Friday, 23 December 2016

in-flight entertainment vs avionics

For those of you who have had the opportunity to see one of my presentations "Can you really hack an airplane: Myths & Truths", you are already familiar with what is really happening and the confusion between in-flight entertainment systems and avionics (https://en.wikipedia.org/wiki/Avionics). I was asked to put this article up by a number of friends in the security industry to highlight a few very important points. The purpose of this article is to provide food for thought. Especially, when you hear someone saying that "hacked" an airplane, or made it fly "sideways" by tampering with its systems through the in-flight entertainment system. Consider the following points and come to your own conclusions. 

Anyone who is trying to "generalise" and claim that during an actual flight, for example through the in-flight entertainment system, managed to take control of the plane and/or that it is possible to actually fly an aircraft like this, should first read what the law has to say about this. (Tokyo Convention 1963). 
Do you really want someone with the excuse of being a "security researcher" tampering with the airplane's systems while you are on an actual flight, because he/she decided that has nothing better to do? I am sorry, but from where I stand, we (security researchers) respect the law, and make sure we have permission to conduct any security assessments & penetration testing, in a safe and approved environment. 


What people need to understand when it comes to the words "hacking" and "airplane" being in the same sentence, is that it depends on the combination of a number of factors, such as the plane's manufacturer (Boing, Airbus), the specific model (A320, 747, 737, etc.), and the "changes" the specific airliner wanted to that particular type of aircraft. 

For example, which type of in-flight entertainment system is installed, what does it do, does it take offline/online payments, does is allows you to do calls, if Internet access is provided and in what way, and the specific vendor that provided that particular system and the installation. To keep it short, you cannot know if a specific aircraft's systems are segregated from the in-flight entertainment system, in what way this segregation is in effect, or if these systems are connected in the same network without having prior knowledge of the network architecture on that particular aircraft. Thus, when generalising, you are simply speculating and making assumptions. 

Yes, it is known that almost all in-flight entertainment systems have issues, like your microwave oven, or your car canvas (but unfortunately this gets more publicity because this system is within an aircraft). The issues related to in-flight entertainment systems should NOT be confused with the rest of the plane's systems and the way avionics control a flight. Also, it is really bad generalising that a specific issue that have been identified on one system, is the holly grail across the whole aircraft industry, and applies on every other aircraft. 

Claiming that hacking the in-flight entertainment gives you more or less automatically direct access to actually fly/control a plane in any way you like and works in general across all airplanes (all the factors mentioned earlier on), demonstrates clearly that either someone has no clue how avionics work, or haven't actually "played" with the system outside a controlled environment, such as a lab specifically set up to conduct the assessment in a partially simulated environment. (there is a HUGE difference)

Yes, indeed, for those of you (who know who you are), there are a handful of scenarios that have been submitted "where they should have", and demonstrate under which specific circumstances the avionics can be "fooled/tricked" (for a very short period of time). 
However, you should also know that the airplane's avionics have been specifically designed to know when the data they receive/process are not valid, how to respond to errors and failures, how to verify a faulty system or a malfunction, and how to RECOVER from failures by automatically ensuring that any errors/faults are contained properly. If this handful of scenarios can really lead to catastrophic events (and this is what you want to be worry about and not if the oxygen masks will suddenly drop for no reason), it is being closely investigated for the past few years, and all the information is highly classified (for a very good reason). 

One last thing: According to the law, for those who don't know this, the Commander and Flight Crew is given the power to restrain anyone when there is reasonable suspicion to believe that a passenger has or is about to engage in a criminal act. (Art. 5 & Art. 6). 

Thus, if anyone during an actual flight is suspected of trying to endanger the flight and potentially the lives of the passengers in any way (for example by tampering with the aircraft's systems), the law allows the crew (and the passengers assisting) to restrain that person and to be prosecuted (most probably under the accusation of being a potential terrorist). 

So, yeah (during an actual flight):
  • Tell me more how you have been tampering with the real systems of an aircraft while it was in flight (if it is true) because your think it is cool and will get you more free publicity, while "forgetting" to mention that anything that was attempted was in a lab (or in a controlled environment), without the avionics being active and in-control of the flight.
  • Tell me more about the assumption that because the in-flight entertainment system is vulnerable to SQL injection (e.g. allowing you to populate all its information about the seats and the movies available in the system) how you came to the conclusion that it is possible to tamper with an airplane's navigation systems during the flight.
  • Tell me more how you end up validating that you managed to fool the avionics during an actual flight, and managed to force the avionics to process invalid data successfully. 




No comments:

Post a Comment