back to article Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs

Criminals could remotely tamper with the data that apps used by airplane pilots rely on to inform safe takeoff and landing procedures, according to fresh research. In a scenario that elicits strong memories of that nail-biting flight scene from Die Hard 2, researchers investigating electronic flight bags (EFBs) found the app …

  1. Magani
    Boffin

    A bit of a long bow to draw?

    Start with

    "Criminals could remotely tamper with the data that apps used by airplane pilots rely on to inform safe takeoff and landing procedures, according to fresh research."

    and finish with

    "Our analysis, confirmed by EASA, showed that there was no safety issue thanks to the security procedures in place to validate flight-relevant data..."

    Yes, it's possible, but hardly likely if you read the whole article. Come on, El Reg, let's not have click-bait headlines. You're better than that.

    1. Anonymous Coward
      Anonymous Coward

      Re: A bit of a long bow to draw?

      It worked, though.

      It got me to read it, and I learned from it.

    2. Anonymous Coward
      Anonymous Coward

      Re: A bit of a long bow to draw?

      If there was no safety issue, they why did they have to update the software instead of changing the documentation?

    3. steelpillow Silver badge
      Holmes

      Re: A bit of a long bow to draw?

      There is no safety issue because we fixed the reported vuln. There will never be another. Our security is now invulnerable, bwahahahaaaaaaaargh!

      The guy didn't used to work for Boeing a couple of years back, did he?

    4. anonymous boring coward Silver badge

      Re: A bit of a long bow to draw?

      "El Reg, let's not have click-bait headlines. You're better than that."

      I've never noted that.

  2. ldo Silver badge

    “NSAllowsArbitraryLoads”?

    “NS” = “NextStep”? So these are Apple Ipads? No choice of alternative platform suppliers?

    1. John Sager

      Re: “NSAllowsArbitraryLoads”?

      So these are Apple Ipads? No choice of alternative platform suppliers?

      "Nobody ever got fired for buying Apple". The airline industry is pretty conservative, for obvious reasons, so it was probably a no-brainer given Apple's closed environment reputation.

      1. bananape4l

        Re: “NSAllowsArbitraryLoads”?

        i love taking a jab at apple as much as the next guy but when efb tech came into existence, or rather for all time, ipad was the only real alternative. it was common enough, the screen size is the same, they're very durable and nothing in the tablet form factor existed as a viable alternative (or even does today). it's the tablet size that they wanted for this and it was simply easier to coalesce the few companies that made these software into targeting just apple tablet form factor. but even today, you think some samsung tablet would replace ipad? the worthwhile ones with good screens are more expensive than apple and you have to deal with the whole android/samsung/etc fragmentation.

        1. bazza Silver badge

          Re: “NSAllowsArbitraryLoads”?

          It's a source of disappointment that you can't easily get just a plain old tablet with a generic POSIX operating system for apps such as an EFB. There's no need to give an EFB access to the entire Apple ecosystem (or Google's for that matter), no reason for it to be used for anything other an EFB. If you want a tablet shaped device for anything like reasonable money, it's either an iPad or some generic Android thing, with all the horrors and complications that come along with those platforms.

          If one could buy a tablet device that ran vanilla Linux or especially QNX (which actually has a pretty good touch / graphics layer from its days as BlackBerry's OS), and you could just write / compile up an app for that and load it in, that'd be about perfect for a number of single function applications. Short of getting a PC-based device, such a thing doesn't really exist, mores the pity.

          The closest I've seen for this is tablets in Japanese sushi / yaki niku restaurants. You use these to place your order, and your morsels arrives forthwith. They're clearly an Android tablet based thing, but someone has clearly gone to the effort of cutting it down to "just run the menu app, nothing else". I find it peculiar that the Japanese catering industry seems to be able to rustle up something dedicated to the purpose of ordering a meal, whereas the global aviation industry has decided that a stock iPad will do!

    2. Stern Nutmeg

      Re: “NSAllowsArbitraryLoads”?

      The default value for this setting is “false” - so it looks like the developers knowingly chose to allow insecure connections, which is concerning. Given the criticality of this data it’s surprising that no form of certificate or CA pinning was used, which would also avoid the issue.

      1. Anonymous Coward
        Anonymous Coward

        Re: “NSAllowsArbitraryLoads”?

        My first reaction was like yours: hey guys, you're dumb for not requiring encryption. Based on how unlikely an attack is to succeed, I have to wonder something. Is there more risk of a problem by requiring https, given how often someone fails to update their certificates?

    3. imanidiot Silver badge

      Re: “NSAllowsArbitraryLoads”?

      It's a fairly well standardized device, available worldwide in pretty much exactly the same hardware spec with a fairly closed by nature app development environment thus making it attractive to the conservative aviation industry.

      There's few good Android tablets to begin with, those that are there often suffer from lots of bloatware or other issues and can suffer from having lots of different versions being sold in different parts of the world (not just limited to modem chips for some stupid reason). On top of that from a procurement standpoint, a decent Android tablet or a similar spec iPad are probably not THAT dissimilar in price and the cost saving from not having to manage and lug around paper flight bags are such that no-one cares for a few tens of thousands of dollars total saving. There ARE EFB applications for Android hardware too, just fewer and this particular version runs on Apple products.

  3. Ball boy Silver badge
    Joke

    Backup solution?

    Every major airport will now have, as standard, a barrel of Jet-A1 and some spare rags at the end of the runway. At the first sign of trouble, a vest-wearing, chain smoking cop will whip out his lighter and knock up substitute landing lighting. Problem solved!

    1. Paradroid

      Re: Backup solution?

      He won't manage to save the first plane down but that one's always full of British folk so it doesn't really matter.

  4. Phil the Geek

    Biggles' files undone

    That is all.

  5. Locomotion69 Bronze badge

    And technology shall replace one pilot...

    but does that technology actually knows how, and is willing to, fly ?

    The horror.

  6. LogicGate Silver badge

    In other news

    In other news, security investigators have discovered that it is possible to sneak into the hotel room of an airline pilot and replace all his charts and flight manuals with falsified versions of the same items....

    ..Hmmmm.. that mountain straight ahead of us is not on the map. What can I possibly do?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like