Chris Ilsley and I spent some time talking about some of the theories surrounding the disappearance of Malaysia Air Flight MH370. Here are some of the notes I made after some research on aircraft and similar systems and how in some cases these have been compromised in the past.
In the news arena we are seeing endless speculation surrounding the disappearance of Malaysia Air flight MH370. One of the theories have postulated that the aircraft could have been hijacked remotely by an external party and directed hopefully to an airfield or possibly crashed. I will not go into the actual event but I will talk about the possibilities of this happening and cite other cases where this has been successful with similar scenarios.
This is more to do with exploring the technology and how it has been comprimised in the past. It is not speculation on the actual MH370 incident, rather it is investigating the speculation of cyber-hijacking in most modern systems commonly found on commercial, private and military craft and vehicles.
It should come as no surprise that the Boeing 777-200 is packed full of all sorts of technology responsible for many functions on board from communications and navigation to climate control and entertainment.
This has led to speculation that it might be possible to compromise flight control systems or navigational data and effectively take control of an aircraft.
Here are a few examples of compromised systems that could give credence to the possibility of hacking or cyber-hijacking.
31/7/2010 Defcon presentation exposes security hole.
A talk given by Mike Metzger revealed that the wireless communication used to monitor tyre pressure uses unencrypted RF signals to talk to the ECU potentially exposing not only the tyre pressure sensor systems but the entire ECU to outside control. The same RF receiver on most models is also used by other systems including the ignition and security systems.
Interestingly the tyre pressure sensor systems has been legislated in the USA to be installed in all vehicles manufactured after 2007 but there were no standards enforced in regards to encryption or security.
2/7/2012 Drone Hijacked by researchers from Texas College.
This report shows how researchers using a device built from US$1000 worth of components was able to take control of a surveillance from a ground based location. This was done to demonstrate to Department of Homeland Security officials the risks of using current technology to control thousands of drones in US airspace. Currently the Pentagon is in talks with FAA to open up the rules to allow the use of government and commercial drones by 2015.
10/4/2013 Hack In The Box conference demonstrates airline hack possible from mobile phone.
The 2013 Hack In The Box conference in Amsterdam is where security consultant Hugo Teso demonstrated how it would be possible to remotely access and assume full control of an aircraft without the need for physical access to the aircraft. This was made possible through the Automated Dependent Surveillance-Broadcast system which has no security and was made known at Def Con 20. Also the Aircraft Communications Addressing and Reporting System (ACARS) operates without any substantial security measures.
Using this knowledge and knowledge of vulnerabilities of the flaws in software used by aircraft, Teso was able to hijack virtual aircraft and take control of pretty much all systems on the aircraft with the only failsafe being the pilots themselves.
All this was demonstrated on an android powered mobile phone. The big flaw here is in not only in the lack of authentication and encryption systems but also the age of the software used in aircraft and the extended times it takes to install software upgrades.
30/7/2013 – Texas University Students take control of a super-yacht by spoofing GPS signals.
This was done with the permission of the owners of the 65 meter White Rose and with a team of engineers onboard with a breifcase-sized device that sent faint GPS signals at the ships GPS reciever. Using this method they were able to alter the course of the yacht without setting alarms in the navigation systems even though everyone on board was aware of the change in course.
2/12/2013 Skyjack hardware and software package released.
Samy Kamkar, released and demonstrated his technique for launching a modified Parrot AR drone to find, intercept and assume control of other Parrot AR drones within wireless range.
Using software, a Raspberry Pi Computer and other cheap off-the-shelf components, Kamkar was able to use his drone to find other AR Drones, break the wireless connection to the legitimate owner, assume control of the drone and assign control over to the skyjack-equipped drone where the drone can be controlled remotely by Kamkar.
These cases have demonstrated that cyber hijacking of an aircraft is possible and the old industries that use computerised systems for reporting and control need to take security seriously as the reliance on computer technology in common transport continues to escalate.