DHS hacks 757 from gate

gotWXdagain

Highly Visible Member
#42
I think you’re overthinking what transport aircraft have in them. We may call it a computer, but it is a computer the way an abacus is technically a computer.
Not in the newer stuff. Here’s an article about the Pro Line Fusion:

http://www.lynx.com/lynxos-178-rtos...ro-line-fusion-series-of-flight-deck-systems/

Further googling of Commercial Off-The-Shelf operating systems, it looks like they’re starting to be more widespread in aviation applications.

Sure I wouldn’t expect something like a Mad Dog to have the same vulnerabilities as a C-Series, mainly owing to its own obsolescence.
 

Cptnchia

Dissatisfied Customer
#43
Not in the newer stuff. Here’s an article about the Pro Line Fusion:

http://www.lynx.com/lynxos-178-rtos...ro-line-fusion-series-of-flight-deck-systems/

Further googling of Commercial Off-The-Shelf operating systems, it looks like they’re starting to be more widespread in aviation applications.

Sure I wouldn’t expect something like a Mad Dog to have the same vulnerabilities as a C-Series, mainly owing to its own obsolescence.
“The Bombardier Vision Flight Deck with Pro Line Fusion is featured on Bombardier’s Global 5000™ and Global 6000™ business jets and will be featured on the Learjet 85™ aircraft.”


What new transport category aircraft uses Pro Line Fusion?
 

Derg

Cap, Roci
Staff member
#46
You know any computer geek with an RF transmitter configured to the correct frequency, a laptop, and a chip on their shoulders could probably brick any CPU running a GPS system, right?

I don’t think it’d even be that difficult to trick the receiver into thinking bad guy’s laptop is another satellite in the constellation and at that point it’d be game on.
Whiiiiiiiich is why many systems run off IRU's and only generally use GPS for reference data. You could totally go "Gravity" on the satellite spectrum and the Airbus would put down it's coffee and say "Monsieur, your NAV performance has degraded somewhat" but it's not about to fall out of the sky or end up in the side of a mountain. I'm not even sure the entire 757/767 fleet even has GPS.

On the Bus to go GPS-primary NAV you've got to deselect a lot of stuff in the MCDU to make it happen. 757/767 wouldn't even care. I don't thnk I've flown any aircraft that would disregard IRU data and go following a rogue GPS position.
 

Cessnaflyer

Wooooooooooooooooooooooooooooooo
#48
I did get to experience first-hand GPS jamming from a testbed from a P-8 over a decade ago. I can't imagine that having much effect on anything. "Ugh we need a heading for a bit, our GPS is a little off".
 

Cptnchia

Dissatisfied Customer
#49
Whiiiiiiiich is why many systems run off IRU's and only generally use GPS for reference data. You could totally go "Gravity" on the satellite spectrum and the Airbus would put down it's coffee and say "Monsieur, your NAV performance has degraded somewhat" but it's not about to fall out of the sky or end up in the side of a mountain. I'm not even sure the entire 757/767 fleet even has GPS.

On the Bus to go GPS-primary NAV you've got to deselect a lot of stuff in the MCDU to make it happen. 757/767 wouldn't even care. I don't thnk I've flown any aircraft that would disregard IRU data and go following a rogue GPS position.

The bus is like Boeing and MD. The FMS compares GPS position to DME/DME position to IRU position, and disregards the outlier.
 

ppragman

Direct Yeska
#52
Pro tip: There are NO, repeat, NO systems that use WiFi. FMS? It uses VHF. GPS? Why would it use WiFi?

Now, if the WiFi is on the same data bus as say, the autopilot, maybe it could, but as far as I’ve been taught, WiFi is a stand alone system. I should be able to pull the breaker with no degradation to aircraft systems.
I don't know enough about hacking to make too much of an intelligent comment, but just because it's not obvious doesn't mean it can't be done. We don't know what kind of exploit DHS found. These systems are insanely complicated

So let's say that you had a transmitter you carried with you in your backpack that could spoof GPS signals.

You spoof the GPS in such a way that because of terrible programming 35 years ago causes a buffer overflow in the memory where the GPS location data is stored. Let's say this allows remote code execution - well now you're "in." It doesn't have to be wifi.

It really depends on the system in question and how clever the attackers are. It could be that attacking the wifi in a clever way allows for some other cascading electronic system malfunction that opens up critical systems to exploit.

It's also worth noting that just because it's airgapped doesn't mean your intrinsically "safe."
 

Cptnchia

Dissatisfied Customer
#53
Which leaves an in. There is data broadcast over that VHF channel. At this point, it's insignificant. Just data, no commands. But if there was commands....it could be hacked.
Follow that line of thought. The FMS gets hacked. What can the hacker make it do? Change the magenta line? Easy fix for any hacked FMS

Autopilot-OFF
Autothrottles-OFF
PFD- Select manual VOR rose. Manually tune VORs.
Notify ATC of degraded NAV function.
Put down coffee/suduku and do pilot stuff.
 

Soku39

Well-Known Member
#54
It's now 2017, and the industry's approach to software assurance is no better.

It's like nobody learned anything from the Therac-25.
In fairness it would appear from the headlines of the last year, that absolutely no industry takes software assurance and security seriously. I honestly just can't wait for my self driving car...
 

Roger Roger

Paid to sleep, fly for fun
#55
I don't know enough about hacking to make too much of an intelligent comment, but just because it's not obvious doesn't mean it can't be done. We don't know what kind of exploit DHS found. These systems are insanely complicated
They’re, uh, really not. Example: in TYOOL 2017 FMS still uses heading and vertical speed commands to make the AP track your GPS and vnav. Most of this really just ends up being a digital equivalent of the good ol KI525A HSI.
 

ppragman

Direct Yeska
#57
I don’t know that to me true.
Technically you wouldn't even need commands if the system was engineered sloppily.

Follow that line of thought. The FMS gets hacked. What can the hacker make it do? Change the magenta line? Easy fix for any hacked FMS

Autopilot-OFF
Autothrottles-OFF
PFD- Select manual VOR rose. Manually tune VORs.
Notify ATC of degraded NAV function.
Put down coffee/suduku and do pilot stuff.
Put the airplane 4 mile to the left of course in mountainous terrain while showing everything "normal." Display inaccurate altitudes. Lots of stuff, it depends on what is hacked and how the FMS integrates with everything. It's gonna vary from airplane to airplane, but yeah, if you don't know as the pilot...you don't know. It really depends on what has been compromised and how deeply they're able to get into the systems of the airplane. If whatever exploit DHS has found runs deep enough...well, I don't think we can really discount it without finding out more. I mean, realistically, in the MadDog you're probably going to be ok provided you're monitoring ground-based navaids and paying attention. However, if you were crossing the ocean outside of radar, and the group trying to hack you is a state actor...well, the equation becomes more complicated.

They’re, uh, really not. Example: in TYOOL 2017 FMS still uses heading and vertical speed commands to make the AP track your GPS and vnav. Most of this really just ends up being a digital equivalent of the good ol KI525A HSI.
Here's the thing though... the processors really are. The computers "under the hood" are. Sure, they may only be really outputting heading and vertical commands, but how is that data being being displayed to the pilot, how is that system being monitored. The autopilot might not be the problem in this situation.

Imagine that everything was shown as "normal" to the pilot, but the system actually had you 4 miles to the north of course in JNU on the LDA-DME Z? In most of the country, this wouldn't be a problem, but in places without radar and large chunks of terrain the plot thickens. EGPWS could help with this - provided that the system is independent from the FMS and the pilot display...still, there are complications.
 

Cptnchia

Dissatisfied Customer
#58
Technically you wouldn't even need commands if the system was engineered sloppily.



Put the airplane 4 mile to the left of course in mountainous terrain while showing everything "normal." Display inaccurate altitudes. Lots of stuff, it depends on what is hacked and how the FMS integrates with everything. It's gonna vary from airplane to airplane, but yeah, if you don't know as the pilot...you don't know. It really depends on what has been compromised and how deeply they're able to get into the systems of the airplane. If whatever exploit DHS has found runs deep enough...well, I don't think we can really discount it without finding out more. I mean, realistically, in the MadDog you're probably going to be ok provided you're monitoring ground-based navaids and paying attention. However, if you were crossing the ocean outside of radar, and the group trying to hack you is a state actor...well, the equation becomes more complicated.



Here's the thing though... the processors really are. The computers "under the hood" are. Sure, they may only be really outputting heading and vertical commands, but how is that data being being displayed to the pilot, how is that system being monitored. The autopilot might not be the problem in this situation.

Imagine that everything was shown as "normal" to the pilot, but the system actually had you 4 miles to the north of course in JNU on the LDA-DME Z? In most of the country, this wouldn't be a problem, but in places without radar and large chunks of terrain the plot thickens. EGPWS could help with this - provided that the system is independent from the FMS and the pilot display...still, there are complications.
EGPWS is a stand alone system, and if I’m flying the LDA DME in JNU, they would have to hack the localizer and DME signals on the ground, plus the GPS signal, PLUS the output from the IRUs to spoof the FMS. Not to mention that they’d have to override the MAP SHIFT logic of the FMS.

Again, is it possible. Well, anything is. I just think it’s not as big an issue as you in the commandeering of an aircraft. After all, the FMS is a deferrable system. The aircraft has to be able to be flown if the entire system fails or is turned off.
 
Top