Jump to content

Attention: small airplane hack

aviatoreb
 Share

Recommended Posts

steingar Grand Master

steingar

Posted
Posted

Guys are seeing too many boogeymen.  If some neer' do well really wants to spread terror and confusion they'll John Lee Malvo a couple American cities.  Cheap, doesn't require specialized knowledge, and scars the bejesus out of folks.  No self respecting terrorist is going to give a crap about our the little airplanes.  The 911 guys commandeered jets, remember?  And if a bunch of our aircraft go haywire it won't mean squat for the airspace system.  We mostly don't mix it up with the people carriers.

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

TonyK
TonyK

TonyK  has checked in SAFE from this hack.  Chalk one up to steam gauges and ancient radio stacks! 

Yetti
Yetti

Electronic security threats are entertaining.   Just so you know I work at a software company and sometimes we issue CERN alerts.    The tricky part is to tell people that there might be an issue, but

RLCarter
RLCarter

My guess is the odds of your airplane or the avionics being stolen is greater than the threat of someone hacking it 

Posted Images

Yetti Grand Master

Yetti

Posted
Posted
24 minutes ago, steingar said:

Guys are seeing too many boogeymen.  If some neer' do well really wants to spread terror and confusion they'll John Lee Malvo a couple American cities.  Cheap, doesn't require specialized knowledge, and scars the bejesus out of folks.  No self respecting terrorist is going to give a crap about our the little airplanes.  The 911 guys commandeered jets, remember?  And if a bunch of our aircraft go haywire it won't mean squat for the airspace system.  We mostly don't mix it up with the people carriers.

If I ever break a TFR, though I do have a new defense.   The plane just went crazy and started taking over.  Have you ever heard of skynet.  Yeah like that.   I had to start pulling breakers, it was only though my skill and expertise and the proud women and men of MooneySpace that I was able to regain control and prevent was an obvious and deliberate attempt to subvert the government of this great republic.   Thanks can I have my medal now?

  • Like 1
steingar Grand Master

steingar

Posted
Posted
4 hours ago, Yetti said:

If I ever break a TFR, though I do have a new defense.   The plane just went crazy and started taking over.  Have you ever heard of skynet.  Yeah like that.   I had to start pulling breakers, it was only though my skill and expertise and the proud women and men of MooneySpace that I was able to regain control and prevent was an obvious and deliberate attempt to subvert the government of this great republic.   Thanks can I have my medal now?

A Cessna once crashed right into the White House.  I bet you're hearing about it for the first time.

jaylw314 Grand Master

jaylw314

Posted
Posted
46 minutes ago, steingar said:

A Cessna once crashed right into the White House.  I bet you're hearing about it for the first time.

well, I wouldn't say it crashed right into the White House.  He hit the lawn and slid into the White House, I recall seeing minimal damage to the White House (and no fire, curiously).  I remember it on the news when it happened.

I recall there have been at least a few other people who have crashed or landed on the White House property, before 9/11 anyway...

  • Like 1
Yetti Grand Master

Yetti

Posted
Posted (edited)
1 hour ago, steingar said:

A Cessna once crashed right into the White House.  I bet you're hearing about it for the first time.

Carter or Bill was president.   And then there was the US postal ultralight that landed on the lawn.  you forgot to mention.   Flew right under the SAMs located on the roof.  

There is a thing about ships guns that only point so far down.   If you can get close enough, then you are safe from fire.

Same with SAM.   If you can be in the clutter of the ground, you are safe.

Edited by Yetti
  • Like 1
EricJ Grand Master

EricJ

Posted
Posted
17 hours ago, Fred₂O said:

Nothing to see here.  There is not a Mooney in the sky that uses CAN Bus protocol.  Some modern automobiles use dozens of computers and many of them communicate using CAN bus.   Our Mooneys might have two or three computers (GPS, EFIS, engine monitor), and they communicate limited data (Lat./Lon) over a serial connection. 

My Mooney already has multiple CAN buses, and they'll likely be extended to more devices in the near future.   Anybody who does much of an avionics or autopilot or instrumentation upgrade can easily wind up with one or more CAN buses, and they'll likely be connected to things that could be exploited.

 

1 hour ago, Yetti said:

Carter or Bill was president.   And then there was the US postal ultralight that landed on the lawn.  you forgot to mention.   Flew right under the SAMs located on the roof.  

I think one of the reasons that guy made it is because it he'd made it clear ahead of time what he was going to do, so he was pretty much expected.    AFAIK, he's still in the slammer, though, which is pretty sad.

 

jaylw314 Grand Master

jaylw314

Posted
Posted (edited)
12 minutes ago, EricJ said:

My Mooney already has multiple CAN buses, and they'll likely be extended to more devices in the near future.   Anybody who does much of an avionics or autopilot or instrumentation upgrade can easily wind up with one or more CAN buses, and they'll likely be connected to things that could be exploited.

Do you have a central CAN bus, or is it a bunch of small ones?  I think that security-wise, a single, central data bus that connects multiple boxes would be more vulnerable than a number of individual buses that connect two boxes each.  If you ever see the rats nest behind my instrument panel, you'd understand why I doubt any terrorist would bother trying to find one connection, much less multiple ones!

I hadn't realized the ultralight guy was still incarcerated. :blink:  That was a long time ago IIRC

Edited by jaylw314
EricJ Grand Master

EricJ

Posted
Posted
1 minute ago, jaylw314 said:

Do you have a central CAN bus, or is it a bunch of small ones?  I think that security-wise, a single, central data bus that connects multiple boxes would be more vulnerable than a number of individual buses that connect two boxes each.  If you ever see the rats nest behind my instrument panel, you'd understand why I doubt any terrorist would bother trying to find one connection, much less multiple ones!

I hadn't realized the ultralight guy was still incarcerated. :blink:  That was a long time ago IIRC

The modern(ish) architecture seems to be progressing toward multiplexed buses connecting multiple boxes.   e.g., Garmin GPS (GNS), G5 (or PFD/MFD), and GFC (autopilot) all interconnect.   An integrated system (GNS, whatever) that has the transponder controls internal would make the transponder connected to the network (I know, not directly, but a big security hole is just providing connectivity).   The G5/GNS also connect to the engine monitor, and the GNS has a comm radio, too, so just plugging something into the CAN bus provides connectivity to nearly the entire airplane, especially if the GNS/Garmin stack are used to control the transponder and the audio panel.   These days it's not unusual for people (e.g., me) to have their phone connected via BT to the audio panel, and/or the phone or tablets via wifi to the GNS/GPS.

So plugging something into the CAN bus can potentially provide connectivity to:

1. Comm radio, via GNS/IFD (also the nav radio)

2. GPS location data from the GNS/IFD or the G5/IFD/HSI/PFD

3. Air data from the G5/PFD/GNS/IFD.

4. Engine data from the GNS/IFD connection for the engine monitor.

5. Transponder if interfaced to the GNS/IFD.

6. Audio panel if interfaced to the GNS/IFD.

7. Autopilot (GFC)

8. Outside world via wifi/phone connection to GNS/IFD or audio panel.

There are currently Mooneys out there that have some or much or all of this stuff already, and more will as the fleet upgrades avionics.  So, yeah, there could be a lot of exploitable value there to somebody who wanted to do something with it all.   There are absolutely plenty of software/functional barriers to getting something really nefarious done, but that's what the hackers like to do.   The first hurdle is connectivity, and that's the point of the warning;  connectivity is easily available via something plugged into the CAN bus.  

And as the avionics systems continue to modernize, the connectivity just increases for a lot of good reasons.   It won't be all that long until data radios make it to GA and you can call your A&P about a problem and they can look at the engine monitor data in real time and provide corrective action or have a diagnosis before you land.   That's pretty awesome functionality, but it also creates security issues like what we're noting here.   How to navigate the best path between security and connectivity will never be easy.

 

EricJ Grand Master

EricJ

Posted
Posted
24 minutes ago, jaylw314 said:

I hadn't realized the ultralight guy was still incarcerated. :blink:  That was a long time ago IIRC

I seemed to remember a judge giving him six years plus some other sentences, but apparently he only served 120 days, so I was wrong and he is out now.

There've been quite a few unscheduled landings at the White House, including the gyrocopter guy and the Cessna, e.g., an Army private stole a Huey and landed on the south lawn:

https://en.wikipedia.org/wiki/1974_White_House_helicopter_incident

I wouldn't recommend it, but clearly it's been pulled off more times than most people realize.

 

  • Like 1
Yetti Grand Master

Yetti

Posted
Posted

I have much lower aspirations.  I just want to land at a Bucees and pull up to the non ethonol pump.   The back parking lot seems ligit for my plans.

Yetti Grand Master

Yetti

Posted
Posted
55 minutes ago, EricJ said:

The modern(ish) architecture seems to be progressing toward multiplexed buses connecting multiple boxes.   e.g., Garmin GPS (GNS), G5 (or PFD/MFD), and GFC (autopilot) all interconnect.   An integrated system (GNS, whatever) that has the transponder controls internal would make the transponder connected to the network (I know, not directly, but a big security hole is just providing connectivity).   The G5/GNS also connect to the engine monitor, and the GNS has a comm radio, too, so just plugging something into the CAN bus provides connectivity to nearly the entire airplane, especially if the GNS/Garmin stack are used to control the transponder and the audio panel.   These days it's not unusual for people (e.g., me) to have their phone connected via BT to the audio panel, and/or the phone or tablets via wifi to the GNS/GPS.

So plugging something into the CAN bus can potentially provide connectivity to:

1. Comm radio, via GNS/IFD (also the nav radio)

2. GPS location data from the GNS/IFD or the G5/IFD/HSI/PFD

3. Air data from the G5/PFD/GNS/IFD.

4. Engine data from the GNS/IFD connection for the engine monitor.

5. Transponder if interfaced to the GNS/IFD.

6. Audio panel if interfaced to the GNS/IFD.

7. Autopilot (GFC)

8. Outside world via wifi/phone connection to GNS/IFD or audio panel.

There are currently Mooneys out there that have some or much or all of this stuff already, and more will as the fleet upgrades avionics.  So, yeah, there could be a lot of exploitable value there to somebody who wanted to do something with it all.   There are absolutely plenty of software/functional barriers to getting something really nefarious done, but that's what the hackers like to do.   The first hurdle is connectivity, and that's the point of the warning;  connectivity is easily available via something plugged into the CAN bus.  

And as the avionics systems continue to modernize, the connectivity just increases for a lot of good reasons.   It won't be all that long until data radios make it to GA and you can call your A&P about a problem and they can look at the engine monitor data in real time and provide corrective action or have a diagnosis before you land.   That's pretty awesome functionality, but it also creates security issues like what we're noting here.   How to navigate the best path between security and connectivity will never be easy.

 

Too much work, but the phone via BT would be the best entry point.  Still it would be easier to slap a programmed GPS transmitter to the side and guide the plane where you want it to go.

Yetti Grand Master

Yetti

Posted
Posted
56 minutes ago, Fred₂O said:

 The only essential electronics are spark train.  The rest is all fluff.   I think that is pretty cool.

Which should survive an EMP event.

  • Like 2
carusoam Grand Master

carusoam

Posted
Posted

White House aviation visitors... that arrived by aircraft...

1) A borrowed Huey helicopter... ‘pilot’ caught some bullets, spent some time in jail... planned on the way home from a bad dance... saw the freshly fueled copters.

2) a stolen C150... didn’t survive the landing phase.

3) An Ultralight gyro-copter... postal worker delivered mail regarding campaign reform. Took a couple of years to plan...

 

Some things take planning... less planning, more dangerous to one’s self...

 

oh yeah canbus....  expect cars to be on constant alert for this type of hijinks.... many are connected to the outside using cell service... Onstar has been installed in many cars since Y2K... law enforcement has turned off a few stolen cars along the way...

Hacking into a Tesla seems to be a sport for some reason... the company takes the defense aspect pretty seriously...

 

PP thoughts only, haven’t formed an opinion on this topic yet...

Best regards,

-a-

aviatoreb Grand Master

aviatoreb

Posted
  • Author
Posted
14 hours ago, N201MKTurbo said:

My airplane has a few CAN buses. The G5 system is CAN and I think the interboard communications in the Avidyne is CAN.

You are correct that the plane will fly just fine without them. I have a backup KX155 that I can fly anywhere in the world with. I did it for years!

Instead of failing / Would you recognize if instead of disabled you were getting fake spoofed altitudes on your g5 when flying ice?

aviatoreb Grand Master

aviatoreb

Posted
  • Author
Posted
35 minutes ago, carusoam said:

White House aviation visitors... that arrived by aircraft...

1) A borrowed Huey helicopter... ‘pilot’ caught some bullets, spent some time in jail... planned on the way home from a bad dance... saw the freshly fueled copters.

2) a stolen C150... didn’t survive the landing phase.

3) An Ultralight gyro-copter... postal worker delivered mail regarding campaign reform. Took a couple of years to plan...

 

Some things take planning... less planning, more dangerous to one’s self...

 

oh yeah canbus....  expect cars to be on constant alert for this type of hijinks.... many are connected to the outside using cell service... Onstar has been installed in many cars since Y2K... law enforcement has turned off a few stolen cars along the way...

Hacking into a Tesla seems to be a sport for some reason... the company takes the defense aspect pretty seriously...

 

PP thoughts only, haven’t formed an opinion on this topic yet...

Best regards,

-a-

Don’t forget the German guy who landed a Cessna at the kremlin during the height of the Cold War.

carusoam Grand Master

carusoam

Posted
Posted

THE guy... Mathias Rust.

That was a cunning feat... proof that some radar coverage doesn’t work very well near the trees....

That was the end of the Cold War.... :)

Best regards,

-a-

 

  • Like 1
N201MKTurbo Grand Master

N201MKTurbo

Posted
Posted
8 hours ago, aviatoreb said:

Instead of failing / Would you recognize if instead of disabled you were getting fake spoofed altitudes on your g5 when flying ice?

I just use it for an HSI. I use it as a backup to ForeFlight so they would have to hack my IPad too.

EricJ Grand Master

EricJ

Posted
Posted
8 hours ago, carusoam said:

THE guy... Mathias Rust.

That was a cunning feat... proof that some radar coverage doesn’t work very well near the trees....

That was the end of the Cold War.... :)

Best regards,

-a-

My grad school thesis was about estimating the speed and distance of an acoustic emitter (i.e., something making noise) from a single microphone by processing the Doppler characteristics.   This happened not long before, so I cited it as the example case for why it was useful.   

The word was, though, that they had actually tracked him from early on but figured he probably wasn't going to do much and just kept an eye on him.   They were right.

 

  • Like 1
aviatoreb Grand Master

aviatoreb

Posted
  • Author
Posted
1 hour ago, N201MKTurbo said:

I just use it for an HSI. I use it as a backup to ForeFlight so they would have to hack my IPad too.

...well the threat isn't just about what is in your airplane.  Its about the fleet.

However, ok then, would you recognize if in flight, in IFR you were receiving false indications on your HSI and GPS suggesting you were on heading 090 but in fact you were heading 020 heading toward a building some what off the approach path to an airport?  Ok, perhaps you don't fly IFR, or perhaps you never do any particular approaches where there are buildings, hills, or mountains nearby - think fleet - not your specific recent flights.

aviatoreb Grand Master

aviatoreb

Posted
  • Author
Posted
9 hours ago, carusoam said:

THE guy... Mathias Rust.

That was a cunning feat... proof that some radar coverage doesn’t work very well near the trees....

That was the end of the Cold War.... :)

Best regards,

-a-

 

That's him!

0TreeLemur Grand Master

0TreeLemur

Posted
Posted

We are taught to quickly identify inconsistent instrument indications, diagnose the defective instrument, and ignore it.   If you are worried about the person in seat 1F hacking your CAN Bus, you should make sure that you have enough steam gauges to do that.  Oh, you might keep an eye on that hacker in seat 1F too.  :lol:

 

aviatoreb Grand Master

aviatoreb

Posted
  • Author
Posted
Just now, Fred₂O said:

We are taught to quickly identify inconsistent instrument indications, diagnose the defective instrument, and ignore it.   If you are worried about the person in seat 1F hacking your CAN Bus, you should make sure that you have enough steam gauges to do that.  Oh, you might keep an eye on that hacker in seat 1F too.  :lol:

 

Of course we are taught to identify inconsistent readings.  But it is a dangerous situation if a software hack is insidiously giving not failed readings, but incorrect readings.  Maybe most will recognize the inconsistencies.  But I promise some will not.  I take this warning as a simple reminder to stay alert - on the instrument scan too.

jaylw314 Grand Master

jaylw314

Posted
Posted
11 hours ago, aviatoreb said:

Instead of failing / Would you recognize if instead of disabled you were getting fake spoofed altitudes on your g5 when flying ice?

"spoofing" is MUCH more technically and physically difficult than disabling.  One way would be to splice something into the connection between your GPS and G5 and install some type of device custom designed to do so.  Think of how much you swore the last time you tried even finding a danged wire behind the instrument panel?  Maybe the trying to upload a custom virus to the GPS via firmware update would be physically easier, but then you'd have to design a custom virus for a device that you'll never be able to use for any other application.  Again, I don't think the risk/reward is there for terrorists and hackers.  Why spend a ton of time, money and energy to spoof something small to cause minor mayhem when you can more easily disable something big to cause major mayhem?

If I specifically wanted to cause mayhem for one person, it'd be much easier to do things like removing the safety wire from a control horn nut and loosening it.  Then it will fail sometime in the future and look like an accident or maintenance failure.  If I wanted to cause mayhem for a bunch of GA aircraft and had the software programming skills to do so, I'd get myself hired by Garmin as a software engineer and sneak a backdoor code into boxes that could be easily accessed remotely.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.