How to Hack an Aircraft ?Easier than you think

Aircraft Hacking , well hacking an aircraft is easier than you might think. Last year, in USA a Department of Homeland Security (DHS) official admitted that he and his team of experts remotely hacked into a Boeing 757.

However, these days computers does everything like managing the flight path, entertainment systems, engine control etc. There is nothing which is 100% safe, everything is prone to be attacked. Aircraft hacking could be next big thing in this modern world of computers.

Its not the first time , In 2016, there were more than 50 reports of GPS interference at Manila International Airport – which can lead to “missed approaches” forcing flight crews to re-approach the runway using backup navigation systems. Aircraft hacking is eventually possible.

Now a days, modern airliner aircraft are being equipped with computers are internet all over the aircraft. Following items onboard are prone to aircraft hacking :

• Wifi
• Electronic flight bag
• Personal iPads of pilots
• Air to ground communication ( ACARS )
• Onboard computers which handle and monitor with flight parameters.
• Navigation Database
• Terrain Database

These days aircraft are being monitored 100% by their respective airline for various parameters. The modern aircraft are fitted with GSM sim card with which aircraft transmits the data back to OCC ( Airline Operations Control Centre ). When data could be transferred from OCC to pilot or vice versa , in the same manner the communication between pilot and airline could be intercepted by hackers

Generally, the data is being uploaded on aircraft by aircraft engineers. The engineers have full control of the aircraft . There is a high probability to intercept the aircraft computers by maintenance engineers .

The results of an attack on a plane can be catastrophic. After the 2008 crash of Spanair flight 5022, it was discovered that a central computer system used to monitor technical problems in the aircraft was infected with malware. An internal report by the airline revealed the infected computer failed to find three technical problems with the aircraft which, if detected, might have stopped the plane from taking off in the first place. 

The modern aircrafts are getting fully automated. The dependency on computer is increasing day by day in exponential way.

The ability to breach an aircraft system has already been demonstrated. Security researcher Ruben Santamarta has shown how attacks such as bypassing the credit card check and SQL injection can be conducted on an in-flight entertainment system. Such assaults can even be perpetrated from the ground, he says. 

Meanwhile, US regulator the Federal Aviation Administration(FAA) has warned that some computer systems on the Boeing 747-8 and 747-8F may be vulnerable to outside attacks due to the nature of their connectivity.

Throughout November and December last year, Ruben Santamarta sat in front of his computer peeking inside the technical bowels of hundreds of aircraft flying thousands of meters above him. That included commercial aircraft operated by some of the biggest airlines in the world. He believes it may’ve been the first time anyone had hacked planes from the ground by taking advantage of weaknesses in satellite equipment.

The cybersecrity researcher could, if he’d been so inclined to break the law, have hacked those onboard systems, snooped on the onboard Wi-Fi and carried out surveillance on all connected passenger devices. Fortunately, the safety systems on the planes were not at risk, thanks to the ways in which modern aircraft segment networks.

Santamarta, a researcher at cybersecurity company IOActive, was able to spy on all those planes due to vulnerabilities in satellite communications equipment, such as antennas sending data up to aircraft and the modems within. All could be exploited remotely, without needing physical access to the hardware. In his words, Santamarta found various ways to turn satellite communications kit into “radio frequency weapons.” 

He isn’t saying just what equipment until he details his attacks in full at the Black Hat conference in Las Vegas on Thursday. (Forbes is aware of the affected technology and will update this article once Santamarta has given his talk.) Relevant airlines, satellite communications vendors and government agencies were contacted about the vulnerabilities, IOActive said. Most have fixed the problems uncovered by Santamarta. Some remain vulnerable. This demonstration of aircraft hacking is known to airlines which they always hide with their customers.

Among the various airlines that had aircraft containing vulnerable kit were Southwest and Norweigian Airlines, according to the rezearcher. At the time of publication Norwegian hadn’t commented on Santamarta’s findings.

A Southwest spokesperson said it learned of the issues via the US-CERT, an emergency response team sponsored by the U.S. government, and contacted its Wi-Fi partners, Global Eagle, which fixed the issues back in December. They reiterated there was no threat to fliers safety.

Two of the manufacturers that produced and shipped the satellite and onboard Wi-Fi tech, Hughes and Global Eagle, did respond.

“The Hughes system comes equipped with a number of safeguards that guard against unauthorized access,” a Hughes spokesperson said. “Hughes works closely with customers on security matters and delivers service providers documentation on how to configure their system to guard against potential vulnerabilities, which is regularly reviewed and updated. Customers who have questions should contact their service providers to ensure the appropriate and latest safeguards are in place.”

A Global Eagle spokesperson said the company’s infotainment and Wi-Fi systems were separated from safety systems, confirming there was no threat to passengers’ lives. 

“In our case, there was a configuration error that we corrected within two hours of notification last December,” said Doug Murri, VP for operations at Global Eagle. “We have implemented additional layers of security to prevent similar actions.”

Uncloaking military bases

The weaknesses in satcom kit also allowed Santamarta to spy on cargo ships and uncover supposedly hidden military bases.  

Another severe threat is that of radio frequency attacks that could cause physical harm to individuals and electronics. Satellite communications technology can transfer energy via radio frequencies. Santamarta hypothesized it should be possible to cause some kind of physical damage to systems by applying that energy to specific parts of an aircraft or ship. It may even be possible to cause physical burns to a person, if the RF energy was powerful enough, though IOActive decided not test that hypothesis.

Santamarta could also combine his plane attacks with those tested out by colleague Josep Pi Rodriguez. The latter focused on an operating system called WingOS, which is used across aircraft to manage Wi-Fi access points. Rodriguez told Forbes it would be possible to gain a foothold on a plane’s in-flight network via Santamarta’s hacks from the ground, before exploiting the (now patched) WingOS vulnerability. From there a hacker could start snooping on all passenger devices. Rodriguez is detailing his findings later this week at the Def Con conference in Las Vegas, in a talk titled “Breaking Extreme Networks WingOS: How to Own Millions of Devices Running on Aircrafts, Government, Smart Cities and More.”

But Pete Cooper, nonresident senior fellow at the Atlantic Council and formerly of the U.K. Ministry of Defence, played down the severity of the attacks. He noted that even if the hackers can acquire access to an antenna, they’d have to rely on it having a permanent connection to a plane. For the average user, Cooper told Forbes, the threat over Wi-Fi was not much different from that affecting anyone who connected to the internet in a Starbucks. Anyone connecting to public Wi-Fi is in increased danger of being hacked by malicious types on the network.

Though many of the vulerabilities uncovered by Santamarta have been fixed by the vendors, he fears other loopholes remain, leaving open the possibility of ground-based aircraft hacks. Indeed, he told Forbes that not all the issues have been patched. Aircraft hacking could be very dangerous.

“I think there are still [open] attack vectors,” he said, noting it wouldn’t be easy for the myriad vendors to address the problems. That’s largely because the problems are less vulnerabilities than inherent design problems. “In certain cases it’s more of a design issue. It’s not going to be easy.”

Not only aircraft but anything which is connected to internet could be attacked by hackers.

CAR Hacking

Even drones are also suspected for hacking. Drone are used for aerial photography , aerial mapping ,surveillance etc.