All that complex computing on a hunk of metal carrying hundreds of people and when it goes wrong the driver...I mean pilot looks out the window for other planes.
Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers
Not only can malicious people make airliners climb and dive without pilot input – they can also control where and when they do so, research from Pen Test Partners (PTP) has found. TCAS spoofing, the practice of fooling collision detection systems aboard airliners, can be controlled to precisely determine whether an airliner …
COMMENTS
-
-
Tuesday 5th May 2020 08:00 GMT Scott Broukell
@ Robidy
Been some time since I was last on a flight deck but, aside from the fall back with MkI Eyeballs, as in this case, you would often find breather tubes from each engine bay, which would help the flight engineer / co-pilot determine the running state of an engine, should the related electronic instrumentation be a bit squiffy at any point. Also, a two-axis spirit level bolted very, very, securely to the airframe, this would help determine which, if any, sets of undercarriage might have a deflated tire(s), when stationary on the ground. I know things have moved on a lot since, but these sorts of fall back are still current I believe (?).
-
-
Tuesday 5th May 2020 08:43 GMT Jim Whitaker
Interesting. I am told that more accidents are caused by pilots than by equipment failure. Could Chesley Sullenberger have been replaced by AI? If you are the sort of person who believes that a vehicle could safely navigate on our roads without a driver, then I guess that you would say Yes, the Hudson River is an easy choice. Another viewpoint is that the airliner of the future will have a pilot and a dog in the cockpit. The pilot to make a couple of announcements to the self-loading cargo and the dog to bite the pilot if they touch any of the controls.
-
This post has been deleted by its author
-
-
-
-
This post has been deleted by its author
-
-
-
-
-
Tuesday 5th May 2020 11:48 GMT Wellyboot
AI could make that decision now -
Probability of safe controlled landing on water 90+% -v- probability of safe controlled landing on runway with unknown variables.
The question really is will we ever feel safer with a machine doing the live/die decisions instead of a self aware pilot.
Set up a AI simulator with guaranteed 100% fatal crash situations and see what it comes up with as a landing attempt, human pilots have been very creative at times and beat the odds.
-
Tuesday 5th May 2020 11:57 GMT Peter2
An issue with "more accidents are caused by pilots" is that pretty much any accident to happen that can't be decisively proven to be equipment error is "pilot error". Remember the blade game over the 737 Max where Boeing the story was spun that it was due to foreign and badly trained pilots crashing before the MCAS mess came to light?
There are plenty of other examples.
-
Tuesday 5th May 2020 16:50 GMT scarper
An issue with "more accidents are caused by pilots" is that pretty much any accident to happen that can't be decisively proven to be equipment error is "pilot error".
Oh, worse than that. The classic Normal Accidents gives lots of examples where the accident investigation committee agreed that there had been equipment error, agreed that it didn't understand the error, and *still* blamed the pilot.
-
-
-
-
Tuesday 5th May 2020 14:14 GMT Mr Sceptical
Re: Need both
Programmers rarely have their lives on the line at the time the +++Out of Cheese+++ error occurs.
You could always institute a sort of bonus/penalty system - bonus payments for every successful landing vs shark fodder for any fatal crash. It would probably fully concentrate their minds on the code.
Had an AI been given the requirement to pancake a plane, would it necessarily be able to work out the glide slope required to avoid bridges/ships/obstructions on the surface bearing in mind it won't be able to 'see' and understand them the way we do. You'd need to train the AI on all possible manner of objects found in the real world first.
-
-
-
Wednesday 6th May 2020 21:21 GMT Claptrap314
Software is not Deux Ex Machina
Software can only do what it is programmed to do. Before Captain Skully, would YOU have programmed your system to recognize a river as a viable emergency landing point?
You give a man the rest of his life to figure out a solution to a problem where he is an expert in the field, and you will be amazed at what he comes up with.
How do you program that?
-
-
Monday 4th May 2020 19:58 GMT SkippyBing
But how?
The testing was, for obvious reasons, done in a simulator. But they don't say how they'd spoof the transmissions in reality, unless I missed something. With TCAS you're going to have to simulate a transmission coming from a specific location, it all works off the change in time of successive received signals. I'd have thought that's the trickier bit.
ADS-B woukd be a bit easier to spoof as it sends a position rather than just worrying about how quickly things are approaching.
-
-
Monday 4th May 2020 20:36 GMT SkippyBing
Re: But how?
On my phone so slightly condensed but, TCAS asks other aircraft to transmit their transponder signal. This gives the height information and the transponder serial number. There are two receiving antenna which use phase difference to get a bearing to the other aircraft (reasonably accurate...). The time between transmission and reception lets the system calculate range. What it's really interested in is the rate of change of that time which indicates if something is closing and how quickly. If they're at a similar height you start getting alerts. If you get into resolution advisories the serial number is used to decide who should climb.
So everything is relative to the aircraft because that's all that's needed.
-
-
Tuesday 5th May 2020 09:53 GMT SkippyBing
Re: But how?
A drone could, I think it would need to be reasonably large to carry the equipment. If you're happy with a fixed position you could do it with ground based equipment as the height is encoded in the return from the transponder and is easy to change by feeding it information from a modified altimeter. Before anyone gets too excited about doing it on the approach to an airfield the Resolution Advisories are suppressed below 1000' AGL to stop aircraft getting told to break off an approach because someone has turned their transponder on on the ground.
-
Tuesday 5th May 2020 13:08 GMT Anonymous Coward
Re: But how?
Actually it could just be loaded onto the target aircraft in somebodies luggage. The rogue device would just have to have an array of antennae to choose from so that signals could be focused to arrive at the target antennas with a convincing time lag.
Probably a good case for mandating the signals have a digital signature to mitigate against tampered signals. Would be a new big jet grounding issue - 777s were grounded when their fuel gauges errored after the Gimli Glider Air Canada incident - we can't fly cos the transponder cert has expired has an inevitable feel to it .....
-
Tuesday 5th May 2020 15:46 GMT Paul Hovnanian
Re: But how?
"777s were grounded when their fuel gauges errored after the Gimli Glider Air Canada incident"
It was a 767. I don't think they were grounded, since the FQIS (Fuel Quantity Indication System) problem was already known and a manual work-around existed. Checking the fuel level with a dip stick. The whole running out of fuel incident occurred because of mis-calculations on the part of the flight and ground crews and other procedural problems.
-
Tuesday 5th May 2020 16:49 GMT Anonymous Coward
Re: But how?
Not sure how well a rogue transmitter in a cargo hold would work when the TCAS antennas are on the outside of the aircraft. The aluminum* (or embedded conductive mesh in composite skin AC) would present some issues.
*(aeiou: extra vowels included here for those on the other side of the water, some assembly required).
-
-
-
-
Tuesday 5th May 2020 09:47 GMT SkippyBing
Re: But how?
ADS-B transmits the GPS position, but is a fairly recent technology and I don't think it's mandatory everywhere yet. Standard transponders don't transmit the GPS position, the design pre-dating it, ATC receive the transponder information via a secondary surveillance radar*, this gives the bearing and range. The bearing is more accurate than the one a TCAS system generates. The primary and secondary radar information can be displayed together on the same screen, although some control centres only use secondary.
*Primary radar is the classic sort where the reflected energy is used by the receiver to determine range and bearing. Secondary is basically working the same as TCAS by triggering transponders and then listens out for the returns so won't see aircraft without a transponder.
-
-
-
-
-
Monday 4th May 2020 20:36 GMT Starace
More high quality 'research'
So it's maybe possible to spoof the transmissions and get the system to respond as designed.
Just a shame it's utterly impractical to spoof the transmissions in any useful form except on the bench, and they didn't even do that. In other words more bollocks security 'research' pointing out a flaw that doesn't actually exist except on paper.
Also the not so minor point that they tried everything on a sim - shame that even on the Type 7 / Level D devices code for a lot of the (non-rehosted) systems is there to recreate the training effect and *IS NOT A FULL REPLICA OF THE REAL SYSTEM* so any results mean very little. Been there, wrote that, ran the flight acceptance tests... That said I remember using real TAWS boxes on sims before (which have built in TCAS) because it was easier than trying to process their terrain databases etc.
-
-
-
Tuesday 5th May 2020 13:33 GMT Peter2
Re: Look out the window?
Just for reference, mach 1 is ~ 760 mph.
Two planes approaching each other head on at mach 0.9 is quite rare (flight paths prevent this, plus the fact that this speed is in the "this is going to tear your wings off" overspeed zone for most civil aircraft) and the old rule of the sky of "both aircraft turn to your right" would likely prevent accidents in any case.
-
-
-
Tuesday 5th May 2020 04:54 GMT bazza
Very Low Impact
As with spoofing of other open unsecured radio systems of this type, this one is not really something to worry about.
First, as the article references, pilots are actually pretty good at sifting the crap from the normal.
To have an impact a spoofing transmitter would have to be in range. So to make the spoofing work you either go somewhere near the take off / landing flight paths of an airport (where you'd need to transmit some power), or you'd have to sit underneath a known flight lane (and transmit more power). For both, reports of duff TCAS activations is quite likely to result in OFCOM's surveillance aircraft (they have one) being launched pretty quickly, and they've got a track record of pinpointing annoying transmitters to within meters. That's if the numerous military aircraft capable of doing the same thing don't get involved first.
So second, someone actually trying this out is going to get noticed and found pretty quickly. And if they keep trying it on, that could be within seconds of them switching on their transmitter.
Third, whilst it would be possible for a nation state to do this within their own territory (they're in control of their version of OFCOM) they're unlikely to do so; countries get money from flights passing over their territory.
All in all, unlikely.
I'm fully anticipating that their next piece of pointless research will be spoofing maritime AIS, "causing ships to crash". Well, they'd have to spoof the ship's nav radar, and unless they're doing this from another vessel they'd have to do it somewhere like the Straits of Dover; there's a whole load of traffic monitoring radar systems round that area too, so those too would have to be spoofed. And anyone trying AIS spoofing is as likely to be geolocated pretty quickly these days too; AIS validation is a topic these days. The only hard part about that is having the signal collection assets in place (e.g. waking up OFCOM or the RAF); the processing is easy.
I don't know whose funding this bunch, but I'd suggest that they consider whether or not they're getting value for money. There is some merit in the occassional poke at such radio systems to remind people that they're intended to supplement the Mark I eyeball / brain, not replace it, but funnily enough the regulators and practitioners in various fields of transport are already pretty hot on that.
A far more valuable area of concern is GPS spoofing / denial, but there's already a load of other researchers working on that. There's even a properly thought out solution, it's just a matter of persuading countries to fund it.
For the record the solution is a combination of 1) GNSS systems, possibly enhanced to improve resilience, 2) eLORAN to provide an alternative location and timing source (pretty accurate, and usable by all but the smallest applications i.e. it might not fit in a mobile phone), 3) use the existing radio clock transmitters like MSF for another source of timing.
-
Tuesday 5th May 2020 09:04 GMT tip pc
Obvious flaw not in article
Come on elreg, why no mention about how TCAS actually calculates the collision warning and that this testing was all done on simulation. PTP would need 3 aircraft flying at the target aircraft to get the target to move in their desired direction. It can’t be done from stationary antenna on the ground as the target aircraft would see the others as not moving.
3 aircraft converging on another would be a failure of other systems and protocols and TCAS would be the least if anyone’s worries.