Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Wireless devices used by casual pilots vulnerable to hacking, computer scientists find

11.11.2014

A new class of apps and wireless devices used by private pilots during flights for everything from GPS information to data about nearby aircraft is vulnerable to a wide range of security attacks, which in some scenarios could lead to catastrophic outcomes, according to computer scientists at the University of California, San Diego and Johns Hopkins University. They presented their findings Nov. 5 at the 21st ACM Conference on Computer and Communications Security in Scottsdale, Ariz.

Researchers examined three combinations of devices and apps most commonly used by private pilots: the Appareo Stratus 2 receiver with the ForeFlight app; the Garmin GDL 39 receiver with the Garmin Pilot app; and the SageTech Clarity CL01 with the WingX Pro7 app.


Computer science Ph.D. student Devin Lundberg holds the three devices the researchers examined. From left: the Appareo Stratus 2, the SageTech Clarity CL01 and the Garmin GDL 39.

The devices and apps allow casual pilots to access the same information available to the pilot of a private jet--at a fraction of the cost. All the instruments in a high-end cockpit can be valued at more than $20,000. By contrast, the systems the researchers examined are available for $1,000. All have to be paired with tablet computers, most often an iPad, to display information.

The devices researchers examined receive information about the aircraft’s location, the weather, the location of nearby aircraft and airspace restrictions, which they display on the tablet computers via an app. “When you attack these devices, you don’t have control over the aircraft, but you have control over the information the pilot sees,” said Kirill Levchenko, a computer scientist at the Jacobs School of Engineering at UC San Diego, who led the study.

ForeFlight, which pairs with the Appareo Stratus 2, is one of the top 50 grossing apps in the entire Apple App Store—ahead of Apple’s own Pages app, among others.

The team hoped that exposing the systems’ vulnerabilities would increase awareness among users and lead to demands for change. Researchers include several recommendations at the end of their study for safety improvements.

The FAA has the authority to regulate these systems but chooses not to because they are not an integral part of the aircraft, the researchers said. In commercial aircraft the FAA only allows static information, such as maps, to be displayed on tablet computers, cautioning pilots to rely on instruments to fly.

During testing, researchers found significant safety flaws in all three systems. Two of the systems allowed an attacker to replace completely the firmware, which is home to the programs controlling the devices. The Appareo Stratus 2 allowed the firmware to be downgraded to any older version. All three devices allowed an attacker to tamper with the communication between receiver and tablet. Both types of attacks give an attacker full control over safety-critical real-time information shown to the pilot.

By tampering with the aircraft position, altitude, and direction indications, also known as heading, as well as weather data and positions of other aircraft displayed to the pilot, an attacker can deceive the pilot, leading them to take actions detrimental to flight safety. Factors such as visibility and pilot workload increase the likelihood of a catastrophic outcome. For example, misrepresenting aircraft position during final approach in poor weather could result in a collision with other aircraft or a crash into nearby terrain.

Researchers point to several secure design practices that can remedy the flaws they identified. Among them, cryptographically securing communication between receiver and tablet, pairing the receiver with the tablet (in the same way that Apple smart phones are paired with specific computers), signing firmware updates and requiring explicit user interaction before updating device firmware. Data such as maps and approach procedures should be downloaded to the tablet using HTTPS or digitally signed by the vendor.

Most of the systems are fairly new to the market, researchers point out. “It’s a great time to make them secure from the get-go,” Levchenko said.

In addition to Levchenko, co-authors on the paper are UC San Diego computer science Ph.D. students Devin Lundberg, Brown Farinholt, Edward Sullivan and Ryan Mast, UC San Diego computer science professors Stefan Savage and Alex C. Snoeren, as well as Johns Hopkins computer science professor Stephen Checkoway. Lundberg is the first author on the paper.

This work was supported by the National Science Foundation grant NSF-0963702 and by generous research, operational and/or in-kind support from the UC San Diego Center for Networked Systems (CNS).

Paper: On the security of mobile cockpit information systems

Media Contacts

Ioana Patringenaru
Jacobs School of Engineering
Phone: 858-822-0899
ipatrin@ucsd.edu

Ioana Patringenaru | EurekAlert!
Further information:
http://www.ucsd.edu/

More articles from Information Technology:

nachricht Smarter robot vacuum cleaners for automated office cleaning
15.08.2017 | Fraunhofer-Institut für Arbeitswirtschaft und Organisation IAO

nachricht Researchers 3-D print first truly microfluidic 'lab on a chipl devices
15.08.2017 | Brigham Young University

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Exotic quantum states made from light: Physicists create optical “wells” for a super-photon

Physicists at the University of Bonn have managed to create optical hollows and more complex patterns into which the light of a Bose-Einstein condensate flows. The creation of such highly low-loss structures for light is a prerequisite for complex light circuits, such as for quantum information processing for a new generation of computers. The researchers are now presenting their results in the journal Nature Photonics.

Light particles (photons) occur as tiny, indivisible portions. Many thousands of these light portions can be merged to form a single super-photon if they are...

Im Focus: Circular RNA linked to brain function

For the first time, scientists have shown that circular RNA is linked to brain function. When a RNA molecule called Cdr1as was deleted from the genome of mice, the animals had problems filtering out unnecessary information – like patients suffering from neuropsychiatric disorders.

While hundreds of circular RNAs (circRNAs) are abundant in mammalian brains, one big question has remained unanswered: What are they actually good for? In the...

Im Focus: RAVAN CubeSat measures Earth's outgoing energy

An experimental small satellite has successfully collected and delivered data on a key measurement for predicting changes in Earth's climate.

The Radiometer Assessment using Vertically Aligned Nanotubes (RAVAN) CubeSat was launched into low-Earth orbit on Nov. 11, 2016, in order to test new...

Im Focus: Scientists shine new light on the “other high temperature superconductor”

A study led by scientists of the Max Planck Institute for the Structure and Dynamics of Matter (MPSD) at the Center for Free-Electron Laser Science in Hamburg presents evidence of the coexistence of superconductivity and “charge-density-waves” in compounds of the poorly-studied family of bismuthates. This observation opens up new perspectives for a deeper understanding of the phenomenon of high-temperature superconductivity, a topic which is at the core of condensed matter research since more than 30 years. The paper by Nicoletti et al has been published in the PNAS.

Since the beginning of the 20th century, superconductivity had been observed in some metals at temperatures only a few degrees above the absolute zero (minus...

Im Focus: Scientists improve forecast of increasing hazard on Ecuadorian volcano

Researchers from the University of Miami (UM) Rosenstiel School of Marine and Atmospheric Science, the Italian Space Agency (ASI), and the Instituto Geofisico--Escuela Politecnica Nacional (IGEPN) of Ecuador, showed an increasing volcanic danger on Cotopaxi in Ecuador using a powerful technique known as Interferometric Synthetic Aperture Radar (InSAR).

The Andes region in which Cotopaxi volcano is located is known to contain some of the world's most serious volcanic hazard. A mid- to large-size eruption has...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Call for Papers – ICNFT 2018, 5th International Conference on New Forming Technology

16.08.2017 | Event News

Sustainability is the business model of tomorrow

04.08.2017 | Event News

Clash of Realities 2017: Registration now open. International Conference at TH Köln

26.07.2017 | Event News

 
Latest News

New thruster design increases efficiency for future spaceflight

16.08.2017 | Physics and Astronomy

Transporting spin: A graphene and boron nitride heterostructure creates large spin signals

16.08.2017 | Materials Sciences

A new method for the 3-D printing of living tissues

16.08.2017 | Interdisciplinary Research

VideoLinks
B2B-VideoLinks
More VideoLinks >>>