Aviation News

May 19, 2015

Anatomy of a Story: Why the ‘Airliner Hacking’ Claim is Bull

If you were watching the game on your brand new big screen TV, and your buddy made the claim that he had controlled your microwave by hacking into the TV’s system, you would certainly deride him and not take it seriously. Our comprehension of the TV and the microwave, and the sole thing linking them (the 110 volts AC in the house) tells us that there is no rational basis for your buddy’s claim.

However, if someone had told you that they were able to hack into an airliner’s inflight entertainment system and use that to hack into the flight deck’s automation, you may find it plausible not knowing the design and the specifics if each system.

The media firestorm has spread, here with

The media firestorm has spread, here with “Be afraid, be very afraid.” Nice.

Recently, Wired published an article claiming that a man did just that, and inferred with the title that the FAA confirmed the action. The man in question, Chris Roberts, is basking in his requisite 15 minutes of fame.

This has already created hysteria in the media, and fears of safety that have spread throughout the masses without warrant. Other news agencies are picking up the story, even after many in the aviation industry have already come out hard against the ridiculous claim.

The “feds” reference is merely text in an FBI’s filing of a search warrant, which is quoting a fear of the hacker’s claim, not confirmation of a successful action of the part of Roberts.

Slicing The Baloney

Like the analogy of the TV and the microwave, the only thing the inflight entertainment and the flight deck computer share in common is the vessel they are in and the power supplied to them. Mr. Roberts was the master of fabricating a story of his being able to hack into more than a wide variety of movies and TV shows.

The flight control and engine management computers are designed and programmed solely for that one purpose. The power supplied to them is either through the standard aircraft power, or dedicated power from purpose built engine generators. Hacking into these systems would require direct access to the system and specialized hardware and software to do anything useful other than disrupt it. Had Mr. Roberts physically hacked through the floorboards and made his way into the aircraft’s E&E (electronic and equipment) compartment, his claim would have some credibility.

If any hacker were able to find a way to take control of an airliner, the FAA would immediately ground the fleet until a change could be made to the design guard against this, initiated by an emergency Airworthiness Directive (AD). Had Mr. Roberts been able to do anything more than disrupt his seatmate’s Tetris game, he would have been immediately placed in jail for hijacking. As it stands now, his computers are being looked at, and he will likely be charged with either attempted hijacking or trying to interfere with crewmembers.

Wired leaped forward on this story without researching it properly. In doing so, they have given a spotlight to Chris Roberts and his claims. But that limelight has burned out, and Mr. Robert’s 15 minutes of fame are over.


John Steffen is a former airline pilot and aviation expert and historian currently residing in New York.

Phil Derner founded NYCAviation in 2003. A lifetime aviation enthusiast that grew up across the water from La Guardia Airport, Phil has airline experience as a Loadmaster, Operations Controller and Flight Dispatcher. He currently runs NYCAviation and performs duties as an aviation expert for the media. You can reach him by email or follow him on Twitter.



About the Author

John Steffen and Phil Derner Jr.





 
 

 

The Legal Responsibility of Passengers During an Airplane Evacuation

Following a plane crash, it's imperative that the aircraft evacuation move quickly. But what are your legal responsibilities as a passenger?
by David J. Williams
0

 
 

How Existing Funding Could Keep The FAA Open In A Future Shutdown

The government shutdown drags on, and is now in its third week. Tom Rainey Jr. explores how Congress could insulate the FAA's operations from a future shutdown, primarily using existing funding.
by Tom Rainey
0

 

 

UAS in the USA: A History of Drone Regulations

The FAA has developed regulations for drone operators to operate their UAS for fun or for profit in a legal and safe environment, but the path was not always quick or straightforward.
by David J. Williams
1

 
 

OPINION: Privatization Is Not The Answer For Our ATC System

Columnist Dave Williams takes a look at President Trump's proposal to privatize the nation's air traffic control system, and finds that there are more cons than there are pros.
by David J. Williams
0

 
 

OPINION: The Issues Behind Air Traffic Control Reform

Air Traffic Control privatization is being considered by Congress. Let's take a close look at the process, the prospects, and some of the top issues.
by Tom Rainey
0

 




  • JimNtexas

    This whole thing is nonsense. The guy pried open a seat and got on the inflight entertainment system (IFE) ethernet. There he saw these hosts:

    EICAS
    PAX_OX_ON
    SATCOM

    Think about it. EICAS is the caution and warning system (it has different names on different airplanes). IT people, think of as the debug output of the airplane

    When you buy an IFE system for your airliner you have the option to use the IFE Satcom to transmit back maintenance data to your home base via ACARS. Air France 447 used this system, MH 370 had the Satcom but didn’t transmit any data.

    PAS_OX_ON is a host that just sends a signal to tell the IFE to shut down if the O2 masks fall.

    This clickbaiter just SAW these hosts, he wasn’t able to effect anything on the airplane. He’s said he got into the GoGo ground network, which may have happened. GoGo is one of the ISP’s who provide airborne wifi service. And of course the GoGo network has no access to the aircraft’s onboard systems beyond the IFE.

    Does anyone seriously think that an airline pilot would not notice if there were uncommanded changes in the engines or flight controls?

    Especially if the plane flew ‘sideways’.

    Most jets have a long checklist that is run if there is an uncommanded flight control input or engine change.

  • davidparkerbrown

    The frustrating part of many in media is they can be proven wrong, but will rarely retract, change or delete their stories. “It is already published, we got the traffic, we aren’t changing it.”

    Disappointing, but thanks for doing the story!

    David

  • Peter Smyth

    There is something else that the two systems (entertainment and control) share; weather, speed, and time data. However, I’m not saying that I think the plane can be hacked.

    • AndyB

      This data most likely comes to the In Flight Entertainment (IFE) on an ARINC 429 standard data bus. This is a common way for a/c equipment to communicate with each other but these are one way data buses. The data standards are published, nothing secret. The data is transmitted by the avionics box sending data and listened to by other avionics boxes that need to receive that data, there is no return information. The IFE is probably getting the navigation data from the Flight Management Computer (FMS) and the speed and altitude data from the Air Data Computer (ADC). It is just receiving that data, there is nothing in the FMS or ADC that is receiving information from the IFE as neither of those two boxes uses IFE data. This isn’t like an office computer network where you can log into another computer. I think at the best this guy got himself a free movie but he certainly didn’t login to the engine control or thrust control computer and make changes to the code as was claimed.

  • Josh Fenton

    “…and inferred with the title…” This should be “implied,” not “inferred.” Speakers can make implications, and readers can draw inferences.