Jump to content

Recommended Posts

Posted

Can they? Yes. Would it be worth it? Probably not. Old school avionics could also be "hacked." Autopilot might not do so well if let's say they static port were blocked or fiddled with.

  • Like 2
Posted

Like anything else...

It would be criminal in nature...  when it leads to somebody’s demise... it would be tragic... and carry the death penalty in some states...

1) If you are thinking of ways To commit a crime... this would be a tough one to pull off... and probably no way to get away with it... and you have posted it publicly already...  

2) If you like spreading fear amongst the people that are relying on their GPS... they don’t know they are relying on it... so it doesn’t build a lot of fear either...

3) The biggest fear about relying on GPS comes from your own governmental agencies when they interrupt it for various reasons...

4) To avoid the fear of you having any signal loss challenges... learn how your system warns you about the loss of signals... and have a Plan B like any other system you have...

5) Older GPSi have a requirement to test the system before using it on approach...

6) Review who has access to your plane’s electronics, and hangar in general...

One airplane was lost in NJ... because somebody loosened a fastener on a control system... pretty low tech way to cause a tragedy... just about anyone can commit this one...

7) It doesn’t take a high tech crime to cause a dangerous situation...

8) Most of the things I own can’t keep a WiFi or BT connection while moving...

9) Most BT connections need to be really close by...

10) for fears of modern technology... avoid things that have electronic memories...

11) for fears of ancient technology... avoid things that have mechanical memories...

Wondering what inspired this question..?  :)

Best regards,

-a-

 

Posted

Now that a lot of systems are connected via Wi-Fi the risk of getting hacked is increased.  I would certainly keep my systems more updated if I had Wi-Fi then if I didn't.

Posted

Insert discussion on password control and updating.... :)

Follow it up with who would do such a thing...?

End it with blaming China and Russia... because they can.

 

Combine Airplanes, accidents and organized crimes...

You would have a perfect storyline for the USAToday...

Best regards,

-a-

Posted

How vulnerable the systems are is largely a function of how well the systems were engineered to resist attack.   They could be very secure with WiFi and BlueTooth enabled, or they could be vulnerable to simple attacks made when you update the database every month. 

WiFi or BT do provide additional means of entry, but you're required to provide a means of entry every month when you update the databases even if you have WiFi and BT turned off.

I haven't heard of any systems being compromised yet, but it is possible that they're all completely compromised and just waiting for the GPS date and time to hit the point where they all fail at once.  ;)

Personally I don't worry about it.   It is good practice to maintain reasonable diligence for failures and spoofs, anyway, so having backup and fall-back strategies is still a good idea, imho.

 

  • Like 1
Posted

Not directly avionics, but Garmin was hacked last year and it shutdown their ability to update navdata for several days.  Possibly not hard to insert a bug into navdata vs shutting down big G website?  I wonder if they paid....

Posted (edited)

No real reason to hack the avionics in the plane.   It is very easy to phreak the Navaids and scramble the GPS signal.

Edited by Yetti
  • Like 1
Posted

Hackers generally have motives.  There are state actors that want to disrupt an economy and people.  There are private actors that want money.  While good software and security design should be a part of GA avionics, it is likely low on the list for either type of actor.  

Posted
1 hour ago, Boilermonkey said:

Hackers generally have motives.  There are state actors that want to disrupt an economy and people.  There are private actors that want money.  While good software and security design should be a part of GA avionics, it is likely low on the list for either type of actor.  

Not how hacking started.   hacking started back in the day at Bell Labs.  During lunch time they would have program wars that would see how much one program could eat another programmers program.

  • Like 2
Posted
38 minutes ago, Yetti said:

Not how hacking started.   hacking started back in the day at Bell Labs.  During lunch time they would have program wars that would see how much one program could eat another programmers program.

Ah, the good ol' days.  That still exists in some circles...and better than a code review :rolleyes:

Posted
5 minutes ago, Boilermonkey said:

Ah, the good ol' days.  That still exists in some circles...and better than a code review :rolleyes:

No not really.   After ERCOT screwed us over I started monitoring them using their data.   It was going to be to manage their price spikes with my home generator.   So put this together in a couple days using a 40 dollar Raspberry PI and Node-red visual programming language.   I could still probably write a bubble sort, but why.   image.thumb.png.ec7bd2374aa5c006ad4ecafaf8bc488d.png

Posted

Anything can be hacked. Just ask SolarWinds. The question is, what is the value of the return. I don't think GA avionics has the kind of juice anyone wants to squeeze. Airlines, yes, GA no. Garmin did not get squeezed because of GA avionics, it got squeezed because its consumer business was so valuable.

 

Posted
12 minutes ago, N201MKTurbo said:

What's the point? Unlike Die Hard 2, if you shut down all the communications and navigation, a good pilot will manage to get the plane safely on the ground.

I still think that flight they never found was hacked from the back seats.  GPS jammer and a new Navaid signal.  too much down the Magenta line and no return.

Posted
2 hours ago, Yetti said:

No not really.   After ERCOT screwed us over I started monitoring them using their data.   It was going to be to manage their price spikes with my home generator.   So put this together in a couple days using a 40 dollar Raspberry PI and Node-red visual programming language.   I could still probably write a bubble sort, but why.   

If you do write a bubble sort you can verify it against the Hungarian dance model:
 

 

 

Posted

Always assume yes, but what would be the gain?  guess you could try to send that irritating hangar neighbor to Antarctica; you know the one who owns the ovation and hasn't given you a ride 8).  Maybe unlock software features.    Now if you just wanted to off some guy prob  easier with a wrench or duct tape

Posted

Most anything with interfaces can be hacked. Wifi and Bluetooth are pretty easy targets but you need proximity to the device. And the tools needed depend on the core OS.

It is sometimes easy to break them or cause them to reboot doing various things or sending various mal-formed packets to the interfaces. I've not reviewed the security or coding practices of these or any aviation devices hardware or software but it is what I do for a living. 

It would be interesting to interview the security team that vets the Garmin (or other venders) products and learn about the practices and which 3rd parties they use for code testing etc. I've not done any outside interfacing with any of my Garmin products but plan to in the near future when I have Ipad and other devices integrated (Bluetooth for sure and maybe Wifi).

Someone said it before, from a sabotage perspective, there are way lower hanging fruit than the avionics. From an economic perspective, it would be interesting to see what can be had from a DB/Maps/Feature perspective for our avionics. The Garmin "consumer" products are fairly trivial to hack and obtain (think: free terrain/map subscriptions).

I'm curious to know how the "consumer" device design and implementation compares to aviation device design. I HOPE much much more rigor is applied but it would not surprise me to see like similar graphics engines or drivers being shared amongst many of Garmin's or other vendor's suites.

Freddy

Posted

One of the things in reading Glen Greenwald's book about Snowden was how much retentivity a device has even devices never connected to anything. When they were working on Snowden's files, the NSA finally said, "OK, we can't stop you, but you need to secure the information here is how to do it". They worked on brand new air gapped computers then destroyed the mother board, popping off and roasting the chips in the microwave device. The point being, there is no real way for the average person to fully secure any device if it is connected in anyway. Just like there is no real privacy. If they want to get to you, they can.

Posted
Just now, GeeBee said:

One of the things in reading Glen Greenwald's book about Snowden was how much retentivity a device has even devices never connected to anything. When they were working on Snowden's files, the NSA finally said, "OK, we can't stop you, but you need to secure the information here is how to do it". They worked on brand new air gapped computers then destroyed the mother board, popping off and roasting the chips in the microwave device. The point being, there is no real way for the average person to fully secure any device if it is connected in anyway. Just like there is no real privacy. If they want to get to you, they can.

Security opposes usability to a certain extent. The most highly secured devices arent too useful (completely air-gapped and isolated ie, no interfaces to the outside)! We give up a bit of security for increased usability but then an interesting happens at the other end of security or lack of any...the usability goes back down again as you remove security controls because nobody can trust a device that has no security controls.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.