(Press-News.org) A new class of apps and wireless devices used by private pilots during flights for everything from GPS information to data about nearby aircraft is vulnerable to a wide range of security attacks, which in some scenarios could lead to catastrophic outcomes, according to computer scientists at the University of California, San Diego and Johns Hopkins University. They presented their findings Nov. 5 at the 21st ACM Conference on Computer and Communications Security in Scottsdale, Ariz.
`
Researchers examined three combinations of devices and apps most commonly used by private pilots: the Appareo Stratus 2 receiver with the ForeFlight app; the Garmin GDL 39 receiver with the Garmin Pilot app; and the SageTech Clarity CL01 with the WingX Pro7 app. The devices and apps allow casual pilots to access the same information available to the pilot of a private jet--at a fraction of the cost. All the instruments in a high-end cockpit can be valued at more than $20,000. By contrast, the systems the researchers examined are available for $1,000. All have to be paired with tablet computers, most often an iPad, to display information.
The devices researchers examined receive information about the aircraft's location, the weather, the location of nearby aircraft the and airspace restrictions, which they display on the tablet computers via an app. "When you attack these devices, you don't have control over the aircraft, but you have control over the information the pilot sees," said Kirill Levchenko, a computer scientist at the Jacobs School of Engineering at UC San Diego, who led the study.
ForeFlight, which pairs with the Appareo Stratus 2, is one of the top 50 grossing apps in the entire Apple App Store--ahead of Apple's own Pages app, among others.
The team hoped that exposing the systems' vulnerabilities would increase awareness among users and lead to demands for change. Researchers include several recommendations at the end of their study for safety improvements.
The FAA has the authority to regulate these systems but chooses not to because they are not an integral part of the aircraft, the researchers said. In commercial aircraft the FAA only allows static information, such as maps, to be displayed on tablet computers, cautioning pilots to rely on instruments to fly.
During testing, researchers found significant safety flaws in all three systems. Two of the systems allowed an attacker to replace completely the firmware, which is home to the programs controlling the devices. The Appareo Stratus 2 allowed the firmware to be downgraded to any older version. All three devices allowed an attacker to tamper with the communication between receiver and tablet. Both types of attacks give an attacker full control over safety-critical real-time information shown to the pilot.
By tampering with the aircraft position, altitude, and direction indications, also known as heading, as well as weather data and positions of other aircraft displayed to the pilot, an attacker can deceive the pilot, leading them to take actions detrimental to flight safety. Factors such as visibility and pilot workload increase the likelihood of a catastrophic outcome. For example, misrepresenting aircraft position during final approach in poor weather could result in a collision with other aircraft or a crash into nearby terrain.
Researchers point to several secure design practices that can remedy the flaws they identified. Among them, cryptographically securing communication between receiver and tablet, pairing the receiver with the tablet (in the same way that Apple smart phones are paired with specific computers), signing firmware updates and requiring explicit user interaction before updating device firmware. Data such as maps and approach procedures should be downloaded to the tablet using HTTPS or digitally signed by the vendor.
Most of the systems are fairly new to the market, researchers point out. "It's a great time to make them secure from the get-go," Levchenko said.
INFORMATION:
In addition to Levchenko, co-authors on the paper are UC San Diego computer science Ph.D. students Devin Lundberg, Brown Farinholt, Edward Sullivan and Ryan Mast, UC San Diego computer science professors Stefan Savage and Alex C. Snoeren, as well as Johns Hopkins computer science professor Stephen Checkoway. Lundberg is the first author on the paper.
This work was supported by the National Science Foundation grant NSF-0963702 and by generous research, operational and/or in-kind support from the UC San Diego Center for Networked Systems (CNS).
Paper: On the security of mobile cockpit information systems
Regulation of a single, specific gene in a brain region related to drug addiction and depression is sufficient to reduce drug and stress responses, according to a study conducted at the Icahn School of Medicine at Mount Sinai and published October 27 online in the journal Nature Neuroscience.
The Mount Sinai study focuses on epigenetics, the study of changes in the action of human genes caused, not by changes in DNA code we inherit from our parents, but instead by molecules that regulate when, where and to what degree our genetic material is activated.
Previous research ...
System 05B degenerated into a remnant low pressure area on Nov. 8 and lingered near the east-central coast of India for two days before dissipating on Nov. 10.
The tropical cyclone's western edge spread over land on Sunday, Nov. 9 while the center of the low-level circulation remained over open waters of the Bay of Bengal. On that day, 05B's remnants were centered near 14.0 north latitude and 83.8 east longitude, about 215 miles east-northeast of Chennai, India.
Infrared imagery from satellites on Nov. 9 indicated that the low-level circulation center of the storm was ...
URBANA, Ill. - Dating couples who have moved toward marriage over the course of their relationship remember accurately what was going on at each stage of their deepening commitment. But couples whose commitment to each other has stagnated or regressed are far less accurate in their memories of their relationships, says a new University of Illinois study.
"People like to feel that they're making progress as a couple. If they're not--if, in fact, the relationship is in trouble--they may have distorted recollections that help them feel like they're moving forward because ...
PORTLAND, Ore. - Use of "antibiograms" in skilled nursing facilities could improve antibiotic effectiveness and help address problems with antibiotic resistance that are becoming a national crisis, researchers conclude in a new study.
Antibiograms are tools that aid health care practitioners in prescribing antibiotics in local populations, such as a hospital, nursing home or the community. They are based on information from microbiology laboratory tests and provide information on how likely a certain antibiotic is to effectively treat a particular infection.
The recent ...
Alexandria, Va. -- On March 13, 1989, a geomagnetic storm spawned by a solar outburst struck Earth, triggering instabilities in the electric-power grid that serves much of eastern Canada and the U.S. The storm led to blackouts for more than 6 million customers and caused tens of millions of dollars in damages and economic losses. More than 25 years later, the possibility of another such catastrophe still looms, and the day-to-day effects of space weather on electrical systems remain difficult to quantify. Now, a new study correlating electrical insurance claims with geomagnetic ...
The rapidly melting ice sheets on the coast of West Antarctica are a potential major contributor to rising ocean levels worldwide. Although warm water near the coast is thought to be the main factor causing the ice to melt, the process by which this water ends up near the cold continent is not well understood.
Using robotic ocean gliders, Caltech researchers have now found that swirling ocean eddies, similar to atmospheric storms, play an important role in transporting these warm waters to the Antarctic coast--a discovery that will help the scientific community determine ...
Interstitial lung disease is a significant risk factor for lung inflammation following stereotactic body radiation therapy for lung cancer.
DENVER - Pretreatment interstitial lung disease (ILD) is a significant risk factor for developing symptomatic and severe radiation pneumonitis in stage I non-small cell lung cancer (NSCLC) patients treated with stereotactic body radiation therapy (SBRT) alone.
ILD is a group of diseases that cause scarring and stiffing of the tissue and space around the air sacs in the lungs, which results in diminished gas exchange. The incidence ...
As part of an international collaboration, scientists at Chalmers University of Technology have demonstrated how noise in a microwave amplifier is limited by self-heating at very low temperatures. The results will be published in the prestigious journal Nature Materials. The findings can be of importance for future discoveries in many areas of science such as quantum computers and radio astronomy.
Many significant discoveries in physics and astronomy are dependent upon registering a barely detectable electrical signal in the microwave regime. A famous example of this ...
This news release is available in French. The motor neurons that innervate muscle fibres are essential for motor activity. Their degeneration in many diseases causes paralysis and often death among patients. Researchers at the Institute for Stem Cell Therapy and Exploration of Monogenic Diseases (I-Stem - Inserm/AFM/UEVE), in collaboration with CNRS and Paris Descartes University, have recently developed a new approach to better control the differentiation of human pluripotent stem cells, and thus produce different populations of motor neurons from these cells in only ...
AUSTIN, Texas -- Researchers at the Cockrell School of Engineering at The University of Texas at Austin have achieved a milestone in modern wireless and cellular telecommunications, creating a radically smaller, more efficient radio wave circulator that could be used in cellphones and other wireless devices, as reported in the latest issue of Nature Physics.
The new circulator has the potential to double the useful bandwidth in wireless communications by enabling full-duplex functionality, meaning devices can transmit and receive signals on the same frequency band at ...
