Hello,

 

I just heard from someone that there are advances in FMC technology and they can now be set by Wi-fi and Bluetooth. Is this true?

 

Thanks in advance.

Company remotley programming Routes into the FMS via ACARS has been around for over a decade.

 

Bluetooth and Wifi?... no.

 

Trent Hopkinson

Ok, I was wondering about this, I hadn't heard about any bluetooth or wi-fi in the FMC before. Thanks.

Captain: "Do you have our Flightplan???"

1st: "Yes i got it on my ipad and a security Backup on my Blackberry. Just let me start Bluetooth "

Technically, I see no reason why it wouldnt work... but I dont see how it would be more useful than, say, ACARS.

Technically, I see no reason why it wouldnt work... but I dont see how it would be more useful than, say, ACARS.

 

That and I can certainly see how it could pose a much greater security risk than ACARS.

That and I can certainly see how it could pose a much greater security risk than ACARS.

 

I was about to say that, but I was wondering if it was just the Security+ instructor side of me...glad someone else picked up on that.

 

*Simmer/Hacker Dude stands up in 4th row, whispering to the people around him*

Hey everyone, I just saved us 40 minutes by putting us direct from DEN to ESL! I had to hack in on my cell phone, but I did it!!!

A lot of larger tube liners actually use some sort of WiFi (different frequencies, same protocol in general) at the gate to send and receive data to and from dispatch. These could be flight logs,engine parameters recorded throughout the flight,... Thinking about it, the extremely short range that Bluetooth has, would render it useless in this case.

Why would you prefer WiFi over ACARS? Easy, WiFi has a lot more bandwidth.

Kyle, the scenario you propose isn't that far fetched. In the more current generations of aircrafts, everything is connected with everything. I wouldn't be surprised if it was possible to control the entire aircraft from a laptop. It would take time and rather specific hardware though.

Right, but with text-based data like that, there's no real huge need for a lot of bandwidth. We're not streaming live video to the planes. It's simple data in the transactions.

 

Beyond that, the claim I could hack into an aircraft's network to control it is very far fetched, as the aircraft network infrastructure is separate for the passenger entertainment and aircraft systems.. The only one that had a mention of a single network issue was the 787, but I can't remember if that one's been resolved. There was mention of air gapped portions of that network (meaning no network access between the passengers and the secure systems), but the spokesperson also remained very vague and said "in some parts they're touching, in other parts they're not."

 

To me, it seems that there's an allusion to an interconnection between certain portions of the network (tail/nose/etc cams, and other non-essential systems), where there's no connection between the flight deck controls and the passengers.

Sending text won't take a lot of bandwidth... Sending a lot of text over a short amount of time will. Which is exactly what the WiFi(I believe the term is GateLink) is used for.

I'm not talking about using the Passenger entertainment systems, I'm talking about using radio signals.

Keep in mind, technology has changed, you used to listen to your VHF radio straight from the air. These days, the signal is processed first.(Not only in Long Haulers like the 777 with CPDLC capabilities, but pretty much in any modern aircraft.) it's possible these signals and the processors behind them are vulnerable to injections.

A few months ago, some guys had a proof of concept where they could start, stop and control cars just by using a laptop and a simple FM transmitter. Airplanes will be a LOT tougher to crack, but nothing's impossible.

Think of it like this... The Atlantikwall was designed to completely stop an invasion... It held up just a few hours. If it can be built, it can be taken down.

Sending text won't take a lot of bandwidth... Sending a lot of text over a short amount of time will. Which is exactly what the WiFi(I believe the term is GateLink) is used for.

I'm not talking about using the Passenger entertainment systems, I'm talking about using radio signals.

Keep in mind, technology has changed, you used to listen to your VHF radio straight from the air. These days, the signal is processed first.(Not only in Long Haulers like the 777 with CPDLC capabilities, but pretty much in any modern aircraft.) it's possible these signals and the processors behind them are vulnerable to injections.

A few months ago, some guys had a proof of concept where they could start, stop and control cars just by using a laptop and a simple FM transmitter. Airplanes will be a LOT tougher to crack, but nothing's impossible.

Think of it like this... The Atlantikwall was designed to completely stop an invasion... It held up just a few hours. If it can be built, it can be taken down.

 

Right, but if a network is physically isolated without wireless (airgapped is the term I used above), it cannot be attacked using wireless or any other device. Other than creating a ton of interference and affecting network communication (in the case of Ether or some other metal-wire cabling), short of a direct tap you're not going to actually take control of communication on the network. That's nearly impossible in a plane unless you pull up the flooring, or find some wiring in a closet. In the case of fiber, as an attacker you're veritably screwed. EMI/RFI have no affect, and there's no easy way to tap it without being discovered (taps on Ether allow the original parties to continue to communicate; taps on Fiber often end up in nobody communicating, but if done right the attacker can communicate with the target, while the other party is cut out).

 

Security is never about impossible (if someone believes it is, they're lying to you), it's about creating a situation of improbability.

 

AES-256 isn't impossible to crack, it's improbable that you will be able to crack it within your lifetime, however.

Julian Assange's thermonuclear file is out on the internet, freely available on torrent sites. It's encrypted with AES-256. Still hasn't been decrypted.

Since there is communication (VHF, HF, ACARS, CPDLC in some cases), the plane is not wirelessly isolated.

In the old days, you used to control the radios directly. In modern airplanes, with modern radios, you don't. You tell a microprocessor what you want it to do, and it tries to comply or gives you an error. The incoming transmissions are decoded and sent to the right channels (might be an audio channel or a data bus.). In most modern flightdecks, a lot of systems are interconnected, the radios could be attached to the FMC, which is part of the FMS. I'm not saying there is a flaw or gap in there, I'm just portraying a hypothetical situation.

But, let's say there actually is a flaw somewhere in the code. And, lets say this flaw is something critical(or gives access to something critical). It will take a lot of time, and probably some sort of reverse engineering, but it COULD be done. Would it be a viable option? Of course not, it's much easier to get in physical control of the plane, even these days.

Would we ever know about this flaw? No, we probably wouldn't since it would not be discovered (unless the manufacturer discovers it, in which case I bet they're not going to announce it to the public).

But what you were saying really wasn't that far fetched, improbable as you said, but not unthinkable. The more computers you put in something, the more vulnerable it is to a cyber attack, this always has been and probably always will be true. Does that mean a cyber attack is imminent or will ever happen? Probably not, taking physical control or just shooting a plane down is a lot easier and doesn't take nearly the amount of brainpower.

 

Now, about AES-256. Has AES-256 been cracked? Not that we know and probably not. But making it public would be the dumbest thing to do. Keeping information on your side of the fence is an effective way to encrypt something. If somebody else uses the same form of encryption, and trusts it, without knowing you have what it takes to easily intercept that data, you have an immense advantage.

Isn't Bluetooth unsecure and unreliable? It's slow too...

Since there is communication (VHF, HF, ACARS, CPDLC in some cases), the plane is not wirelessly isolated.

In the old days, you used to control the radios directly. In modern airplanes, with modern radios, you don't. You tell a microprocessor what you want it to do, and it tries to comply or gives you an error. The incoming transmissions are decoded and sent to the right channels (might be an audio channel or a data bus.). In most modern flightdecks, a lot of systems are interconnected, the radios could be attached to the FMC, which is part of the FMS. I'm not saying there is a flaw or gap in there, I'm just portraying a hypothetical situation.

But, let's say there actually is a flaw somewhere in the code. And, lets say this flaw is something critical(or gives access to something critical). It will take a lot of time, and probably some sort of reverse engineering, but it COULD be done. Would it be a viable option? Of course not, it's much easier to get in physical control of the plane, even these days.

Would we ever know about this flaw? No, we probably wouldn't since it would not be discovered (unless the manufacturer discovers it, in which case I bet they're not going to announce it to the public).

But what you were saying really wasn't that far fetched, improbable as you said, but not unthinkable. The more computers you put in something, the more vulnerable it is to a cyber attack, this always has been and probably always will be true. Does that mean a cyber attack is imminent or will ever happen? Probably not, taking physical control or just shooting a plane down is a lot easier and doesn't take nearly the amount of brainpower.

 

It seems there's a fundamental misunderstanding here. Because communication exists does not make a system vulnerable. Sending a whole bunch of malicious traffic at something doesn't necessarily mean you can get it to do anything you want. I can't send a whole bunch of network traffic at my sim rig and make it print paper out of it because it's not a printer. Similarly, I can't send a whole bunch of malicious traffic at an aircraft's radios (despite the modern automation of the radios) and gain access to its flight controls, assuming the people who designed the systems wasn't a complete idiot. Just because the computers control a system that communicates doesn't necessarily mean that it's possible for you to attack it via that communication device.

 

Adding security to a system isn't very hard at all. The issue is that most people don't have it.

 

Example: If you have a wireless card, bust open the available networks window and let me know if you see "Belkin," "Netgear," or "Linksys." Further, how many of those main names are unsecured? Beyond that, jump onto one of those networks and go to the router config page (http://192.168.1.1 for Linksys at the very least, and admin/admin, or [blank]/admin). Guaranteed it's left at the defaults and you're right in (and can kick the legitimate users out).

 

It's not that hackers are necessarily smart, it's that they know how people are lacking in specific areas.

 

The more computers does not necessarily mean there are more chances for cyber attacks. The more computers means there's more targets, not that it's more likely, or easier (depending on your architecture and settings). If we have more tanks in the military does that make us a larger target? Sure, there are more targets, but it doesn't mean said targets are easy picking.

 

Further, again, the systems are air gapped, meaning there's no way packets can hop from one network onto the other network of computers. As an example, if I have a computer in a room, isolated from the external network (internet) both by lack of ether cable and wireless, there's no way to attack it via network connections, even if it has its own cabling between it and a couple other computers in its local network (provided those computer also do not have access to the network). Even if I add in an aviation radio transceiver that's controlled by my computer, there's no way to hack into the air gapped network because the transceiver doesn't have a path back to control the computer.

 

I see where you're coming from in that it is true, if the system was set up without any security, there would be risks involved. It's not as easy as most people make it out to be, however. Just because certain things have been cracked, it doesn't mean the average kid in his basement with an Alienware can do it.

 

Now, about AES-256. Has AES-256 been cracked? Not that we know and probably not. But making it public would be the dumbest thing to do. Keeping information on your side of the fence is an effective way to encrypt something. If somebody else uses the same form of encryption, and trusts it, without knowing you have what it takes to easily intercept that data, you have an immense advantage.

 

Certain weaker levels of AES have been cracked through some inventive attacks.

Bruce Schneier (one of the more well-known cryptographers) outlines it here: http://www.schneier.com/blog/archives/2009/07/another_new_aes.html

What of this sort of technology was integrated with the virtual FMC in say the NGX so that I could program my flight management computer without having to boot up the PC?