15 April 2014.
Until couple days ago the search teams had narrowed down to the exact area where they might find the crashed airplane’s Flight Data Recorder (Black Box), Flight-Deck voice recorder and also the flotsam and jetsam. Sadly, recent information was that they are no longer getting any pings or underwater signals believed to be coming from the black boxes of the missing airplane.
There have been hundreds of theories after the aircraft gone missing. Some totally crazy and baseless, like alien abduction; and some decent explanations from aviation experts. I read most of them and my reaction to most were a simple ‘huh?’, ‘ah well!’ or ‘yeah, may be!’. Then I came across a theory suggested by a so-called expert who suggested that the airplane was possible hijacked through hacking of In-Flight Entertainment (IFE) system. It was another dumb theory, but when I noticed some believers in vicinity, I decided to do my own research, purely due to my interest in technology, aviation, aircraft, my work involvement in the aircraft engineering projects and my employment with a prestigious airline. All views expressed in this blog and especially this post are mine and do not represent my employer’s opinion anyways.
Coming back to the hacking of the aircraft In-flight Entertainment system, it is important to understand that avionics systems, which are used for controlling the vital functions of the aircraft do not integrate with other less important functions like IFE. (sorry, not to offend those who love watching movies in-flight. I am one of those because I cannot sleep while flying). There is no physical connection between avionics and IFE systems. The picture shows the correlation between various modes of communication.
As far as I am aware, FAA and EASA do not approve any design changes by the commercial aircraft manufacturers that try to integrate In-flight entertainment system to avionics systems. This means, most of the common passengers airplanes that we use for flying are safe and possibly cannot be hacked using IFE.
FAA has also been imposing special conditions on airlines and aircraft manufacturers so that they can address airplane network security. There are airlines which provide internet facility onboard. You may say that a passenger might (mis)use the internet connection to breach the security of the airplane, hack the airplane’s control systems and might be able to change the flight path or turn off the autopilot etc. There are few important aspects to this:
1. Physical network connectivity: In almost all cases, there is no physical connection between onboard passenger network and the operational network. Again, regulatory authorities do not approve physical connections between onboard passenger network and operation network.
2. Wireless used by Crew: Few airlines provide handheld devices to the crew which use wireless signals from the wireless units located in the aircraft cabin. These wireless units are known as CWLUs- Cabin Wireless Lan Units. The CWLUs have secured connections which use different frequencies than the passenger connectivity units. It is possible for the crew to use passenger wireless networks, but they cannot use both at the same time.
3. Hacking Crew Wireless Device: A passenger cannot hack into a cabin crew device when the crew is using the passenger wireless connectivity because these are secured devices and there are usually multiple layers of security including data encryption. And even if it gets hacked, it is not possible to use it to access flight deck systems or avionics.
Another important aspect is about remotely accessing aircraft computers. Again, aircraft systems have limited access to the ground when they are in air. These are basically the communication channels ACARS, VHF, HF, SATCOM/ Inmarsat that connect to the ground. All communication is also encrypted and hence it is almost impossible to break into the communication.
Then, the internal computer systems are heavily secured and one cannot edit or re-programme them on will. All aircraft software are proprietary in nature and unless one has knowledge of the code, it is not possible to change it during flight. At least I have not come across anyone who can break a security firewall, access & understand the cumbersome code, make changes to it and deploy a new build during a flight; no matter how long the flight is!
We must also note that the missing plane, a Boeing 777, was designed & developed before 1995 and I am sure anything developed (as in coded) before 1995 will not be as easy to be accessed remotely as a Smartphone these days.
With the advancement of technology, it might still be possible to hack into some communication system because those are the only things that are available in open air. Especially the communication between the flight deck and controllers. One may possibly decrypt and also read the communication. Let’s assume that the hacker pretends to be controllers and instruct flight crew to take some unintelligent action. Let’s also assume that the hacker takes control of the flight management system (FMS) (which have the flight plans like origin, destination and the flight path loaded into it) and fly the aircraft to an unknown location or into a terrain or into the sea without letting the pilots know.
Well, the truth is that even if someone hacks into the communication systems, it will not be something that will crash the plane. It will only result into some annoyance to the pilots.
If the hacker pretends to be a controller and instruct pilots to ascend or descend with the intention of crashing them into another plan, then they will fail because onboard warning systems allow pilots to see what they are going into. Then, pilots are trained to be ‘situationally aware’ and that situational awareness keeps them alert of their surroundings.
And in case a hacker changes the flight plan, it will eventually need Captain’s approval. Pilots are highly trained in all aspects of flying and any change in flight systems will be noticed by them. If FMS is not trustworthy, they will take appropriate action; if a hacker controls auto-pilot, pilots will simply switch it off and fly manually using backup systems. In simple words, pilots are not stupid that they will drop the plane into the sea because a controller wanted them to do it. They are among the smartest people around.
Airplanes are still the safest mode of transport. So-called experts will always try to win cheap publicity by citing something which is not based on facts. Don’t stop flying because a media report says that airplanes can be hacked by a Smartphone app. No, it cannot be. At least not in the near future and until airplane manufacturers start using open source software for developing critical software and get FAA approval.