The Hacked Airplane

May 14th, 2014 by Ron Rapp

For better or worse, the relentless march of technology means we’re more connected than ever, in more places than ever. For the most part that’s good. We benefit from improving communication, situational awareness, and reduced pilot workload in the cockpit. But there’s a dark side to digital connectivity, and I predict it’s only a matter of time before we start to see it in our airborne lives.

Consider the recent Heartbleed security bug, which exposed countless user’s private data to the open internet. It wasn’t the first bug and it won’t be the last. Since a good pilot is always mindful the potential exigencies of flying, it’s high time we considered how this connectivity might affect our aircraft.

Even if you’re flying an ancient VFR-only steam gauge panel, odds are good you’ve got an Android or iOS device in the cockpit. And that GPS you rely upon? Whether it’s a portable non-TSO’d unit or the latest integrated avionics suite bestowed from on high by the Gods of Glass, your database updates are undoubtedly retrieved from across the internet. Oh, the database itself can be validated through checksums and secured through encryption, but who knows what other payloads might be living on that little SD card when you insert it into the panel.

“Gee, never thought about that”, you say? You’re not alone. Even multi-billion dollar corporations felt well protected right up to the moment that they were caught flat-footed. As British journalist Misha Glenny sagely noted, there are only two types of companies: those that know they’ve been hacked, and those that don’t.

Hackers are notoriously creative, and even if your computer is secure, that doesn’t mean your refrigerator, toilet, car, or toaster is. From the New York Times:

They came in through the Chinese takeout menu.

Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business’s vast computer network.

Remember the Target hacking scandal? Hackers obtained more than 40 million credit and debit card numbers from what the company believed to be tightly secured computers. The Times article details how the attackers gained access through Target’s heating and cooling system, and notes that connectivity has transformed everything from thermostats to printers into an open door through which cyber criminals can walk with relative ease.

Popular Mechanics details more than 10 billion devices connected to the internet in an effort to make our lives easier and more efficient, but also warns us that once everything is connected, everything will be open to hacking.

During a two-week long stretch at the end of December and the beginning of January, hackers tapped into smart TVs, at least one refrigerator, and routers to send out spam. That two-week long attack is considered one of the first Internet of Things hacks, and it’s a sign of things to come.

The smart home, for instance, now includes connected thermostats, light bulbs, refrigerators, toasters, and even deadbolt locks. While it’s exciting to be able to unlock your front door remotely to let a friend in, it’s also dangerous: If the lock is connected to the same router your refrigerator uses, and if your refrigerator has lax security, hackers can enter through that weak point and get to everything else on the network—including the lock.

"There's an app for that!".  The Gulfstream interior can be controlled via an iOS device.

“There’s an app for that!”. The Gulfstream interior can be controlled via an iOS device.

We can laugh at the folly of connecting a bidet or deadbolt to the internet, but let’s not imagine we aren’t equally vulnerable. Especially in the corporate/charter world, today’s airplanes often communicate with a variety of satellite and ground sources, providing diagnostic information, flight times, location data, and more. Gulfstream’s Elite cabin allows users to control window shades, temperature, lighting, and more via a wireless connection to iOS devices. In the cockpit, iPads are now standard for aeronautical charts, quick reference handbooks, aircraft and company manuals, and just about everything else that used to be printed on paper. Before certification, the FAA expressed concern about the Gulfstream G280′s susceptibility to digital attack.

But the biggest security hole for the corporate/charter types is probably the on-board wi-fi systems used by passengers in flight. Internet access used to be limited below 10,000 feet, but the FAA’s recent change on that score means it’s only a matter of time before internet access is available at all times in the cabin. And these systems are often comprised of off-the-shelf hardware, with all the attendant flaws and limitations.

Even if it’s not connected to any of the aircraft’s other systems, corporate and charter aircraft typically carry high net-worth individuals, often businessmen who work while enroute. It’s conceivable that a malicious individual could sit in their car on the public side of the airport fence and hack their way into an aircraft’s on-board wi-fi, accessing the sensitive data passengers have on their laptops without detection.

What are the trade secrets and business plans of, say, a Fortune 100 company worth? And what kind of liability would the loss of such information create for the hapless charter company who found themselves on the receiving end of such an attack? I often think about that when I’m sitting at Van Nuys or Teterboro, surrounded by billions of dollars in jet hardware.

Aspen's Connected Panel

Aspen’s Connected Panel

Internet connectivity is rapidly becoming available to even the smallest general aviation aircraft. Even if you’re not flying behind the latest technology from Gulfstream or Dassault, light GA airplanes still sport some cutting-edge stuff. From the Diamond TwinStar‘s Engine Control Units to the electronic ignition systems common in many Experimental aircraft to Aspen’s Connected Panel, a malicious hacker with an aviation background and sufficient talent could conceivably wreak serious havoc.

Mitigating these risks requires the same strategies we apply to every other piece of hardware in our airplanes: forethought, awareness, and a good “Plan B”. If an engine quits, for example, every pilot know how to handle it. Procedures are committed to memory and we back it up with periodic recurrent training. If primary flight instruments are lost in IMC, a smart pilot will be prepared for that eventuality.

As computers become an ever more critical and intertwined part of our flying, we must apply that same logic to our connected devices. Otherwise we risk being caught with our pants down once the gear comes up.

Ron Rapp

Ron Rapp is a Southern California-based charter pilot, aerobatic CFI, and aircraft owner whose 7,000-plus hours have encompassed everything from homebuilts to business jets. He’s written mile-long messages in the air as a Skytyper, crop-dusted with ex-military King Airs, flown across oceans in a Gulfstream IV, and tumbled through the air in his Pitts S-2B. Visit Ron’s website.

Tags: , , ,

The opinions expressed by the bloggers do not reflect AOPA’s position on any topic.

  • http://exhibita.com/ Michael J. Gibbs

    Another thoughtful article Ron.

    Certainly one would hope (pray?) that designers of entertainment systems for use by passengers inflight are setting these up as separate and distinct systems from the flight deck systems. Haven’t met a hacker yet that can jump an airgap between systems that never meet. (call me an optimist)

    • http://www.rapp.org/ Ron Rapp

      Yes, the IFE (in-flight entertainment) equipment is never supposed to be connected to any flight critical systems. Boy, that would be bad news!

      However, that’s not to say a VIP’s computer couldn’t be hacked into through an open wifi system on an aircraft.

      As far as the flight deck systems are concerned, think about your G1000. You download data from across the internet and put it on an SD card which is then plugged into the PFD and MFD. It’s not inconceivable that Something Bad could migrate into the Garmin (which, lets face it, is just another computer).

      • http://exhibita.com/ Michael J. Gibbs

        You mean you don’t checksum your maps? LOL No one that I’m aware of provides this data to ensure that the map/chart data hasn’t been monkeyed with enroute to JSUM or other device that you use to program your Garmin cards.

        Other than general mayhem, not sure of the endgame there though.

        • http://www.rapp.org/ Ron Rapp

          I actually *don’t* checksum my maps — clearly a “careless and reckless” oversight, right? :)

          I’m not sure of the endgame either. Why do people monkey with parked airplanes, shine lasers at airliners, or write viruses? Just because they can, I guess.

          The on-board wifi would be a larger target, I’m guessing. Corporate espionage via tapping into some CEO’s computer…

  • Arend Rietkerk

    No need to create vague suspicions.

    The exposure of 40+ million creditcard accounts by Target happened DESPITE both antivirus and firewall software reporting suspicious activity. Like setting up FTP ports with computers located in Brazil and Russia. How friggin blatant does it need to get ? The problem was an IT department IGNORING those alarms.

    The Hartbleed bug was a typical case of the SSLlibrary programers thinking they were so much smarter than the Kernel programmers and chose to write their own memory allocation procedure. Wel, didn’t we find out the hard way, there was a bloody good reason why the Kernel took longer to allocate memory. It was to wipe memory BEFORE being assigned to the next session/task. Oooops.

    So it all boils down to: “How much do I trust other (often anonymous) people working on my plane ?”. Are they just as lazy or arrogant ? And how are you ever going to find out ?

    • http://www.rapp.org/ Ron Rapp

      How blatant does it need to get? That’s a pretty good question.

      It kind of reminds me of an NTSB accident report. You read through it — well after the fact, of course — and always wonder what the pilot was thinking. Why didn’t they see the “obvious” accident chain forming? How could they not have seen the signs? it’s always quite clear in retrospect, which creates the temptation to think “that could never happen to me”.

      I’m betting it CAN happen, and sooner or later it WILL happen to someone.

      • Arend Rietkerk

        Nah, I count this one as the kind of “gear up”. Whereby, the FAA asking the pilot. “How come he didn’t go around, because the tower was yelling at him to do so”. The dumbfounded reply was: “That he never heard the tower, because there was some sort of horn blaring in the cockpit”, kind of blatant.

        Ergo, not something that “just happened”, but more a willingly ignoring or overriding of safety features intended to prevent such mishaps.

  • Pingback: over at this website

  • Pingback: More Bonuses

  • Pingback: shoes

  • Pingback: kitfans.co.uk