Jump to content

Can modern avionics be hacked?

garuda

By garuda
in General Mooney Talk

 Share

Recommended Posts

carusoam Grand Master

carusoam

Posted
Posted

Like anything else...

It would be criminal in nature...  when it leads to somebody’s demise... it would be tragic... and carry the death penalty in some states...

1) If you are thinking of ways To commit a crime... this would be a tough one to pull off... and probably no way to get away with it... and you have posted it publicly already...  

2) If you like spreading fear amongst the people that are relying on their GPS... they don’t know they are relying on it... so it doesn’t build a lot of fear either...

3) The biggest fear about relying on GPS comes from your own governmental agencies when they interrupt it for various reasons...

4) To avoid the fear of you having any signal loss challenges... learn how your system warns you about the loss of signals... and have a Plan B like any other system you have...

5) Older GPSi have a requirement to test the system before using it on approach...

6) Review who has access to your plane’s electronics, and hangar in general...

One airplane was lost in NJ... because somebody loosened a fastener on a control system... pretty low tech way to cause a tragedy... just about anyone can commit this one...

7) It doesn’t take a high tech crime to cause a dangerous situation...

8) Most of the things I own can’t keep a WiFi or BT connection while moving...

9) Most BT connections need to be really close by...

10) for fears of modern technology... avoid things that have electronic memories...

11) for fears of ancient technology... avoid things that have mechanical memories...

Wondering what inspired this question..?  :)

Best regards,

-a-

 

Link to comment
Share on other sites
carusoam Grand Master

carusoam

Posted
Posted

Insert discussion on password control and updating.... :)

Follow it up with who would do such a thing...?

End it with blaming China and Russia... because they can.

 

Combine Airplanes, accidents and organized crimes...

You would have a perfect storyline for the USAToday...

Best regards,

-a-

Link to comment
Share on other sites
EricJ Grand Master

EricJ

Posted
Posted

How vulnerable the systems are is largely a function of how well the systems were engineered to resist attack.   They could be very secure with WiFi and BlueTooth enabled, or they could be vulnerable to simple attacks made when you update the database every month. 

WiFi or BT do provide additional means of entry, but you're required to provide a means of entry every month when you update the databases even if you have WiFi and BT turned off.

I haven't heard of any systems being compromised yet, but it is possible that they're all completely compromised and just waiting for the GPS date and time to hit the point where they all fail at once.  ;)

Personally I don't worry about it.   It is good practice to maintain reasonable diligence for failures and spoofs, anyway, so having backup and fall-back strategies is still a good idea, imho.

 

  • Like 1
Link to comment
Share on other sites
Ragsf15e Grand Master

Ragsf15e

Posted
Posted

Not directly avionics, but Garmin was hacked last year and it shutdown their ability to update navdata for several days.  Possibly not hard to insert a bug into navdata vs shutting down big G website?  I wonder if they paid....

Link to comment
Share on other sites
Boilermonkey Experienced

Boilermonkey

Posted
Posted

Hackers generally have motives.  There are state actors that want to disrupt an economy and people.  There are private actors that want money.  While good software and security design should be a part of GA avionics, it is likely low on the list for either type of actor.  

Link to comment
Share on other sites
Yetti Grand Master

Yetti

Posted
Posted
1 hour ago, Boilermonkey said:

Hackers generally have motives.  There are state actors that want to disrupt an economy and people.  There are private actors that want money.  While good software and security design should be a part of GA avionics, it is likely low on the list for either type of actor.  

Not how hacking started.   hacking started back in the day at Bell Labs.  During lunch time they would have program wars that would see how much one program could eat another programmers program.

  • Like 2
Link to comment
Share on other sites
Boilermonkey Experienced

Boilermonkey

Posted
Posted
38 minutes ago, Yetti said:

Not how hacking started.   hacking started back in the day at Bell Labs.  During lunch time they would have program wars that would see how much one program could eat another programmers program.

Ah, the good ol' days.  That still exists in some circles...and better than a code review :rolleyes:

Link to comment
Share on other sites
Yetti Grand Master

Yetti

Posted
Posted
5 minutes ago, Boilermonkey said:

Ah, the good ol' days.  That still exists in some circles...and better than a code review :rolleyes:

No not really.   After ERCOT screwed us over I started monitoring them using their data.   It was going to be to manage their price spikes with my home generator.   So put this together in a couple days using a 40 dollar Raspberry PI and Node-red visual programming language.   I could still probably write a bubble sort, but why.   image.thumb.png.ec7bd2374aa5c006ad4ecafaf8bc488d.png

Link to comment
Share on other sites
GeeBee Grand Master

GeeBee

Posted
Posted

Anything can be hacked. Just ask SolarWinds. The question is, what is the value of the return. I don't think GA avionics has the kind of juice anyone wants to squeeze. Airlines, yes, GA no. Garmin did not get squeezed because of GA avionics, it got squeezed because its consumer business was so valuable.

 

Link to comment
Share on other sites
Yetti Grand Master

Yetti

Posted
Posted
12 minutes ago, N201MKTurbo said:

What's the point? Unlike Die Hard 2, if you shut down all the communications and navigation, a good pilot will manage to get the plane safely on the ground.

I still think that flight they never found was hacked from the back seats.  GPS jammer and a new Navaid signal.  too much down the Magenta line and no return.

Link to comment
Share on other sites
EricJ Grand Master

EricJ

Posted
Posted
2 hours ago, Yetti said:

No not really.   After ERCOT screwed us over I started monitoring them using their data.   It was going to be to manage their price spikes with my home generator.   So put this together in a couple days using a 40 dollar Raspberry PI and Node-red visual programming language.   I could still probably write a bubble sort, but why.   

If you do write a bubble sort you can verify it against the Hungarian dance model:
 

 

 

Link to comment
Share on other sites
McMooney Mentor

McMooney

Posted
Posted

Always assume yes, but what would be the gain?  guess you could try to send that irritating hangar neighbor to Antarctica; you know the one who owns the ovation and hasn't given you a ride 8).  Maybe unlock software features.    Now if you just wanted to off some guy prob  easier with a wrench or duct tape

Link to comment
Share on other sites
FJC Collaborator

FJC

Posted
Posted

Most anything with interfaces can be hacked. Wifi and Bluetooth are pretty easy targets but you need proximity to the device. And the tools needed depend on the core OS.

It is sometimes easy to break them or cause them to reboot doing various things or sending various mal-formed packets to the interfaces. I've not reviewed the security or coding practices of these or any aviation devices hardware or software but it is what I do for a living. 

It would be interesting to interview the security team that vets the Garmin (or other venders) products and learn about the practices and which 3rd parties they use for code testing etc. I've not done any outside interfacing with any of my Garmin products but plan to in the near future when I have Ipad and other devices integrated (Bluetooth for sure and maybe Wifi).

Someone said it before, from a sabotage perspective, there are way lower hanging fruit than the avionics. From an economic perspective, it would be interesting to see what can be had from a DB/Maps/Feature perspective for our avionics. The Garmin "consumer" products are fairly trivial to hack and obtain (think: free terrain/map subscriptions).

I'm curious to know how the "consumer" device design and implementation compares to aviation device design. I HOPE much much more rigor is applied but it would not surprise me to see like similar graphics engines or drivers being shared amongst many of Garmin's or other vendor's suites.

Freddy

Link to comment
Share on other sites
GeeBee Grand Master

GeeBee

Posted
Posted

One of the things in reading Glen Greenwald's book about Snowden was how much retentivity a device has even devices never connected to anything. When they were working on Snowden's files, the NSA finally said, "OK, we can't stop you, but you need to secure the information here is how to do it". They worked on brand new air gapped computers then destroyed the mother board, popping off and roasting the chips in the microwave device. The point being, there is no real way for the average person to fully secure any device if it is connected in anyway. Just like there is no real privacy. If they want to get to you, they can.

Link to comment
Share on other sites
FJC Collaborator

FJC

Posted
Posted
Just now, GeeBee said:

One of the things in reading Glen Greenwald's book about Snowden was how much retentivity a device has even devices never connected to anything. When they were working on Snowden's files, the NSA finally said, "OK, we can't stop you, but you need to secure the information here is how to do it". They worked on brand new air gapped computers then destroyed the mother board, popping off and roasting the chips in the microwave device. The point being, there is no real way for the average person to fully secure any device if it is connected in anyway. Just like there is no real privacy. If they want to get to you, they can.

Security opposes usability to a certain extent. The most highly secured devices arent too useful (completely air-gapped and isolated ie, no interfaces to the outside)! We give up a bit of security for increased usability but then an interesting happens at the other end of security or lack of any...the usability goes back down again as you remove security controls because nobody can trust a device that has no security controls.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.