Attention: small airplane hack

[afward]

1 hour ago, jaylw314 said:

"spoofing" is MUCH more technically and physically difficult than disabling.  One way would be to splice something into the connection between your GPS and G5 and install some type of device custom designed to do so.  Think of how much you swore the last time you tried even finding a danged wire behind the instrument panel?  Maybe the trying to upload a custom virus to the GPS via firmware update would be physically easier, but then you'd have to design a custom virus for a device that you'll never be able to use for any other application.  Again, I don't think the risk/reward is there for terrorists and hackers.  Why spend a ton of time, money and energy to spoof something small to cause minor mayhem when you can more easily disable something big to cause major mayhem?

If I specifically wanted to cause mayhem for one person, it'd be much easier to do things like removing the safety wire from a control horn nut and loosening it.  Then it will fail sometime in the future and look like an accident or maintenance failure.

^^^^ THIS ^^^^

Building a working exploit for a single device that doesn't glitch or crash the device is hard enough.  Building working exploits for multiple devices that must coordinate their actions and do so without being apparent to the pilot and ATC is orders of magnitude more difficult.  Nobody will waste their effort with that unless there's a specific target and the attacker is well-funded.  Based on the complexity and limited scope of application, that's solidly nation-state level work and not something any of us will ever have to concern ourselves with.

Edited August 1, 2019 by afward

[afward]

1 hour ago, jaylw314 said:

If I wanted to cause mayhem for a bunch of GA aircraft and had the software programming skills to do so, I'd get myself hired by Garmin as a software engineer and sneak a backdoor code into boxes that could be easily accessed remotely.

I'd be shocked if Garmin's source code management process was sloppy enough to allow this.  If it was, I think they'd lose their PMA approval for anything including the software...

[N201MKTurbo]

5 hours ago, aviatoreb said:

...well the threat isn't just about what is in your airplane.  Its about the fleet.

However, ok then, would you recognize if in flight, in IFR you were receiving false indications on your HSI and GPS suggesting you were on heading 090 but in fact you were heading 020 heading toward a building some what off the approach path to an airport?  Ok, perhaps you don't fly IFR, or perhaps you never do any particular approaches where there are buildings, hills, or mountains nearby - think fleet - not your specific recent flights.

If I’m on an approach to runway 05 and the winds are light. All of a sudden the HSI has me turning 90 degrees to the left, l would go WTF? And cross check the IPad and KX 155 with the ILS dialed up. I would complete the approach with the KX 155 if it was appropriate or go missed.

 

The type of hack you are talking about, so subtle that you wouldn’t notice, would take incredible knowledge of the internal workings of our navigators. A lot of work to cause a few general aviation crashes.

 

I don’t plan on loosing any sleep over it.

Edited August 1, 2019 by N201MKTurbo

[EricJ]

I think the most valuable target for something like this wouldn't be individual aircraft, but would be the ATC network.   Just fiddling with transponder codes and reported altitudes and stuck mics could be done, probably without the pilots of the affected aircraft even knowing.   With ADS-B-out one might even fake position reporting of a fleet of GA aircraft converging on a valued security target as a distraction from  something else.

There are all kinds of things that can be exploited by having transmitters in the air, and for an attacker the best thing in the world is they they're not your assets, you just have some control over them.

I'd think crashing airplanes or fooling individual pilots would be much further down the list of useful things to do, but that probably depends on who's funding the effort.

 

Edited August 1, 2019 by EricJ

[aviatoreb]

1 hour ago, N201MKTurbo said:

If I’m on an approach to runway 05 and the winds are light. All of a sudden the HSI has me turning 90 degrees to the left, l would go WTF? And cross check the IPad and KX 155 with the ILS dialed up. I would complete the approach with the KX 155 if it was appropriate or go missed.

 

The type of hack you are talking about, so subtle that you wouldn’t notice, would take incredible knowledge of the internal workings of our navigators. A lot of work to cause a few general aviation crashes.

 

I don’t plan on loosing any sleep over it.

And you would know this immediately when in the clouds and therefore there is no concern that this is an issue for anyone?

Correct - a good scan and the secondary instruments, and you can overcome this.  But it is a dangerous situation and even if you are good, others may not.  I am concerned about the others too.  Hey the threat warning was put out, and I believe it is plausible.

[Yetti]

y'all are not thinking big enough who cares about one plane a little off course.   What about a fleet of adsb transmitters launched on a fleet of balloons within some Class B.

[jaylw314]

53 minutes ago, Yetti said:

y'all are not thinking big enough who cares about one plane a little off course.   What about a fleet of adsb transmitters launched on a fleet of balloons within some Class B.

Now you're thinking!  

[Steve W]

Personally it sounds like it would be easier to just build a GPS spoofer and toss it somewhere on the airframe that it won't be found. If you're on the ball you'd notice the difference with your land based nav-aids or out the window, but in solid IFR in the land of magenta, maybe not so much.