New onboard aircraft technologies have increasing requirements for connectivity to enable everything from entertainment to safe navigation. But they also open the door for bad actors to exploit unpatched vulnerabilities — and to discover and exploit new ones. So as modern airliners become more connected, the risk of a cyber attack involving the takeover of aircraft systems grows. The industry must stay ahead of and mitigate these threats to ensure operational uptime and flight safety.
Can cyber attacks affect airliners?
Aircraft control surfaces — like avionics and flight controls — are logically and sometimes physically separated from other onboard networks. Nevertheless, researchers continue looking for vulnerabilities in hopes of strengthening safeguards that make aviation one of the safest forms of transportation.
In 2017, Robert Hickey, a program manager with the Cyber Security Division of the Department of Homeland Security’s Science and Technology Directorate, said he was able to achieve “a remote, non-cooperative penetration” of a Boeing 757. Findings like these illustrate why it’s essential to continue searching for cyber threats to aircraft and to take steps to prevent them.
What are some potential cybersecurity threats to airliners?
Flight-critical control systems must meet strenuous flight safety standards and have at least one (and sometimes many) backup systems in case of a fault. These protections isolate problems and help ensure cyber vulnerabilities minimally impact flight safety. Even in isolation, though, there are ways hackers could impact aircraft, particularly when a bad actor could manipulate data externally.
ADS-B spoofing
An aircraft’s Automatic Dependent Surveillance-Broadcast (ADS-B) system uses onboard transponders to send signals once per second that Air Traffic Control (ATC) and other aircraft receive. This process assists safe navigation by giving pilots and ATC a highly accurate picture of what planes are in the vicinity, including their identity, position, and speed.
The communications between aircraft and the ground use protections like encryption and multilateration, or MLAT, to ensure their accuracy. MLAT is a technique that uses multiple ground-based stations to listen to an aircraft’s transponder signals. Computers analyze the time differences between the aircraft and the fixed locations to determine a precise position for the aircraft, then that information is provided to ATC.
But aircraft-to-aircraft ADS-B communications aren’t encrypted and don’t use multilateration, which creates a potential cyber threat. In fact, transponder signals are public, which makes them vulnerable to spoofing. Spoofing involves an attacker identifying an aircraft by its transponder signal and then faking signal inputs to affect the aircraft. This malicious impression of where an aircraft is and its direction could be received by other airplanes, causing incorrect speed and position calculations.
The FAA says redundancies both within ADS-B and provided by other systems protect against this sort of danger. However, it is crucial to be vigilant about threats to ADS-B because of the potential consequences of a successful attack. Because this is a known attack surface, there’s always a risk that hackers could evolve their methods to make flight crews believe other spoofed data.
Electronic Flight Bag (EFB) tampering
Electronic flight bags (EFB) are mobile devices running applications that help the flight crew conduct tasks performed in the past using paper manuals and handwritten calculations. These functions include flight planning, navigation charts, checklists, and operations manuals needed throughout the flight. But at their core, EFBs are usually just tablets and are susceptible to the same threats as any other mobile device. Any external manipulation of the EFB, the apps they run, or the data they use could impact flight safety.
EFBs travel wherever the flight crew travels, including hotels, bars, restaurants, and other public spaces. It’s also not uncommon for crew members to use EFB tablets for personal purposes, like streaming media, surfing the web, or checking email. All of these situations create multiple exposure points, especially the use of publicly-available Wi-Fi, leaving EFBs vulnerable to attacks.
For example, exploits in the software running on an EFB could allow a bad actor to manipulate data like the runway length. This measurement is critical because it’s part of take-off and landing calculations, along with speed, weight, and other positioning information. Should the runway length measurement be too short, it could cause a pilot to roll the aircraft too late or too sharply at take-off, resulting in a tail strike. Tail strikes could cause significant damage to the airframe, enough so that an aircraft could sustain hundreds of thousands of dollars in damage.
Unwitting Maintainer Firmware Updates
Not every threat originates on the aircraft, and some may be two or more places removed from the aircraft’s protective security bubble. For example, ground crews use maintenance devices — usually laptops — to perform various tasks like manual software updates. These laptops could provide an attacker with a more traditional IT-based point of entry into an OT platform.
While operators take measures to keep maintenance devices air-gapped, we know it’s possible to breach an air gap. And even the most air-gapped devices touch an external data source at some point for software patches and security updates. Each of these touches is a potential exposure point a bad actor can use to move closer to compromising an aircraft.
A compromised maintenance device could even provide direct access to the maintenance loop of an aircraft’s OT networks and components. With privileged access to a maintenance device, the bad actor could insert themselves into the firmware update process to replace the code on an OT device with whatever they want. And with legacy aircraft, there is no way to perform firmware checks that ensure what’s loaded is authentic code. Malicious firmware could even grant an attacker persistence on the aircraft.
So what can you do about it?
Staying ahead of threats to commercial aircraft requires real-time knowledge of what’s happening onboard — and across your fleet. Shift5 defends planes, trains, and military vehicles from cyber threats. Our platform helps operators of fleet aircraft adhere to compliance and critical infrastructure cybersecurity standards so that they can prioritize their operations—and their customers. We also understand the importance of meeting and exceeding regulatory mandates, which is why we streamline the process of complying with Aircraft Network Security Program (ANSP) requirements. Our team includes technical prowess with backgrounds in government, intelligence, and the aviation industry, so we have the expertise to handle the unique challenges of this vital sector.
Contact us today to learn how we can meet your organization’s needs.