Could Hackers Be Rerouting Airplanes?
#11
As far as hacking and what's possible re: our systems? Since any changes to our active flight plan (even when uploaded from an outside source) can't take effect without action from a human present on the flight deck, my guess is that some kind of false input is not a huge threat.
With the right knowledge and access, software can be modified to do literally anything that the hardware itself is physically capable of doing. The only limits are access and skills.
#12
I think Adler's point is, the systems aren't autonomous.
When we uplink the route, you have to Load, Activate, and Execute.....three button-pushes on Boeing.
But then, doesn't one go through the route page to make sure it matches the paper or EFB-version you got from Dispatch?
We have to on ETOPS; I try to on domestic, but even if I don't get the whole route before push, I'm checking several legs ahead in-flight. "Hey...we have a disconinuity here." "Oh, right, they switched depature runways at the last second...that always happens."
The vast majority of hacking is IBM/PC-based, and either from the proverbial geek in Mom's basement, to the "No, People's Republic does not attack your computer network."
I don't know what protocols or format our dispatch and SABRE use, or ACARS. I'd venture to say dispatch and SABRE are windows-based, but it then gets converted to something simplistic for the FMC. So, Dispatch's computers could crash from a worm propagated as a "Windows update," but I think it unlikely someone would sneak in and change planned waypoints in the route of flight.
Even if, for example, someone snuck in and changed the lat/long of a named waypoint in the database: when the Dispatcher finished planning, and looked at the route, he'd say: "Hey! Why is this thing going to the North Pole between ORD and DEN???"
Same thing would happen in the plane: "This says our total distance is 12,069 miles!!"
I don't see China as having an interest in sending nefarious flight routings.
I don't see Nerds as having an interest, since it wouldn't get them much attention.
I don't think the link from Dispatch to transmitting sites uses the Internet. (Not certain, but it could be).
So, I think the knowlege to do this is very rare (requiring an inside job), and while theoretically possible, the "man in the loop" is the final safeguard if the improbable happened.
When we uplink the route, you have to Load, Activate, and Execute.....three button-pushes on Boeing.
But then, doesn't one go through the route page to make sure it matches the paper or EFB-version you got from Dispatch?
We have to on ETOPS; I try to on domestic, but even if I don't get the whole route before push, I'm checking several legs ahead in-flight. "Hey...we have a disconinuity here." "Oh, right, they switched depature runways at the last second...that always happens."
The vast majority of hacking is IBM/PC-based, and either from the proverbial geek in Mom's basement, to the "No, People's Republic does not attack your computer network."
I don't know what protocols or format our dispatch and SABRE use, or ACARS. I'd venture to say dispatch and SABRE are windows-based, but it then gets converted to something simplistic for the FMC. So, Dispatch's computers could crash from a worm propagated as a "Windows update," but I think it unlikely someone would sneak in and change planned waypoints in the route of flight.
Even if, for example, someone snuck in and changed the lat/long of a named waypoint in the database: when the Dispatcher finished planning, and looked at the route, he'd say: "Hey! Why is this thing going to the North Pole between ORD and DEN???"
Same thing would happen in the plane: "This says our total distance is 12,069 miles!!"
I don't see China as having an interest in sending nefarious flight routings.
I don't see Nerds as having an interest, since it wouldn't get them much attention.
I don't think the link from Dispatch to transmitting sites uses the Internet. (Not certain, but it could be).
So, I think the knowlege to do this is very rare (requiring an inside job), and while theoretically possible, the "man in the loop" is the final safeguard if the improbable happened.
#13
Had a MadDog try a sudden turn to the south. Some hacker must have sneaked in and changed the next waypoint from MYS to MSY. What if we hadn't noticed, and accidentally flew to New Orleans?!!
#14
Gets Weekends Off
Joined APC: Apr 2011
Position: retired 767(dl)
Posts: 5,739
#15
I think Adler's point is, the systems aren't autonomous.
When we uplink the route, you have to Load, Activate, and Execute.....three button-pushes on Boeing.
But then, doesn't one go through the route page to make sure it matches the paper or EFB-version you got from Dispatch?
We have to on ETOPS; I try to on domestic, but even if I don't get the whole route before push, I'm checking several legs ahead in-flight. "Hey...we have a disconinuity here." "Oh, right, they switched depature runways at the last second...that always happens."
The vast majority of hacking is IBM/PC-based, and either from the proverbial geek in Mom's basement, to the "No, People's Republic does not attack your computer network."
I don't know what protocols or format our dispatch and SABRE use, or ACARS. I'd venture to say dispatch and SABRE are windows-based, but it then gets converted to something simplistic for the FMC. So, Dispatch's computers could crash from a worm propagated as a "Windows update," but I think it unlikely someone would sneak in and change planned waypoints in the route of flight.
Even if, for example, someone snuck in and changed the lat/long of a named waypoint in the database: when the Dispatcher finished planning, and looked at the route, he'd say: "Hey! Why is this thing going to the North Pole between ORD and DEN???"
Same thing would happen in the plane: "This says our total distance is 12,069 miles!!"
I don't see China as having an interest in sending nefarious flight routings.
I don't see Nerds as having an interest, since it wouldn't get them much attention.
I don't think the link from Dispatch to transmitting sites uses the Internet. (Not certain, but it could be).
So, I think the knowlege to do this is very rare (requiring an inside job), and while theoretically possible, the "man in the loop" is the final safeguard if the improbable happened.
When we uplink the route, you have to Load, Activate, and Execute.....three button-pushes on Boeing.
But then, doesn't one go through the route page to make sure it matches the paper or EFB-version you got from Dispatch?
We have to on ETOPS; I try to on domestic, but even if I don't get the whole route before push, I'm checking several legs ahead in-flight. "Hey...we have a disconinuity here." "Oh, right, they switched depature runways at the last second...that always happens."
The vast majority of hacking is IBM/PC-based, and either from the proverbial geek in Mom's basement, to the "No, People's Republic does not attack your computer network."
I don't know what protocols or format our dispatch and SABRE use, or ACARS. I'd venture to say dispatch and SABRE are windows-based, but it then gets converted to something simplistic for the FMC. So, Dispatch's computers could crash from a worm propagated as a "Windows update," but I think it unlikely someone would sneak in and change planned waypoints in the route of flight.
Even if, for example, someone snuck in and changed the lat/long of a named waypoint in the database: when the Dispatcher finished planning, and looked at the route, he'd say: "Hey! Why is this thing going to the North Pole between ORD and DEN???"
Same thing would happen in the plane: "This says our total distance is 12,069 miles!!"
I don't see China as having an interest in sending nefarious flight routings.
I don't see Nerds as having an interest, since it wouldn't get them much attention.
I don't think the link from Dispatch to transmitting sites uses the Internet. (Not certain, but it could be).
So, I think the knowlege to do this is very rare (requiring an inside job), and while theoretically possible, the "man in the loop" is the final safeguard if the improbable happened.
#16
As I said before within the physical limits of the hardware, absolutely anything is possible with software. With enough skill and access, it would be possible to send an airplane off course with all indications appearing normal except for two...the mag compass and the position of the sun relative to the nose. But the people with those skills (the system designers and neer-peer nation-state intel/military) would probably not have an incentive to do it.
Just because our systems can communicate with specific nodes doesn't make every aspect of them open to compromise. Maybe I can buy the possibility that someone could upload a bad fix or heading.....maybe.
Doing that and then making our NAV displays and ever other computer generated indication on board support the farce, so that all that's correct is the whisky compass and the sun? By that you mean, I could be looking at normal indications, proper "TO" point (say 5030N), 090 course, magenta line, correct prog page predictions, etc. Everything appears completely normal but I'm really heading 030 and my compass and the sun are my only clues?
No way. First, it's not just software. Much of the architecture behind our entire integrated navigation, instrument, FMC system is structured around firmware and assorted programmable read-only memory. Those are not open to somehow be re-written via inputs from a hacker over CPDLC or ACARS. When those base level programs are modified, that's done via hard connection through programming terminals on the flight deck.
Suggesting that an outside hacker, no matter the source, can access the computer structure of our aircraft in order to make a false course or heading appear normal is fantasy.
#17
Line Holder
Joined APC: Jan 2013
Posts: 25
You'd have to also hack the controller's station without detection, or jam the radio transmission without detection.
Also if you're in VMC, and not completely buried in your laptop, you'd totally notice the turn. "Hey, where are we going?"
This plan is totally shot if you can see and recognize the terrain below you.... or.... like.... have a topo map.
#18
Rubber dogsh#t out of HKG
Joined APC: Jan 2008
Position: Senior Seat Cushion Tester Extraordinaire
Posts: 625
It's no airliner, but this is interesting.
Hackers Remotely Kill a Jeep on the Highway?With Me in It | WIRED
After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix | WIRED
Hackers Remotely Kill a Jeep on the Highway?With Me in It | WIRED
After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix | WIRED
#19
I have relevant education and civilian and military experience on this. Lets just say the military bit is particularly relevant here. Like I said the only limitation is hardware, access, and skill. Firmware may be an access problem in some cases but even firmware has been re-written remotely. It depends on the design, but for example most consumer electronics can have their firmware updated via the internet...you don't need a tech with a dedicated physical connection.
Without getting too far into the weeds, it would be hard to update firmware in flight because it would take the device offline for at least a while. But if it were modified on the ground with the intent of being used later in flight...
It's a bit of a stretch that an airplane could be sent off course for long with no one noticing, the point being that you could make a real mess of things.
This is all limited by access and the available skillset. But do not underestimate the creativity of people who spend all their time contemplating these things. It's too late to make our systems tamper-proof (probably no such thing anyway) but it would be a good idea to limit access to the degree practical.
The real threat is probably economic disruption caused by a state actor in time of low-intensity conflict.
#20
It's no airliner, but this is interesting.
Hackers Remotely Kill a Jeep on the Highway?With Me in It | WIRED
After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix | WIRED
Hackers Remotely Kill a Jeep on the Highway?With Me in It | WIRED
After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix | WIRED
This is what I'm talking about. I'm not a conspiracy nut suggesting that teenage ISIS punks will be hijacking airliners and flying them into buildings using their video game consoles.
But if somebody hacked a few 73's or 320's and pranked the crew in flight what do you think the economic impact would be?
Hint: An FAA "recall" is not going to be like an automotive recall "bring it in for the update when you get around to it, if you want to"
Last edited by rickair7777; 02-18-2016 at 09:21 AM.
Thread
Thread Starter
Forum
Replies
Last Post