By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    8 fun facts about fax. Yes, fax!
    11 months ago
    International World Backup Day, 31 March
    12 months ago
    Antivirus: Microsoft Security Essentials 4 ready for download
    11 months ago
    Latest News
    Two privilege escalation vulnerability in Simple Membership Plugin
    11 hours ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
    7 days ago
    Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog
    1 week ago
    Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    How to enable DNS over HTTPS in Chrome
    12 months ago
    How to check Windows Update history on Windows 10
    12 months ago
    Windows 10 update KB5011543 (build 19044.1620) brings search highlights
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    7 months ago
    Now you can speed up any video in your browser
    7 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    8 months ago
  • How To
    How ToShow More
    How to get the latest Windows 11 innovations
    14 hours ago
    Dynamic Lighting is now available on Windows 11
    14 hours ago
    Writing poems using LLama 2 on Workers AI
    Writing poems using LLama 2 on Workers AI
    14 hours ago
    serverless GPU-powered inference on Cloudflare’s global network
    serverless GPU-powered inference on Cloudflare’s global network
    14 hours ago
    You can now use WebGPU in Cloudflare Workers
    You can now use WebGPU in Cloudflare Workers
    14 hours ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Opening a Chrome window with a given window width and height
    11 months ago
    How do scammers find out card numbers and balances in Sberbank?
    11 months ago
    How to remove the background of an image?
    11 months ago
    Latest News
    How to install September 2023 update with 23H2 features for Windows 11
    19 hours ago
    How to uninstall September update (KB5030310) from Windows 11
    19 hours ago
    How to remove the quiet mode icon in the corner of the iPhone 15 screen ProiPhone 15 Pro and iPhone
    2 days ago
    Sberbank has figured out how to effectively catch scammers – it will listen to everything you
    2 days ago
  • Glossary
  • My Bookmarks
Reading: Hacking an aircraft: is it already real?
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Wordpress Threats

Hacking an aircraft: is it already real?

Vitus White
Last updated: 13 October
Vitus White 12 months ago
Share
10 Min Read

In-flight security made quite a lot of headlines earlier this summer, but this time at unusual angle. Aviation has always been focused on safety and had remained the most secure industry that ever existed. However, the buzz was about another aspect of security — the one quite surprising for an average passenger and quite expected for an IT specialist.

It’s not a secret that today’s aircraft are one huge computer, with the pilot being more of a PC operator rather than of an actual ‘ace’ pilot — he handles a single task of supervising smart machinery. An orientation pilot and a panel operator are no more, fully replaced by computers.

As it turned out that those computers are as hackable as the rest. The potential impact of a hacker attack on a plane is devastating: just think of a terrorist who would no longer have to hold passengers hostages, or break into the cockpit. The only thing the culprit would need for him to wreak havoc is a laptop.

The wave of panic emerged in spring with the report on on-board Wi-Fi security published by US Government Accountability Office. The relevance between aviation, cybersecurity and GAO remains unclear, yet some media outlets managed to invent a lot of dreadful stories for the common folk: according to a number of publications, terrorists now would be able to hijack planes while sitting with a tablet in the backyard and making target aircrafts land in the same yard.

The @USGAO has 168 #security recommendations to improve FAA network security. http://t.co/IwyzS55anS

— Threatpost (@threatpost) March 3, 2015

Obviously no one bothered to read the full report: aerophobic people craved for another reason to believe airplanes were the most dangerous means of transportation. At the same time, the report is a terrific bore: it contains pages and pages of claims that since Internet is accessible on board through Wi-Fi and satellite, it’s time the industry thought of securing this channel.

An unencrypted 802.11 network is insecure per se, and in this very application it serves as a local network, like the one you have at home or in the office, so someone could log in and hack other devices connected to this on-board network. The possibility of getting access to flight management systems through on-board Wi-Fi is referenced as theoretically plausible, since no one even managed to do that.

However, then an extravagant and, obviously, hungry for fame aviation security researcher popped up out of nowhere. Chris Roberts boarded onto a United flight and tweeted: “Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? :)”

Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? 🙂

— Chris Roberts (@Sidragon1) April 15, 2015

As a result, upon landing in the destination airport he was approached by strangers who urged him to follow them, as it later turned out, into a dimly lit room with FBI agents. His laptop and tablet were confiscated for further investigation and he was held for questioning for hours. The airline, meanwhile, cancelled his return ticket.

The tweet was a joke that was supposed to attract attention to Roberts: he had been dealing with in-flight systems security for a number of years, without particular attention from the industry players.

Later during investigation, Roberts admitted he managed to gain control over flight management system for a brief period of time and even was able to change the direction of the flight. Moreover, he revealed the details of the ‘hack’: he tampered with in-flight entertainment system by connecting to its bus through a custom adapter.

Except for the hacker’s word, there is no proof he actually managed to hijack control over the flight management system. Drawing a different course on the maps broadcasted on the passengers’ multimedia displays and really changing is not the same thing. If the course had really been changed, it would not go unnoticed by pilots and dispatches, which would provide reason enough for a very serious investigation.

Hacking an #aircraft: is it already real? #infosec #aviation #security

Tweet

Digital Security, a Russian security firm, studied 500 flights of 30 different airlines during five years and found out that there are security vulnerabilities on planes, and hackers have tried to exploit them in order to discover the potential of such hacks. If briefly summarized, there are certain entry points in the aircraft’s IT systems which are of interest for culprits:

  • Flight Management System
  • Router of another networking appliance which facilitates communication between systems, for instance, SATCOM, a satellite communication server
  • Multimedia server
  • Terminal multimedia devices

An easy target would be a multimedia device, which is built into the seat in front of the passenger. Once it is attacked, a hacker is able to infiltrate its operation system and use it to compromise other systems.

There are several ways to execute such an attack. One could leverage a vulnerable USB port to plug in a keyboard emulator and send commands into the system. Or, or instance, it’s possible to exploit a bug in the software responsible for multimedia playback from a thumb drive.

Some aircrafts, in addition to USB, have complementary RJ-45 ports, which enable a wider arsenal of hacking tricks on a connected laptop. A savvy hacker would be able to gain control over the entire in-flight multimedia system and even get hold of a multimedia server, which is challenging but feasible.

The main thing: some aircrafts feature RJ-45 ports marked as “Private use only.” It’s possible that once connected through this port, a hacker would be able to access critical system elements. There is no evidence of such attack offering access to flight management systems, though.

At the same time, there were cases of malfunctioning due to software bugs. Recently, three of four engines of a cargo Airbus failed during takeoff because the calibration data was lost due to incorrect software update, resulting in a crash.

Airbus confirms software configuration error caused plane crash http://t.co/cw6IRPZUUW by @thepacketrat

— Ars Technica (@arstechnica) June 1, 2015

This happened because programmers did not think of an alert for these types of failures. They did not even think that those configuration files would go amiss: software updates are supposed to check whether configuration files are there.

Due to this flaw, the sensor data was interpreted incorrectly; the main computer thought that the affected engines failed and turned them off – software developers did not consider simultaneous failure of more than two engines: with only two functional engines the plane would have continued the flight and successfully performed an emergency landing.

A bug was also discovered in Boeing planes: Boeing 787 Dreamliner may suffer from the complete electrical shutdown during the flight: if all four power generators are launched simultaneously and operate incessantly during 248 days, they’d shut down in an emergency mode, leaving the plane in a blackout.

US aviation authority: Boeing 787 software bug could cause 'loss of control' http://t.co/fFUqjlR3DX

— The Guardian (@guardian) May 1, 2015

The reason of the failure is simple: stack overflow in the internal timer. It’s understandable that such a coincidence is hardly plausible in real life scenarios, but this case may serve the reminder that an aircraft managed by a computer is susceptible to the same flaws as any other computer, including your desktop. So, don’t be surprised once you learn about Kaspersky Inflight Security’s availability on the market.


Source: kaspersky.com

Translate this article

TAGGED: Apple, Authentication, DoS, Networking, Port scanning, Security, Software, Stack overflow, Threats, Vulnerabilities
Vitus White October 13, 2022 October 7, 2022
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Two privilege escalation vulnerability in Simple Membership Plugin
Two privilege escalation vulnerability in Simple Membership Plugin
Wordpress Threats 14 hours ago
How to get the latest Windows 11 innovations
Windows 14 hours ago
Dynamic Lighting is now available on Windows 11
Windows 14 hours ago
Writing poems using LLama 2 on Workers AI
Writing poems using LLama 2 on Workers AI
Apps 14 hours ago
serverless GPU-powered inference on Cloudflare’s global network
serverless GPU-powered inference on Cloudflare’s global network
Apps 14 hours ago

You Might Also Like

Two privilege escalation vulnerability in Simple Membership Plugin
Wordpress Threats

Two privilege escalation vulnerability in Simple Membership Plugin

14 hours ago
Windows

How to get the latest Windows 11 innovations

14 hours ago
Writing poems using LLama 2 on Workers AI
Apps

Writing poems using LLama 2 on Workers AI

14 hours ago
serverless GPU-powered inference on Cloudflare’s global network
Apps

serverless GPU-powered inference on Cloudflare’s global network

14 hours ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
Critical Vulnerability in Forminator Plugin
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme
How to download Windows 11 22H2 ISO after 23H2 releases
Previous Next

10 New Stories

You can now use WebGPU in Cloudflare Workers
How to install September 2023 update with 23H2 features for Windows 11
How to uninstall September update (KB5030310) from Windows 11
Traffic anomalies and notifications with Cloudflare Radar
Sippy helps you avoid egress fees while incrementally migrating data from S3 to R2
the modern way to connect and protect your clouds, networks, applications and users
Previous Next
Hot News
Two privilege escalation vulnerability in Simple Membership Plugin
How to get the latest Windows 11 innovations
Dynamic Lighting is now available on Windows 11
Writing poems using LLama 2 on Workers AI
serverless GPU-powered inference on Cloudflare’s global network
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?