Can Aircraft be Hacked?!
HTML-код
- Опубликовано: 28 май 2024
- Start protecting yourself on the web at nordvpn.org/pilot and save 75% Use code: "pilot" to get an extra month for FREE
Can an aircraft be hacked? If so, what aircraft systems and areas are most likely to be targeted and how will pilots and airlines respond to this cyber-Threat?
In Todays episode I will be talking about this particular area to the best of my capability. Cyber security is not area that pilots normally concern themselves with but it is likely that it will become a bigger part of our "threat management" procedures as our Aircraft becomes more and more advanced and computer networks and technology are becoming part of everyday aircraft operation.
I will also be talking about how pilots will respond if an Air traffic control Unit gets taken down by hackers or an entire Airport.
Make sure you stay tuned throughout the video and send all your Aviation related questions to me via the comment section OR via the Mentour Aviation app. (Links to the FREE app below)
A big thank you to our sponsor Nord VPN for making this video possible.
Join ME and discuss this further in the Mentour Aviation App
Links to download the app below! 👇🏻
📲IOS: appstore.com/mentouravition
📲Android: play.google.com/store/apps/de...
To Join my Patreon-crew, and help me preview my videos and schedule Skypecalls with me, use this link:
📲 / mentourpilot
I want to send a special thank you to the channels who were featured in todays episode. To see the whole amazing videos, use the links below!
CNN (Report of passenger controlling aircraft)
• Man claims entertainme...
TomoNews US (Report regarding increased hacking vulnerabilities)
• Aircraft hacking: WiFi...
Captain Boeing (Air trump)
• TRUMP AIRPLANE BOEING ...
AllgeeksTV (Air traffic control scene)
• Inside Air Traffic Con...
NATS (London area holding patterns)
• NATS - London 24 - Lay...
NATS (Bad weather in London - GREAT video)
• What does a day of bad...
Sad thing is nowadays the malicious software can come from manufacturer itself - MCAS in the MAXes is a good example. Quite honestly being a software engineer myself I'm totally against this trend of computerizing everything because it's not done because it's better, it's done because it's cheaper.
I agree. The explanation is great, but two things make me uneasy.
1) the manufacturer saying that there is no physical way of accessing the flight control computer using the entertainment network, whereas the aircraft itself is entirely made out of metal and thus basically working like a huge antenna. I doubt he's checked all Lorentz forces on every single spot like a hacker wanting to operate from the inside would do it.
2) Mentour did another video on how 5G can be dangerous to air traffic in America, and there you go: if you can use a mobile phone and/or a 5G antenna to lure an aircraft into a fake glide slope, then international air traffic is really in a lot of trouble.
@@materliliorum The flight computers are all in their own Faraday cage, so it requires a lot of power and proximity to penetrate them. As for the glide slope antennae, those are outside the aircraft, and the fuselage is a faraday cage as well, and the antennae are directed to the front, so also pretty hard to influence from the inside. However, a fake glide slope could be generated on the ground. Such a signal should at least match the power of the actual glide slope antenna, which is probably a lot of power, and hard to go unnoticed by authorities.
@@MegaKopfschmerzen yeah, I meant a fake glide slope on the ground
@@MegaKopfschmerzen and a hacker inside the airplane for the first possibility, with a lot of equipment that might not go unnoticed
i agree, though it shouldn't not be done, we should work on making it actually better
I'm currently studying IT security, and let me tell you: Physical security is a big deal. There's a reason servers and network equipment is usually locked away. And when it comes to computer systems where we simply cannot afford for it to fail, we make sure the only way to reach it, is to have physical access.
If someone comes into the cockpit and starts messing with the computer systems, you might notice.
there are always backdoors, so yeah you might wanna study some more.
@@peterf.229 Rofl yep
@@peterf.229 Tell that to a tier 1 secure datacenter about their backdoor. You won't access that, ever. Only method to get in one of those is by being an employee, on the list, accompanied by a colleague who you then need to bribe while a remote secure location views the live camera footage of you messing with equipment and shuts down the entire servervault that you're in... Those you cannot get in and out of to mess with equipment. But this comes at a price obviously....
@@someguy4915 I agree. Most data centres I used visit were like that.
@@stevemorrisby6705 Just a matter of paying for the security, pay decent and you get a decent datacenter like that, pay peanuts and you get a 'datacenter' managed by this guy called Bob who fixed his antivirus by pirating Norton 360 from some Russian site and thinks it is 'good enough'...
I've been to both types of datacenters, you can guess which one gave confidence in the quality and which one scared the living hell out of me...
Your dog is the chillest dog I've ever seen. Either sleeping or minding it's own business.
The early designs of the 787 planned to use a single network for flight controls, entertainment, communications, etc but using virtual network separation technology (kind of like a VPN) to keep the data separate. This would have saved a lot of weight and cost (a fraction of the wiring required). However the US government security groups intervened and told Boeing that the virtual separation technology was not secure enough and forced Boeing to physically separate the networks.
In my experience, virtual separation is never secure enough. No matter what kind of software one implement, there is always a small chance that someone else could compromise that software in some aspect. Even if it's secure enough at one point in time, it might not be in the next years or decade. Taking into account that many aircraft is expected to be in service for many years, having software getting outdated is a real risk. This is true not only for planes but also servers, computers, cars, network systems, etc.
Craig Cudmore Vlans are not inherently secure unless there is a firewall inline between the vlans. I prefer the air gap method between systems. Current flight status for IFE can be updated by the ground station. There was one proposal so establish a serial connection between IFE and Flight systems and remove the Rx pin on the flight system side so it was a one way feed. I'd still prefer a full air gap.
As shown with recent exploits, if a malicious program is able to run on the same hardware as another there are ways for the malicious program to access the data of the other program. The only way for a computer program to be secure is if there isn't anything else running on the same hardware. This means that a fly-by-wire system needs to be completely airgapped from every other system on the aircraft. Battlestar Galactica had it right: NO NETWORKS!!!
@@StarkRG Airgapped - if only optical isolator - allows rs232 signals to propagate ♦ FADECs and avionics if susceptible to Malicious Intruder become a primary damage vector ♦
StarkRG Frackin Cylons.
This is a common problem with VM servers. Cisco, Fortinet and others now have virtual firewalls and IPS that live in the hypervisor but that still doesn't help for programs that live on the same server.
Imagine a hacker ordering dozens of meals by hacking the in-flight entertainment system.
haha or ordering peanuts for every seat? or sincemost dont have them anymore pretzels? ;)
Or the IFE catching on fire. Check out the terrible story of Swissair 111.
Why would you want to though? That's the question x
or sending two planes to crash in a building in the middle of NYC
Oy Vey, that's anti-Semitic.
“Like a huge Cessna” made me laugh trying to picture that in my head 😂. Great to see your dog 🐕
For the consistency check, I have to throw a grain of salt in: If I had access to an airplane that is completely computerized and if I had malicious intentions, I would obviously take care that consistency checks don't work properly and all displays and gauges show believable values. Most hackers, especially those who hack sophisticated systems are usually very intelligent people (and airplanes are designed to be safe and secure by the best knowledge of the engineers and certification authorities). (Good) Hackers usually take care of their cover up, so the hack is noticed as late as possible...
THE DOG IS ADORABLEEEEE !!!!! every time you film he's looking oposite direction :))
Yeah, he is listening for whats going on outside the door.
I think you should also make a video about animals on board, what's happening with them during boarding, during flight..etc
Would be very interesting, at least for people who travel with animals.. like me :D
Because dog is expert so interested ..😉
Don't be rude Burt, i like Mentour pilot.. eveyone does :D
its an aviation trained doggie...highly discplined
Thank you so much for your incredibly well presented videos. I have never flown. Ever. And, I’m not a young man. I’ve never had a real fear of flying, but rather anxiety disorder that has made the pre-flight process seem insurmountable. Lines, waits, standing, security, etc. if I could simply beam myself into a seat, I’d fly in a heartbeat. Then again, if I could beam myself, I suppose I could eliminate the flying process all together. 😃 In any case, your channel has rekindled my interest in aviation, and I now feel even more confident that the miracles of engineering that makes up modern aircraft, makes them supremely safe. It does indeed seem like many problems have to “stack up”, and perhaps be handled incorrectly, for a disaster to occur. Even then, skilled pilots perform so well under pressure (thinking of the Miracle on the Hudson) that you still have a pretty good chance. So again, thanks for sparking my interest in this wonderful technology.
Great to have you here and and I am so happy that you find my videos useful!
I like the way your dog reacts “there is danger” - dog lifts head and looks around. “But we are safe” - dog puts head on the pillow. :)
Btw could you consider releasing audio track of your programs as a podcast. I would like to listen to them when walking my dog. Seriously!
Thank you for another video captain🙂🙂
Thank YOU for watching!
These are great videos! Thanks for putting it together! Whether or not someone should use a VPN is a highly technical matter -- the explanation/abstraction presumably provided by Nord is an over-simplification. The reality is that most peoples' "data", "pictures", etc are fine without using a VPN, and the ad comes across as fear mongering on behalf of Nord. Again, really enjoy the other parts of your videos!
First of all there is no such thing as unhackable when it comes to electronics, but it is good that they are putting a level of security where if one system is compromised there is a backup and even the ability for mechanical and manual control when needed which is good.
Vote “Yes” if u wanna see a video with “captain Joe “.... BIG YES for me
Hyabusa Heck yes!
Yes
Yes
Yes!!
Hyabusa or with Dutchpilotgirl
Off the subject note - just watched a 6 year old video, now watching this 3 year old one immediately after. The improvement in your delivery, personality and comfort level is incredible! Not saying you were bad 6 years ago, the quality of the information was just as valuable and well presented as your information is now. But “now” - 3 years ago - you seem so much more loose and free flowing, it’s amazing!
I remember not that long ago when the nats went down in the UK caused alot of problems , great video as usual 👍✈️
I repair avionics. The aircraft systems can not be randomly hacked. You may get into the entertainment system but the flight and navigation systems are immune. Your PC is RAM based where the OS and APP's are all run in RAM where everything can be changed at any time. The instruments, auto pilot, flight surface controls etc. are ROM based. The only way the OS and APP's can be changed is on the ground at a service center. Taking control of a plane at the gate or in the air can not be done. Plus there is no WiFi involved you would have to have a direct wired connection which a hacker would not have access to.
What a pity your comment on this topic isn't pinned so all the 'armchair experts' can learn from it.
Not just that. The processors the make up a modern aircraft's computer is designed to run only specific instruction sets.
That doesn't make them 'immune'. It makes them *difficult* to hack. And I don't think you quite understand what ROM and RAM do. Any computer (avionics, PC, anything) will have memory to store it's current state. For example, the FMC needs to store the flight plan, current phase and other data. "Persistent storage" can be done on many kinds of devices, like hard drives, flash memory or ROM. ROM is interesting because it usually can't be written to from the computer it runs, which makes it *difficult* to hack and much more secure. Someone with physical access to the avionics can still make them do malicious things though.
@@okj579 Even if you do have physical access to the electronics bay, you can't run any malicious code unless you know how to program code that the aircraft will understand. And there are many redundancies built into the "OS" of the aircraft. The computer of your typical aircraft is not like your desktop at home.
@@jacobnathanielzpayag3885 Which is another minor hurdle making it more difficult. Even the best security systems aren't unhackable, though - famously, US/Israeli intelligence were able to sabotage Iran's air-gapped industrial controllers overseeing a nuclear reactor making them give subtly inaccurate results. It may well be the case that manipulating the avionics of a modern airliner is difficult enough - and mitigated by many, many backup systems and procedures - to make the security risk negligible. However, they are not immune and the aviation industry needs to stay aware (as they are) of the potential risk to keep it from becoming a concrete one.
To save you 20 minutes: Yes.
Haha
Are they doing the same thing to airplane on 9/11 tragedy?
😂😂
Answer was 4 min in lol
I remember this story. Speaking as a guy who has worked for a company that builds in-flight entertainment systems, this guy was full of it. In-flight entertainment systems are bolt-on systems, and they’re only integrated with other aircraft systems as much as they need to be. There would be no need for it to access the control computers. First of all, the in-flight entertainment system doesn’t interact with aircraft control systems at all. They’re not connected, and they don’t speak the same language. Second, the IFE system runs on a bespoke operating system, which requires a lot of esoteric knowledge to interface with at all. Third, the system isn’t designed to accept command input from any of the connections in the passenger cabin. That’s not so much a function of secure design, though that factors in, as much as the fact that IFE systems are pretty unsophisticated. Even if you somehow managed to force some kind of file onto the entertainment server from your seat, it’s too stupid to know what to do with it, so it’ll just sit there in some directory. These aren’t 2-way usb connections; they’re basically analog patch panels. What I’m getting at is there’s no way you could send a command to the flight control systems through the in-flight entertainment system. It would be like saying you could mess with the spark plug timing in a car by “hacking” the car radio.
Hi, thank you for making these informative videos about pilots & the aviation industry. Best wishes.
Anyone else thinking of the Battlestar Galactica (2004 version), when the Cylons hacked all the new ships. - Basically, Mentour is saying he flys Galactica. :D
Ur pup is such a CUTE distraction ❤️ Again another superb video. Thanks so much ☺️👍🏼😁
Another great video! I would love to see the continuation of your vlogs! :D
Interesting topic! Your discussion of the paper manuals reminded me of same transition happening when I worked for a US federal government agency. In the "olden days" we had binders w/ 100s of pages of policy and procedures. From time to time "transmittals" were issued indicating policy changes. We had to spend large blocks of time pulling out the old pages and putting in the new. It was a great day when everything was posted on the agency intranet. No one missed the binders...
interestingly, sailing in the UK also requires paper charts for backup to electronic charts, but now they're planning to get rid of that requirement 🤦♂
Another great video, love the Port and Starboard cushions
It's a good thing we still have 60 year old VORs and NDBs still operational.
Very nice video Mentour, have a great weekend
This was a very thorough and well thought out video. Thanks for that!
Gret video very informative keep it up. I want to be just like you when I grow up.
Excellent! I am happy that you liked it!
LUVVV this guy..... Brilliant precentations... What a great "mentour".... Love from Cape Town South Africa...!!!!!!
I did like you before, but now like you even more for how you approach your dog mate.
Keep up the good work. Fly high!
I love your videos, fascinating and informative even for "the general public." Thanks! From North Carolina, USA.
Me, too, I know nothing about aviation except a single class 50 years ago.
Hello captain, could you do a video talking about the Boeing Honeywell uninterruptible autopilot?
Mentour Pilot, I love your videos, along with CaptainJoe and DutchPilotGirl, you all are excellent, and sharing your knowledge, insight and thoughts of the aviation industry is very interesting and fun to watch, would love to see a 3-way collaboration video between you all, and keep the awesome content coming, you really inspire me and it’s a shame I’d never be able to become a line pilot, but I can most certainly dream 😊
Thank you! On behalf of all 3 of us I can say that we really appreciate it!
I agree.
The inflight entertainment system is not "totally separated" it typically displays flight stats/maps/weather and there might be a problem with the coupling - it is not fully air gapped.
Well, we are concerned about information traveling towards the cockpit, not away from it.
He sooo cute!! (the dog at the end playing..Patchy!) 😊
Flying the 737 myself, I really appreciate the mechanically linked flight controls. I just feel safe to have the control all the time. Too bad I will fly the A320 in one year. No mechanical connection from sidestick to control surfaces and no feedback to the pilot. What a nightmare!
Thank you very much for another brilliant educative video captain :-)
Thank YOU for watching and supporting the channel!
@@MentourPilot You are welcome captain. It's my pleasure.
@@vnavspeed6737 Kedin güzelmiş 😅
Very informative video. Keep up the great work.
Fascinating video, sir. And Paxti sold that commercial for Nord toward the end!
18:25 "the aircraft can be flown like a huge Cessna" 😂😂😂 why am i laughing so much?
Me too, but I find it amazing that such a huge plane can be controlled directly by humans, I would have thought the forces would be too great
@@KingJellyfishII hydraulics :) they can do a lot
@@Epic_Aviation correct me if I'm wrong but wasn't that referring to what happened if the hydraulics failed? since there are physical cables that connect the control surfaces to the yoke
@@KingJellyfishII In the timestamp from the original commenter, yes. Mentour was explaining that even if hydraulics failed, there are still cables physically connected to flight control surfaces that can be used to keep control of the aircraft.
My reply wasn't referring to anything about the timestamp. I was just stating that hydraulics help out a LOT lol. If they do fail, though it's not good news.
@@Epic_Aviation ahh right I understand. yeah hydraulics are quite marvelous.
Very nice video. The first time i watch your channel and i subsctibed instantly.👍✌️😉
Excellent! Welcome to the channel, I hope you will like it!
Hope so too ;)
I want to become a pilot too.
Some corrections:
1. Connecting to a public wifi is no different than connecting to your own password protected wifi for anyone that is in range of your transmissions. Anyone can read your transmissions but they are still encrypted (unless you are connecting to a server using an unencrypted connection), so no its not easy for hackers to read your data.
2. A vpn isn't really needed in this case unless you do not want others to be able to see the ips that you are sending your data to. It also adds another layer of encryption to your traffic, which makes it safer yes, but is not really needed if your data is already encrypted once.
Love your videos. This one settled my nerves a lot. Thank you!
“RRUBEN SANTAMARRRTA” someone is improving his spanish. Congrats Captain!
Rolling the R is actually natural for People who speak Icelandic, Swedish, Norwegian, etc. Those languages have a lot of it.
When he turned his head and talking to the dog ,the dog was “wtf “ 0:46
Great video. Thanks again mate.
there was question security in Aircraft, in my Network security Subject. This is absolutely fantastic answer.
Hey! Can you make a video about your activities during cruise?
This reminded me that I'd like to see your reaction/debunking to Die Hard 2 aviation aspects... 😃
Great video mentour :D Btw did you know about the MCAS system in the 737 Max? Many pilots say, they havent been informed about this system and since you will be flying the Max, it would be interesting to know :D
I’ve been enjoying the show about Susi Air. First time pilots in a very difficult environment in Papua New Guinea. Any Comments? Thx. Great Job Commander!
Its a great series!
You have a well behaved puppy there
For some reason, only when I am filming. :)
HaHa! My dog would be jumping all over the place and eating the camera!
Can you make a video with captain joe
Edit: can I get a answer from Mentour pilot now
Captain Joe and Mentour Pilot have 2 different styles that don't blend easily. Both are good on their own, but I don't think they would mix well.
Indeed, Videos by both of them have lots of information for people like us and educational stuff for pilot's
Michael K Different styles mean lots of information. Difference for professionals mean a a bridge to learn new things
Hi Michael. I think you might be right.
@@MentourPilot Yeh, aint captain joe a a320+747 pilot, and mentour just flies the 737s, completly different systems and airlines as well, mentour flies in europe and joe flies in america, so everything is too different
Although there are lots of redundant backups at all levels, my concern would be how quickly people would be able to realize what was going on and also how well they would actually be able to respond, even with the redundant options. If you don't practice the backups regularly, it could be difficult to use in a pinch.
2:49 loyal protector against all threats ready to perform duty!
One simple question, where does the real time attitude, ground speed, location information on the entertainment system come from? If they are not provide from a separate sensor, I am doubt that the system is completely separated. Hope the FBI and NSA won’t knock my door tonight
One might wonder if not any of the mysterious crashes over the years are due to computer hacking of some sort? I mean: As you said, any computer system could be hacked and there are probebly occations we are not awere of yet. Johan.
I love your content and your teaching skills
I think Mentour's copilot is really just lounging around, not really pulling his weight. Just looking adorable.
Most web applications encrypt your data using SSL tunnels. Just look for the green padlock in your browser's address bar. That being said, it's still a good idea to exercise good judgement when using public networks.
Don't trust that sh1t. What happens if something interferes with SSL handshaking? Fall-back to an older, less secure, protocol maybe? Wouldn't be the first time... A VPN is the only safe way to go on public internet. I don't care if you are running Kali linux, no VPN is asking for trouble sooner or later.
@@sail4life This completely depends on if you are frequently using public wifi, if so then yes you should use a secure VPN (So no PPTP for instance) and you should also stop using public wifi, thus defeating the requirement for VPN.
All VPN does it limit what your ISP can see, your ISP will not be hacking your RUclips account and is not a security threat...
Kind of underestimating how guile hackers can be : malware once uploaded can be inactive and then turn itself on later on a timer, so easy enough to bypass all pre-takeoff checks that way. Also only a stupid hacker would turn a critical system like navigation on or input obvious errors, no a smart one would input small errors that have a cumulative effect over time, in the hope that until the pilots notice something is wrong its to late. Another thing why not just use the malware to make the aircraft transmit its position to the hacker then you can just shoot down the aircraft with a missile if your a terrorist.
About the second part...you know you can already see the location of planes in flight by FlightRadar24 or FlightAware, etc.?
@@lwilliam4987 Not with enough precision to shoot it down. For that you need precision in the range of meters, not kilometers.
Here are two facts I know (and there should be more):
A.)Modern jets incorporate relatively generic means of inter-device communications for (but not limited to) sending signals to control surfaces and instrumentations. A very noteworthy example of such is the wide usage of what's called CAN in A380 - which at the time it was announced was a huge surprise to automation industries.
The CAN (Control Area Network) is most often found in modern cars, and they work great especially in terms of improving the mechanical/electrical reliability of a vehicle as whole. Now with inter-connect systems implemented with CAN, all you really need are a few wires (for High and Low signals) running through the entire car instead of having hundreds of wires individually connected to lightings, door-locks, instrumentations, engine controls and hundreds of other devices that need stateful controls. With CAN, you get significantly reduced number of electrical connections, hence minimizing potentially-faulty contacts.
Sounds good? I did think this was awesome when I first learned about CAN and their usage in cars (along with its benefits).
But now, there are known issues with the wide usage of CAN in vehicles which I believe can be roughly categorized into two for clarification:
A-1.)previously where cars did not have 4G/5G-enabled SatNavs (or Bluetooth) onboard, manufacturers did not care so much about the security of CAN bus which by theory can be hijacked/abused for unintended purposes like unlocking doors and/or starting the engine so (for example) a car can easily be moved/stolen with a few CAN-enabled jigs. With more cars becoming "online" today, it is only natural to assume that someone could hack into the "CAN master" through, for example, an internet-enabled SatNav system that is online (and also connected to CAN) and carry out almost any abusive actions on a vehicle. As a countermeasure, encryption of inter-device communication over CAN is now being rapidly implemented - but will car manufacturers be quick enough? - Nobody knows.
A-2.)Now, almost all CAN-enabled devices found in complex systems like most modern cars and A380 are designed to be intelligent on their own so they can receive commands through the CAN bus from the masters (control computers in essence), and/or self-monitor and report their own statuses back to the masters. This means that almost all CAN-enabled devices found in modern cars and other forms of modern vehicles have micro controllers of their own that "bridge" the moving parts and the CAN bus - which, as it logically follows, means that there are firmware being loaded into such micro controllers from flash ROMs where they are stored. With that, if someone with bad intentions were to flash, say your ECU for example, with a maliciously modified firmware to purposely destroy the engine of your car, such is quite possible.
Wrapping up, perhaps it is now more important that CAN-bus cables are installed in such secure manners that no outsider can gain physical and electrical access to them.
B.)In-flight entertainment systems can compromise the safety of the aircraft in ways you probably did not even imagine till this day (& even though they may be separate from flight controls).
Hijacking the in-flight entertainment systems is very probably possible and potentially easy for those with good guess and experiences. I am guessing that the videogame-like-looking controllers are actually connected through generic bus such as USB. And supposing so, one may only need to undo a few screws on his seat to gain access to two signal lines of USB (D+ and D-). To my knowledge (which today could be a little outdated), most in-flight entertainment systems are based on Linux running on a single workstation onboard the aircraft. I had heard about it and I actually saw it in action in 2009 on a Swiss Int'l flight (operated with A340-600). Basically, the system had to be restarted twice during the flight as it froze due to overload - and I was shocked to see that the system showed the entire boot sequence of Linux (with penguin logos) on screens of all passengers, and that the kernel version was then-awfully-outdated 2.4.x. And because I also happened to know what kind of workstations are typically used for the systems (because if you look at the specs of high-end workstations by venders like DELL and/or hp, it has the wattage indication for 115V,400Hz ), I instantly had a very clear idea of how much power they can draw from the aircraft - and how hot they can get when under high-load.
These put together:
If someone were to inject a malware onto the workstation through the USB (or other forms of generic bus through which the remote control on passenger seats are connected to the workstation) for the ill-minded purpose of overloading the workstation (causing it to overheat), such is possible and the electrical subsystem of the aircraft could then get rendered faulty if the wiring isn't designed with enough margins (yet such may only be partial and not affect flight controls). A worse and more terrifying scenario is if the workstation is rarely checked by maintenance crews - because dust build-ups inside those machines can become catastrophic at times (causing fire occasionally e.t.c.).
Sorry for a lengthy post, and I hope I am making sense to you.
Aircraft data transmission is mostly based on Arinc 429 and for newer aircraft on AFDX, but you will also find, as you mentioned, CAN. Speaking for Arinc 429. It's nearly unhackable. (because of it's physical layout, only one source and multiple sinks: listening is possible, sending won't be, unless you pull out the transmitting device.) In an A320, based on A429, real hacking would be getting access to the avionics bay and doing harm there... That's the point where I disagree with the video. Older airplanes are safe! Most of them don't have the capability to load operational software over a data bus. A vew examples: 1. 757 767 747-400 Autopilot, all based on Collins Flight Control Computers with AM2900 Bit Slice Technology.
The software is stored in a ROM PCB in the computer. Changing software would mean changing the PCB. The only data bus used is A429.
2. A320 Spoiler Elevator Computer and Flight Augmentation Computer, both really critical components in the FBW. Again only A429 interfaces and software is loaded via two software modules plugged in to the front of the unit. (one for COM the other for MON). Three for FAC (COM, MON and FIDS).
3. A320/330/340 Flight Management and Guidance Computer. Same as above, however the navigation database of the flight management part is loaded via floppy inserted in a loader located in the cockpit. I think there ist the possibility in newer generations to load the database wirelessly, but I'm not sure on that... If there is, than that could be an security issue.
Great video! That dog is so adorable though 😂
About the firmware updates, they're all signed using asymmetric encryption. It's the same principle used, for example, on iOS apps through the app store. The only way of installing invalid/unsigned apps on iOS is to jailbreak your system. The chances of that happening on a system like a commercial airplane, for all practical purposes, is zero.
Seems very short sighted ie there are other layers to attack.
This only works when the system works as intended, the whole point of hacking is using the system in a way that is NOT intended so this logic of 'it shouldn't happen' doesn't work...
iOS for example can be jailbreaked=leak and iOS has had the developer certificates leaked several times before.
@@someguy4915 Exactly. Hacking into systems usually not begin with installing malware. It is all about finding some bug in the existing, signed, thought to be secure software to manipulate them to execute some action you would normally be unable or unauthorized to do.
15:30 is it true that air traffic control have lamps to communicate in case of complete black out (or hacking/whatever interrupts the safe communication)?
Yes, that’s true
Does it work like Morse code or is it a different code?
@@nativeafroeurasian It's a different code using colour and steady or flashing lights that match standard, published word phrases such as "Clear to Land" and "Go Around" etc. It's used by the tower controllers when they have an aircraft suffering a radio failure and cannot voice communicate with the tower.
@Mentor Pilot
@David Palmer
Thanks for the replies:)
From someone who has experience in this area. There are so many vectors from which to attack aircraft: from the technical to the people to the organizational to the entire system. So, the issue is not whether it can be hacked but what impact will a malicious person have and for how long?
Also, one does not have to control the aircraft if one can effect the aircraft. Remember most aircraft signals are generally unencrypted to allow for interoperability and communication, which leaves aircraft extremely vulnerable to signal spoofing and man-in-the-middle (or relay) attacks
However, most attack vectors with a manned aircraft in flight are unsustainable because an aircraft would generally fly out of the attack area unless the attacker was either on the plane, depressurized the aircraft at altitude while preventing an emergency decent, or got the plane out to sea, particularly at night or in clouds while flying the aircraft in giant circles (mostly so the pilots wouldn't notice). This is why most attacks (mainly military operations) or simulated proof-of-concept attacks of this nature have focused on ground vehicles/aircraft or unmanned drone aircraft.
Sure, aircraft have a lot of Industrial Control System (ICS) type zero-day vulnerabilities. Yet, these types of hackers and tools are expensive commodities (re: training, experience, short duration of effectiveness); thus, organizations that employ them are not going to generally risk them for a single non-specific mission, when there are far cheaper methods available. This is the real reason manned aircraft in flight are generally not susceptible to most types of hacking, it has nothing to do with what the manufacturers are doing. It is a simple cost benefit analysis for the malicious organization.
Really, the only other sustainable attacks are to attack a country's national air control authority with the various types of attacks that would affect their ability to control the airspace. Such an attack would lead to a closing the entire airspace, which for a few hours would be complete chaos. This would potentially force air control towers and pilots to brush up on the light gun procedures while aircraft are running low on fuel, most pilots nor controllers have never simulated or practiced communications out light gun landing procedures. Again, as you stated the SOP is simply to divert to other airfields.
It's not all that difficult to hack a national air control authority for a large capable hacking organization who has spent time to get in and maintain a continuous presence, but again the issue is the cost benefit for the malicious organization. As such, an attack against civilian aircraft or national control authorities generally would only be used only for military operations either (a.) in a limited way to disable C&C of military defenses and aircraft or (b.) conducted by a country that does not care about the Law of Armed Conflict/International Humanitarian Law or International (Treaty) Law. Right now, there are only two countries (Russia and NK) that have the technical capabilities and fall into the category of not caring about international law. Other countries might have the capabilities but would only use it as a last existential resort (Iran). The other more capable countries would generally use their capabilities in a limited, highly targeted fashion to accomplish their military objectives.
The cost of a kinetic attack would burn the value of all assets involved and maybe other assets not involved nearly instantly. For example, Stuxnet used at least 4 zero-days each of which were probably worth millions or tens of millions of dollars. Those zero days were burned instantly as patches for them became available. Not to mention an organization so attack would purge their systems to look for people and assets involved. None of which could be easily replaced.
Love your very educational videos. Have you ever done a video on CPDLC? All the best! "The JJ" SW Penna, USA
First!! I also ❤️ your videos!
Hi Mentour, I just took the plane and something interesting happened : When landing the pilot said : "Due to weather condition please turn totally off all your electronic devices even if the Airplane mode is turned on." Why ? What can happen ? There was a lot of fog btw. Thanks for answering !
It’s possible that the airline had a policy of turning off all mobile devices if a Cat3 approach is needed. To avoid any risk of interference
@@MentourPilot Even a phone with the "airplane mod" activated can create interferences ?
@@MrFrenchPlayerHD Well One would be OOOOOKis there shouldn't be problem... 150 phones + tablets... well could be. Its small electronics but it still is electricity and that means magnetic fields and similar stuff that could be in bigger amounts make problems to sensitive sensors on the plane.
@@Trollzzofficial Yes ok, but what is the relation with the weather then ? Why in this circumstance of a bad weather it should be "more" turned off than in normal condition ?
Dupont Eric CAT 3 approaches are much more commonly used in poor visibility and bad weather situations
Great video as always. You should get Paxti a small Mentour cap and some sun glasses.
I’ve got to say, that I wanted to be a navy aviator but medical jet me out. But what I wanted to say, is that you sir are amazing, and giving relevant information and making it understandable to the average person who may fear flying, or loves it. But you make they understand it… great job sir
Hey Petter, I was watching your instagram live stream today and one of the people you were speaking to about flight schools and saving up for your training which made me wonder, is it better to work really hard, save up a lot of money and do an intergrated course or work hard for a while, save up some money, do a modular course and then work and earn money between your modules, sort of like saving up for each module individually. Thanks
Mentor pilot, it would have been good if you addressed the "uninterruptible autopilot system" honeywell/boeing. This system is designed for ground control to take control of aircraft without any chance of persons, including pilots, controlling the aircraft onboard maliciously.
Yes, I dont know much of this system so I cant say much about it.
@@MentourPilot A very wise idea, not always followed on the internet or elsewhere ;-)
@@MentourPilot Be very careful... Why would they have a system like this??? They have no visuals, since they do not have cameras on any aircraft... Then why is this system even patented?
You know that even if they have all the information in the world you would not be able to remotely land a plane based on only data. This system is the only loophole to take down a plane.
There is no "uninterruptible autopilot" flying on any passenger airplane, nor has one ever been developed or flight tested. At most, it was only a concept on paper, given some consideration after the Sep. 11th 2001 terrorist attacks.
If such a system were ever developed, it would be much easier to implement on Airbus aircraft, which allow the flight control computers to override pilot commands. Boeing flight control philosophy makes this infeasible; all autoflight commands are passed via the mechanical flight deck controls and the pilots can physically overpower them at any time.
Those high-tension cables in the 737 give a whole different meaning to fly-by-wire.
Going back thirty years in computers isn’t like seeing dinosaurs but like seeing a single cell organism making weird screeching noises
How many videos have you filmed in a row? Feel like I've seen Daisy in every single video the past month.
None of them are filmed in a row. I almost always film the video the day it is released. They just happen to like the Sofa.
@@MentourPilot Okey, they all look simular. Great video btw! Enjoy these 20+ min ones. You should keep going with them.
Doggie is cool,just minding his own business.
Yep, Patxi is always doing his own thing.
The pupper is really cute. I’m sure that when dad leaves home the little hairy hound probably stays right there until he comes home.
Amazing video as always
Thank you! Always nice to hear!
One of my favorite things to do when I'm bored in the hangar is program nonsensical flightplans, or transmit funny things over ACARS. All when it does not interfere with regular operations of course. RON maintenance is where the fun is.
Flight plan (Captain Calvin and 1st Officer Hobbes): Takeoff from CDG International in Quebec, Mexico; stop for a 2000-hour layover in any one of London's many airports; head north to McMurdo Station at the Arctic South Pole; make two barrel-rolls before landing; stop for a 327,000-minute layover; depart the next day; stop to refuel at Pitcairn Island (veggie-based fuel only!); and finally, land at Rivendell National Airport in the federal county of Lothlorian...
You touched on attacking avionics via compromised software updates for the FMC etc. What is your opinion on a Stuxnet-style attack, where a well-resourced malicious state actor creates a cyberweapon that can infect and lie dormant within supposedly isolated control systems, and be activated upon a future signal, or on a specific date?
They're computers, and they implicitly trust (while cross-checking if possible) the data received. They're likely to be running some pretty strong software, but, I'm alerted by the thought "it's not likely they can be hacked," because, every time I've ever thought that or read that said about a system, it is then hacked. That said, check out Green Hills Software. Apparently they just went under a successful audit conducted by the NSA, apparently they make some reliable stuff. I've been told it "can't be hacked.", whatever that means. Maybe it's real this time. Maybe it can't be hacked. Certainly stripping every PNG/PDF/JPG/HTML/Java engine out of the thing will improve their chances, stripping back to basics eliminates attack surface.
he just said most of the systems cross check with each other so if something does not sync up with another one the pilots could tell something is different. Possible, but it just seems very very unlikely to not be found. Especially older planes that used a lot more conventional tech than tons of computer driven systems like this 737
I think a nuclear reactor or ground target would be easier than some planes. Once the plane moves you cant even communicate with it
StarWars - Revenge of the Sith, Order 66 - If someone can think it up, someone will try it! sad to say...
No. The systems are not built like this. In flight systems are entirely isolated from in flight entertainment, both on the network, and physically. They are physically separate wiring looms inside the aircraft and the two do not share information between each other. It’s *literally* impossible to attack a network through a vector that does not exist. You can’t magically hack your way across an air gap.
As for the stuxnet style attack, the problem here is that aircraft systems are sort of based on extended CANbus, and part of this extended feature set is self checking of data integrity. Usually this will be in the form of parity checking and checksums. You would have to get the checksum right (which is not all that easy to do, unless there’s something wrong with the mechanism itself, which does happen), for the onboard systems to not see it.
The onboard systems won’t detect it as a hack, they will simply see that the checksum is not correct, and will assume some form of data corruption, and the system will shut down and enter a failsafe state. I’m not saying hacking aircraft is impossible. It’s just extremely hard to do, and it requires a huge amount of inside intervention to do so. You absolutely can not simply walk on to a plane and take control of it in mid air through the entertainment system or something - this is physically impossible to do.
@@wildwest1832 When Three Mile Island had it's meltdown, one of the larger contributing causes was a meter that was labeled as showing emergency feedwater flow. But what it actually measured was the current in the coil of a solenoid that pulled on a lever that was connected to the valve that connected the emergency feedwater pump to the reactor. The reactor operators were not trained about what this guage actually measured, nor did they know that there was a service valve that could be (and was) closed that isolated the emergency feedwater pump from the valve this solenoid controlled, or how to tell if that valve was closed.
Then we hear that in the Lion Air crash there was a system that the pilots did not know existed, much less how to detect malfunctions in it, and they had no idea how to even begin to fix it.
Basically we (as a society of engineering creatures) made the same mistake that was made at Three Mile Island on the Lion Air's 737. The failures occur at the intersections of disciplines. Engineers vs operators vs maintenance... If we can't do better than this we will destroy ourselves, at least as a society if not as a species.
I have two questions, @Mentour Pilot : are you pilots prepared to fall back a full old school way of navigation without working electronic and electro-mechanical instruments (let's say stellar navigation, etc); and what if a natural phenomenon (disaster) or UFOs of really bad sense of humour would cut off all incoming data from the surface including radio, beacons, etc. I guess other airborne pilots could share info and have procedures to decide things like landing sequence, etc?
Another question to Patxi: "woof?"
Yes, there are procedures for loss of certain systems like GPS. If the weather is poor and ALL groundbased and GPS systems were eliminated it would be very complicated.
Modern pilots are not trained for stellar navigation though, the FAA still updates the Flight Navigator's Handbook (and if you're interested, it's accurate to learn from) and stellar navigation is included there. Intentional spoofing or jamming of GPS singals is much more dangerous for general aviation, VORs are being phased out, most pilots don't know pilotage and dead reckoning well enough to rely on those in case of an emergency, they just rely on Foreflight, and those planes don't have any INS. NDBs are cheaper to maintain, but so old that, again, their use would be very limited, in fact I wouldn't be suprised if most flight school for a PPL would just leave those out of the curriculum.
The dog in the background at the very start is Soo cute
Here in the states, the computers that the FAA uses are very outdated, and knowing our government, it will take a disaster caused by hackers before new computers are installed.
actually older computers are actually less risky than newer ones. Custom software and older systems are more obscure, and sometimes poorly understood. Not likely targets, and take more work. Not always just depends.
I do not believe the alleged "FBI-guy's" story, because the in-flight entertainment system is a completely separate and isolated system. And as far as the primary aircraft systems (with the exception of the two way navigation down-link), I would think that hacking would only be possible to the extent that data-points could be seen (similar a nuclear plant, where there no actual control inputs exist outside of the plant....or aircraft cockpit).
Yes, that sounds accurate.
@@theenzoferrari458 True. People think a 15 year old can "drop a dime in a telephone" and cause a meltdown. You'd actually need a team of engineers in several locations working in careful concert to systematically disable key automatic safety features...after they get by the heavily-armed and skilled security force. Good luck with that...
The minute you offer wifi over the same data link as the aircraft data reporting there is a possibility that the system can be hacked. In theory you don't allow traffic through but unless the systems are air-gapped there is always the possibility of some sort of attack.
To be reasonably secure they should employ separate uplinks for the wifi and aircraft systems. Ideally to different satellites.
ATC is moving to data com (SMS) type communications you can see the risk there.
I have seen so many security systems that we thought were un-hackable fall look at Hearblead, specter, poodle, beast these all broke systems no one thought could be broken.
You have the classic problem with any security systems the designers have limited time to secure the system but the attackers have unlimited time to find a vulnerability.
These AV retro fits are often done in a very hatchet way (Swiss air 111). Something like that it is easy to believe there was a way in.
On the plus side I know for a fact that Airlines and manufactures are now taking this much more seriously and employing top IT security specialists to apply their experience to aircraft systems.
They're _supposed_ to be isolated, but that doesn't mean they actually are. And I hate to break it to you, but modern nuclear plants can be managed remotely.
@@jfbeam Yes, in case of emergency, the plant can, from the control room only, hand off control to a secure, hardwired, company-controlled off-site facility. I've been working with these systems for ten years, so I would simply like to know what utility out there allows control access, through the internet to their facilities.
I have a question
I'm 13 and live in Belgium and later i want to be a pilot
What do it need to study to get to university/flight school
just work hard and u will soon be sucessful
nothing is impossible just keep in mind
Math is an important subject. I'm in Canada, so cannot say recommend specific courses; however, the university of your choice should have an "Academic Advisor" who would return your phone call with recommendations.
Michael K Thanks!
Right now your best bet would be to focus on getting to a good high school, and really understand high school level maths and physics. If you wanna start with getting some basic knowledge on aviation before going to flight school, the FAA's PHAK would be a perfect starting point, pair that with youtube, and maybe Xplane (grab the base game on sale, and maybe the reality extension pack or a payware Cessna, not terribly expensive, and it's a really good way to understand stuff like instruments, VOR navigation, dealing with charts, etc. Sims are bad to learn how to actually handle a plane, but great for procedural stuff. Or if you wanna go the fun way, download DCS, buy a plane there and blow stuff up. :D There's probably going to be a holiday sale soon.
Wiskunde en natuurkunde zijn het belangrijkst, scheikunde ook wel. Minimaal havo, vwo is beter
There's a hilarious presentation from DEFCON 20 security conference that talked about the limitations of ADS-B (digital aircraft position and status downlink). Long story short, that system has no anti-tampering in place, so an attacker could spoof anything. (Obligatory hilarious DEFCON demo: decoding ADS-B traffic using software-defined radio, feeding it to FlightGear flight simulator (actual real-time surrounding traffic, cool!)... and *the potential* to broadcast your sim plane's position using ADS-B. ...Don't actually do that. Goes without saying.) So *theoretically* ADS-B can be subject to spoofing or denial of service.
Of course, the air traffic controllers responded with "we can always just look at the radar. Or, you know, out of the window. But it was food for thought for sure. Thanks for your concern!"
There's a lot to be said for the old-fashioned way of doing things, like having paper maps with terrain marked on it!
Amazing video! Time to learn how to hack an aircraft 😂
I wouldn’t do that if I were you.
@@adrianwulff4591 Oh crap!! 😂 😂 😂
The first thing required to hack is access - extremely difficult (near impossible) from the ground or from a passenger seat.
EveryTypeOfVideo Yes indeed.
@Röhrich Oak Linux systems have fewer potential hols, but the idea to try obtaining physical access first, with trying to tunnel into a node as a secondary approach remains consistent. The entertainment system is most likely on a virtual LAN through a Cisco switch ... one more step to bypass. I'm not going into specifics; however, unless a passenger gets physical access to the Linux system then they need to access through another method ... without specialized tools or knowledge it is impossible (even if it was Windows 98 it would not be possible for a 'script kiddie')
(Watchdogs 2 left the chat)
Your Puppy is like mine ! If I am 'not talking to him'.. he Ignores Me by turning his back on the conversation as well ! Great Video's Sir !
So much more interesting and to the point than ground school.
My eyes are on your dog more than you.
I am glad he has decided to join the team!
Hey Captain was the Malaysian airflight 370 was hacked. What speculation does you pilot have regarding the disappearing of this flight
No I'm a 777 pilot and I gotta tell ya IT'S VERY HARD CLOSE TO IMPOSSIBLE TO HACK!
I love the dog. It helps me to understand your lecture seeing a happy dog with his toy. If your dog trusts you, then your lecture is more credible. 😊
Thanks for the wonderful video
Your dog has grown.
Just a little bit, he is almost fully grown now at 5 months.
I feel that this video has somehow departed from your usual responsible style. You're a great pilot, but computer security is not your expertise, as it's obvious from the language and the way this particular VPN solution was recommended. One should not give advice in fields one's no an expert in.
Yeah, I speak from a pilots point of view but Nord VPN really have a good service.
@@MentourPilot You don't know about Nord VPN.. Please be a pilot .... Not a Computer Security Expert, You can just advertise the sponsor..... !!
i gotta agree you say nord vpn will protect your passwords and wifi passwords not really
it could potentially protect your banking passwords from being sniffed off the network by someone on the same network but your still vulnerable to various script based attacks
secondly your only protected between your laptop and the connection to the vpn for internet only your laptop is still vulnerable to network based attack via other vectors
wifi passwords again no thats not what vpn does and wifi passwords can be garnered before youve even established your vpn
which brings us onto nord vpn nord along with many other vpns do not offer leakproof vpn which means when you turn the laptop on untill the vpn establishes connection your vulnerably to attack a hacker who knows what there doing can use dns blackhole to prevent you getting a vpn connection and then continue to attack you
not to mention windows is horrible for letting programs slip around the vpn a well known one being microsoft office skipping around vpn to download remote image data
because your not operating leakproof vpn this will go on perhaps without your knowledge better vpn solutions offer leakproof vpn that means either everything goes through the vpn or nothing goes through
i dont expect you to know this because your a pilot but this is why were telling you not to advise people to blindly just get vpn and give themself false senses of security
@@MentourPilot You do, but during the video, you make multiple claims that are wrong (e.g. IFE and flight controls using different programming languages - which need not to be true and is not a factor for security).
Also, a VPN doesn’t automatically protect your data and an open WiFi doesn’t automatically compromise them if you know what you’re doing.
As already said - please leave educating poeple to experts. You’re an expert at flying, but IT Security is not your field of expertise. If you want to talk about stuff like that in the future, please talk to an expert first.
Thanks!
He is a great teacher and appears to be just as great as a pilot. Keep up the great content, I am a fan. I think whitehat hackers are afraid to go past the entertainment environment for legal and other reasons. However I remember hearing how good the security was on US electronic voting machines in the early 2000's, and it turns out that the security through obscurity approach does not work that well. I don't know flight systems are secure or insecure, but the 'trust me' assurances make me nervous in places where the use of technology grows in an under controlled corporate environment without a mandated set of expectations to keep it secure.
Thank you Mentour for another great video, full of interesting information. Sorry for this out of topic question: Do you have as a captain any privileges regarding your meals on the aircraft like ordering specific food as for example a steak or something vegetarian? Just wondering.
Good evening captain. what is the name of the theme music you always play in your videos.