Flying Secure

Cybersecurity associated with all aspects of aircraft technologies is becoming increasingly important.

In December 2017, IOACTIVE cybersecurity researcher Ruben Santamarta demonstrated his ability to establish a shell presence on a real in-flight airborne commercial airplane internet modem. The general public, though, would not learn about the demonstration until mid-2018, when Santamarta released a preview of a 70-page report detailing how the flaws exposed in that modem also allowed him to spy on cargo ships and hidden military bases.

The hack was achieved by exposing a software backdoor embedded within the aircraft’s satellite communications terminal. Backdoors are commonly embedded within such products as part of a design pattern. When the manufacturer of the terminal, Hughes, learned of the flaw, it was patched immediately. The report also confirmed the hack did not provide access to any onboard safety-critical avionics systems due to the way in which modern aircraft networks are segregated across three different domains.

What’s even more interesting about the attack is that Santamarta learned about the design of the modem and the entire in-flight internet architecture through press releases, a 2013 article in The New York Times and other information widely available on the internet. Though it did show that avionics systems remain untouched from remote hacking, it still represents a major shift in reality for aircraft connectivity suppliers; someone finally achieved the seemingly impossible. Santamarta’s demonstration was done in an effort to help improve in-flight internet security.

As you will see, cybersecurity associated with all aspects of aircraft technologies is becoming increasingly important. We note the growing importance of securing avionics data bus and network test systems from hacking risks. Chris Roberts, the cybersecurity researcher who made headlines in 2015 for claiming to gain access to flight control systems on a Boeing 777 through IFE, provides his thoughts on how to continually secure avionics designs. Security is also an issue for some segments of aviation equipping with ADS-B. We also feature articles on the $760 million business and general aviation aftermarket, and the first of a two-part series of articles detailing the transient nature of digital design associated with new avionics technologies. AVS

previousAvionics in China: C919 Development and Future Growth nextYour ADS-B Questions Answered