Papa, j'ai détourné l'avion....

[jpfly]

Une nouvelle déconcertante...

Les systèmes informatiques dans les avions sont vulnérables aux attaques des pirates informatiques, suis-je étonné?

Hacker claims he can remotely hijack airplanes using an Android app
http://www.engadget.com/2013/04/11/plan ... cking-app/

Hugo Teso, a security consultant who also happens to be a trained commercial pilot, says he's developed an Android app that can make an airliner "dance to his tune" by attacking its flight management systems.

Plus de détail ici:
http://www.net-security.org/secworld.php?id=14733

La présentation est a ce lien:
http://conference.hitb.org/hitbsecconf2 ... Series.pdf

Ce n'était qu'une question de temps avant qu'un "hacker" s'y interesse.

Bonne lecture

JPFly

[AlexisBV]

Je doute très sérieusement de cette allégation. Corrigez-moi si je me trompe mais à ma connaissance un FMS ne peut-être pas programmé via datalink...

Pis tu peux très bien être pilote commercial sans jamais avoir touché plus qu'un C150!

[Synoptic]

Sans connaître les détails techniques nécéssaires pour effectuer ce genre d'activité, il me semble clair que les systèmes de navigation actuels manquent de sécurité.

[AlexisBV]

Un système sur lequel tu peux pas te brancher à distance est pas mal sécuritaire selon mon

Essaye avec un iChose de "hacker" un IBM des années 70 ... Un FMS est à peine plus évolué côté matériel que ça!

[jpfly]

J'ai lancé cela un peu vite ce matin, désolé.

Voici ma compréhension du problème.
Ce sont les liens de communication entre l'avion (commerciaux) et le sol qui pose problème.
Par exemple ARCARS (Aircraft Communications Addressing and Reporting System) c'est un canal de communication bidirectionnel entre les stations au sol et l'ordinateur de bord des avions via une communication VHF. A partir de ce lien, l'équipage reçoit les mises à jour du plan de vol, des informations météo, etc.
Ce qui semble ressortir de la présentation est que par design, les liens de communication n'intègrent pas un mécanisme permettant d'authentifier la source du message. En autre mot, l'avion ou la station au sol pourraient recevoir des messages « SPAM » sans être en mesure de déterminer s'il s'agit d'un message réel ou un faux message.

À partir de ce point..., les conséquences peuvent être fâcheuses.

Le protocol ADS-B(Automatic dependent surveillance-broadcast) semble souffrir du même problème.



JPFly

[Synoptic]

Pour plus de détail :

http://www.tested.com/tech/concepts/454 ... droid-app/

Could Hackers Hijack Airplanes with an Android App?
BY WESLEY FENLON ON APRIL 11, 2013 AT 1:30 P.M.
A security consultant claims to be able to hack into the flight management systems of airplanes, but his virtual experiments don't necessarily indicate real-world danger.


Airplane security revolves around preventing hijackers from commandeering planes with weapons or explosives. But a recent presentation from the Hack in the Box conference in Amsterdam makes us wonder if another type of hijacking altogether poses a threat to airplane security. At the conference, security consultant Hugo Teso claimed to be able to hack into the Flight Management System computers of certain aircraft with two tools he's written. Teso demonstrated being able to take control of virtual aircraft with his exploit framework SIMON and Android app PlaneSploit.

Here's a disturbing image, if ever there was one: someone casually pulls out their Android phone on a flight, takes control of the plane with a simple app, and sends it crashing to the ground with a few taps.


PHOTO CREDIT: FLICKR USER SEBASTIANSUK VIA CREATIVE COMMONS.
Now for the obvious question: Is this even possible? Is Teso completely exaggerating the real-world applications of hacking Flight Management Systems? The Android app PlaneSploit is only an easy-to-use front end for SIMON, Teso's exploit. It's hard to know exactly how something in the virtual world applies to the physical.

Net-Security.org writes "Teso developed the SIMON framework that is deliberately made only to work in a virtual environment and cannot be used on real-life aircrafts. His testing laboratory consists of a series of software and hardware products, but the connection and communication methods, as well as ways of exploitation, are absolutely the same as they would be in an actual real-world scenario.

Since it's nearly impossible to detect the framework once deployed on the Flight Management System, there is no need to disguise it like a rootkit. By using SIMON, the attacker can upload a specific payload to the remote FMS, upload flight plans, detailed commands or even custom plugins that could be developed for the framework."


IMAGE CREDIT: HUGO TESO
The slides from Teso's presentation are available online. The presentation includes a couple worrisome statements--specifically, that ADS-B, the automatic dependent surveillance broadcast system, and ACARS, the Aircraft Communications Addressing and Reporting System, have no security. Hacking into those systems could grant someone access to flight report data, interfere with communication between air traffic control and the airplane, or spoofing plane instruments.

And this isn't the first time someone has written about exploiting ADS-B.

It can be used to track airplanes relatively easily. A thread on Metafilter about Planesploit casts some doubt on the real danger of Teso's SIMON. While many commenters agree that these communication systems are likely poorly guarded and exploitable, just like most computer software, that doesn't mean someone could actually use them to control an airplane. Here's a healthy dose of skepticism:

There is, in general, not one single computer running the whole show on a large aircraft - for safety reasons there are multiply redundant, distributed systems. Autopilot does not control the fly-by-wire, for example. From what I can tell, he is talking about taking over the Flight Management System (FMS), which he is then using to direct commands to other aircraft systems. There are at least two FMSs per aircraft, so a "full takeover" would probably require commandeering both (or all three) FMSs, all of the air data computers, and all of the autopilots (Category III landing capabilities require three independent autopilots)...

The airplane is designed to remain safe and functional even if the FMSs fail. Again, multiply redundant systems. Multiple MFDs can fail, multiple autopilots can fail, you could have a total electrical failure and still fly the airplane. Even the Dreamliner, the most electric airplane in the world, is designed to fly with a total electrical failure...

So this guy is claiming he can somehow get a message through ACARS which will inject malicious code into an FMS unit, which he can then use to control the aircraft. I do agree this is a serious security problem, but the fact that there are multiply redundant systems means a competent flight crew should be able to maintain control of the aircraft. If he's spoofing messages, traffic, or whatever else, there are other independent systems available on board that will contradict the bad information and will not be affected by his hack. Shutting down compromised FMS units, autopilots, or whatever else is possible and the aircraft will still fly. You could shut down basically the whole flight deck and still fly the airplane safely...

Long story short--interesting presentation, but there are several differences between his simulation and "real world" implementation that keeps this from becoming the giant security hole it looks like offhand.

Most likely, Teso's research points to some security holes that do need fixing in ADS-B and ACARS--but in the real world, that image of a hacker crashing a plane with an Android phone isn't likely to come true.