\u2019s what\u2019s going on with upcoming models like the 787. And I don\u2019t know about the Airbus A330.<\/a><\/p>\n

I did think it was highly suspicious that the plane seems to have been lost above St. Peter & Paul\u2019s Rocks<\/a>. By the strangest of coincidences, I had been examining that rock closely in Google Earth a few weeks ago for a scene in the sequel (which was later cut). It\u2019s basically a few huge rocks with a series of antennas and a control hut \u2014 with nothing around it for nearly 400 miles.<\/p>\n

Assuming the theoretical attacker didn\u2019t make the exploit time-based or GPS-coordinate-based, they might want to issue a radio \u2018kill\u2019 command in a locale where there would be little opportunity to retrieve the black box (concealing all trace of the attack). I wonder: do the radios on an A330 have any software signal processing capability? As for the attackers: they wouldn\u2019t need to physically go to the rocks\u2013just compromise the scientific station\u2019s network via email or other intrusion, etc. and issue the \u2018kill\u2019 command from a hacked communication system. If I were an investigator, I\u2019d be physically securing and scouring everything that had radio capabilities on those rocks. And looking closely at any record of radio signals in the area (testing suspicious patterns against a virtual A330\u2019s operating system). Buffer overrun (causing the whole system to crash?). Injecting an invalid (negative) speed value? Who knows\u2026 Perhaps the NSA\u2019s big ear has a record of any radio traffic issued around that time.<\/p>\n

The big concern, of course, is that this is a proof-of-concept attack \u2014 thus, the reason for concealing all traces of the compromise.
\n<\/span><\/div>\n


\u2014<\/p>\n

<\/span><\/div>\n

From John Robb - Global Guerillas<\/a>:<\/em><\/p>\n

The really dangerous hacking, in most situations, is done by disgruntled\/postal\/financially motivated employees. With all glass cockpits<\/a>, fly by wire, etc. (the Airbus is top of its class in this) it would be easy for anybody on the ground crew to crash it. No tricky mechanical sabotage.<\/span><\/p>\n


\n<\/span><\/div>\n
External hacks? That is of course, trickier. One way would be to get into the diagnostic\/mx computers the ground crew uses. Probably by adding a hack to a standard patch\/update. Not sure if any of the updates to these computers are delivered \u201conline.\u201d<\/span><\/div>\n

\n<\/span><\/div>\n
Flight planning is likely the most \u201cconnected\u201d system. Easier to access externally. Pilots get their plans for each flight and load them into the plane. If the route has them flying into the ground mid flight, it\u2019s possible they won\u2019t notice.<\/span><\/div>\n

\n<\/span><\/div>\n
In flight hacks? Not sure that anything beyond outbound comms from the system is wireless. If so, that would be one method.<\/span><\/div>\n

\n<\/span><\/div>\n
Another would be a multidirectional microwave\/herf burst<\/a> that fries controls. Might be possible, in a closed environment\/fly by wire system to do this with relatively little power.<\/span><\/div>\n

\n<\/span><\/div>\n

\u2014-<\/p>\n

<\/span><\/div>\n

There has been continuous discussion of the dangers involved with fly-by-wire systems in <\/span>Peter Neumann\u2019s Risk Digest<\/a> since the systems were introduced in the late 1980s. The latest posting on the subject is here.<\/span><\/span><\/p>\n

Investigator: Computer likely caused Qantas plunge<\/a><\/span><\/h3>\n

<\/p>\n


\n<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Hack-Jet When there is a catastrophic loss of an aircraft in any circumstances, there are inevitably a host of questions raised about the safety and security of the aviation operation. The loss of Air France flight 447 off the coast of Brazil with little evidence upon which to work inevitably raises the level of speculation [\u2026]<\/p>\n","protected":false},"author":58,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,35,20],"tags":[76,78,2150],"class_list":["post-495","post","type-post","status-publish","format-standard","hentry","category-complex-systems","category-counterterrorism","category-futurism","tag-af447","tag-hack","tag-hacking"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/495","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/58"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=495"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/495\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=495"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=495"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=495"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}