Yesterday hackers were able to ground 10 airplanes in Poland’s state-owned LOT fleet. Earlier this month, a similar and unexplained problem grounded United Airlinesflights across the United States. The two might have a variable in common: A security flaw that affects all commercial planes.
According to Wired, the problem lies in the way that flight plans are distributed to planes, mainly in that it doesn’t require any sort of authentication. The way that planes recieve their flight plans is inherently trusting of the plans it recieves.
Overly trusting. An expert tells Wired that essentially, planes are set up to accept whatever flight plans are sent to them, as long as the plans are sent in a way that makes sense for the particular model of plane. Ultimately what the means is that if a hacker can figure out the appropriate format to use while speaking to 747s, 757s, etc, they can flood planes with bogus plans.
It’s not quite as bad as it sounds. Even if a plane gets sent a bogus plan, it has to be approved by a pilot. This is a spam attack, and nothing more. As Wired explains:
It’s important to note that while this loophole could cause confusion resulting in planes being grounded before takeoff. [Independent consultant and chair of the SAE-sponsored Ku/Ka band satcom subcommittee, Peter Lemme] says it wouldn’t be a safety concern since there are checks in place to ensure that pilots don’t follow incorrect flight paths that take them into the course of another plane. These checks apparently worked as they were intended in Poland when flights were grounded.
Even if the changes to the flight plan where somehow both subtle enough that a pilot might miss them and also dangerous enough to cause something catastrophic like a crash, the change would almost certainly be caught when pilots confirmed changes with air traffic control.
This vulnerability is annoying, not particularly dangerous. But unless the protocol gets modified to require some sort of credentials from flight plan senders, it could remain trivially easy for hackers to ground flights at will.
View the original content and more from this author here: http://ift.tt/1N4njiT
from hacker samurai http://ift.tt/1LrcOZB
via IFTTT
No comments:
Post a Comment