A German researcher claimed to have discovered security vulnerabilities in aircraft communication technologies, but aviation industry experts have dismissed the idea. This latest report is not the first time that avionics technology has been called into question, however, prompting discussions about the software security of these systems.
A threat to flight management systems?
According to Hugo Teso, a researcher at German security consultancy N.runs who also has a commercial pilot’s license, the lack of security features in aircraft tracking technology ADS-B (automatic dependent surveillance-broadcast) and message transmission system ACARS (Aircraft Communications Addressing and Reporting System) could enable an attacker to send malicious messages to disrupt planes’ flight management systems (FMS). In a presentation at the recent Hack In The Box security conference in Amsterdam, he explained that vulnerabilities in these specialized computers, which automate in-flight navigation and flight planning tasks, could be exploited to seize control of a plane’s autopilot system.
“You can use this system to modify approximately everything related to the navigation of the plane,” Teso told Forbes’ Andy Greenberg. “That includes a lot of nasty things.”
Teso demonstrated an Android application he had built that would allow a user to redirect a plane’s flight path in a couple of touches. Since ACARS messages have no security, an airplane has no way to determine their validity. As a result, they are automatically accepted and can be used to upload data to a plane that would trigger vulnerabilities.
Teso noted, however, that in a real world attack a pilot would likely be able to regain control of the aircraft and that authorities would likely be able to locate the source of rogue ACARS messages. The research was done on vendor simulation software that reportedly used actual code and a Honeywell FMS Teso purchased on eBay. Testing the attack on real aircraft would have been both dangerous and illegal. Although Teso did not explain the specific vulnerabilities targeted, he disclosed them to the Federal Aviation Administration (FAA) and the European Aviation Safety Administration, (EASA), as well as the companies affected.
An imagined problem?
The FAA, EASA and two of the affected vendors – Rockwell Collins and Honeywell – have all since issued statements dismissing the validity of the exploit, Forbes reported. While the attack works on PC simulation software, actual aircraft controls have more security built in that would prevent such exploits, they claimed.
“For more than 30 years now, the development of certifiable embedded software has been following strict guidance and best practices that include in particular robustness that is not present on ground-based simulation software,” the EASA stated.
According to the FAA, the attack is not capable of engaging or controlling an aircraft’s autopilot system using the FMS. As a result, Teso’s claim that an attacker could gain full control is inaccurate.
Teso’s report is not the first time security researchers have questioned the security of aircraft systems, however. Last year, several separate researchers highlighted the danger of the ADS-B system, which will be the primary mode of aircraft tracking in the U.S. by 2020. Since ADS-B lacks encryption, anyone with the right equipment could theoretically spoof a signal or jam the system with fake flight tracking data, confusing either pilots or air traffic controllers. One of these researchers, Brad “Renderman” Haines, argued in response to Teso’s research that the FAA has not done anything to prove its systems are actually safe beyond making claims, according to VentureBeat. He advocated for giving researchers access to a test lab, suggesting that the FAA should be able to back up its claims.
Given the criticality of such systems, avionics equipment is likely to be the subject of ongoing scrutiny. As the issue of aviation software security continues to gain attention, manufacturers may need to take added precautions to assure onlookers and researchers of their systems’ safety and avoid PR fallout. Using tools such as static analysis software, developers can identify and eliminate potential vulnerabilities in FMS software and other aircraft systems.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.