Wireless devices used by casual pilots vulnerable to hacking
12 Nov 2014
Computer science Ph.D. student Devin Lundberg holds the three devices the researchers examined. From left: the Appareo Stratus 2, the SageTech Clarity CL01 and the Garmin GDL 39. |
Researchers examined three combinations of devices and apps most commonly used by private pilots - the Appareo Stratus 2 receiver with the ForeFlight app; the Garmin GDL 39 receiver with the Garmin Pilot app; and the SageTech Clarity CL01 with the WingX Pro7 app.
The devices and apps allow casual pilots to access the same information available to the pilot of a private jet--at a fraction of the cost. All the instruments in a high-end cockpit can be valued at more than $20,000. By contrast, the systems the researchers examined are available for $1,000. All have to be paired with tablet computers, most often an iPad, to display information.
The devices are paired with iPad apps, which also had some vulnerabilities. |
ForeFlight, which pairs with the Appareo Stratus 2, is one of the top 50 grossing apps in the entire Apple App Store-ahead of Apple's own Pages app, among others.
The team hoped that exposing the systems' vulnerabilities would increase awareness among users and lead to demands for change. Researchers include several recommendations at the end of their study for safety improvements.
The FAA has the authority to regulate these systems but chooses not to because they are not an integral part of the aircraft, the researchers said. In commercial aircraft the FAA only allows static information, such as maps, to be displayed on tablet computers, cautioning pilots to rely on instruments to fly.
Two of the systems allowed an attacker to replace completely the firmware, which is home to the programs controlling the devices. |
All three devices allowed an attacker to tamper with the communication between receiver and tablet. Both types of attacks give an attacker full control over safety-critical real-time information shown to the pilot.
By tampering with the aircraft position, altitude, and direction indications, also known as heading, as well as weather data and positions of other aircraft displayed to the pilot, an attacker can deceive the pilot, leading them to take actions detrimental to flight safety.
Factors such as visibility and pilot workload increase the likelihood of a catastrophic outcome. For example, misrepresenting aircraft position during final approach in poor weather could result in a collision with other aircraft or a crash into nearby terrain.
Top: the SageTech Clarity CL01; bottom: the Appareo Stratus 2. |
Most of the systems are fairly new to the market, researchers point out. ''It's a great time to make them secure from the get-go,'' Levchenko said.
In addition to Levchenko, co-authors on the paper are UC San Diego computer science Ph.D. students Devin Lundberg, Brown Farinholt, Edward Sullivan and Ryan Mast, UC San Diego computer science professors Stefan Savage and Alex C. Snoeren, as well as Johns Hopkins computer science professor Stephen Checkoway. Lundberg is the first author on the paper.
This work was supported by a National Science Foundation grant and by generous research, operational and/or in-kind support from the UC San Diego Center for Networked Systems (CNS).