Economy, Technology

Caveat Emptor- or is that Cavete Volanti?

No Gravatar

I debated writing this piece.  But, I realized me not telling you would serve no purpose whatsoever.  Because those that can already know they can.  And, if you don’t know they can, then you are at risk. What am I talking about?   Hacking an airplane that is flying our skies.

If you think hacking someone’s computer is bad, just imagine what happens when someone hacks a plane flying over Manhattan?  DC?  Paris?  Jerusalem?   We’ve already seen what happens when terrorists take over a plane and fly into the Pentagon or the World Trade Center or the Spanish Pyrenees.   Well, you will now see that these twerps don’t have to be in the plane, per se.

Hacking Airplanes

A few years ago, Hugh Teso presented how he could hack into an airplane using his Android telephone (via an app- PlaneSploit) and a radio transmitter.  (HackintheBox no longer maintains the original speech, which was cited here for almost a decade)He provided the caveat that you needed to know aircraft system s and aviation to be proficient at this hack.  But, that just means a (potential) terrorist just has to take some lessons.   Or, hire someone who can guide him/her.

Part of the problem is the ADS-B  (Automated Depended Surveillance-B) lacks sufficient security to prevent a hacker from making it seem that there are planes in a specific airspace.  (These are called ghost planes, where they appear on radar screens.)  Neither does ACARS (Aircract Communications Addressing and Reporting System) have true security, which is used to by ground stations and flying aircraft for their communications.  These two systems are what the hacker uses to find the target (i.e, the airplane) they wish to acquire and control.

Teso claimed it was child’s play to attack the Flight Management Systems aboard the airplane.  (FMS is the computer and control display unit on their actual airplane.)    Thankfully, some of the data he provided on the web has since been removed.

But, when a Boeing jet is in “autopilot”  (a very frequent occurrence in today’s aviation environment), it was totally possible to manipulate its steering.  And, if the pilots were to recognize that this was not their autopilot programs controlling the plane, the only recourse they would have is to turn off autopilot and do the job for which they are being paid.  But, when they don’t recognize the plane is no longer following the designs they keyed in…. you guessed it- total loss of the plane.  (By the way, manual flying is not quite so simple any longer- since new planes may not have the analog instruments necessary to accomplish this “simple” task.)

Of course, the hacker could simply decide it just wants to terrorize the passengers.  Imagine your thoughts when all of a sudden, without any announcements from the pilots or the stewards, all the oxygen masks drop down to folks’ laps?

Let’s jump to facts we know as of this year.  A security expert, Chris Roberts, the founder of One World Labs, a security firm), just ran into big problems.   (His normal job- discern how hackers can break into systems, so the firms affected can fix their systems to block such exploits.)   Well, he reported that he could “play” with on-board communication systems.  Because airlines are now so desperately raising cash by charging us for internet connections on planes.  (These entertainment systems use the same network the plane does to fly and communicate.)

Well, the FBI didn’t think this was playful fun.  When he landed, they had lengthy “discussions” with him.  Oh- they also “borrowed” his hard drives and his laptops.  Oh, there’s more- United Airlines also barred his from flying to his next destination (a security conference, by the way).

GAO Report Says Planes can be Hacked

But, despite United’s response and the FBI “investigation”, the lack of security is really not secret. The Government Accountability Office (GAO) has already reported that these digital entertainment systems, the plane’s WIFI network,  is easily leveraged by hackers.  This provides a direct link between the airplane and the outside world.  The GAO wants the aviation industry to sever the flight-related and entertainment systems from one another.  (D-uh!  So should everyone else.)

This demand is not a new cry, either.  The FAA expressed reservations about 787 Dreamliners way back in 2008.  They clearly stated that the digital networks on those planes “may result in security vulnerabilities”.   In English- the passengers are at risk because the planes avionics are clearly accessible to terrorists.

To make matters worse, airplane manufacturers don’t want security experts to have access to their designs.  They claim it’s a security issue- I think it’s because they don’t want the security experts to provide proclamations to the public, for the facts to be revealed for what they are:   The Emperor Has No Clothes.

As I said… Caveat Emptor!  But, maybe you should learn the new Latin phrase- Cavete Volanti?

 

 

 

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter
Share

Related posts:

  1. Anti-terror techniques
  2. Look. Up in the Sky. It’s a bird. No, it’s a plane. Really- it’s a drone!
  3. (security)
  4. Crocodile Tear Time?
  5. You call this food?