9

I'm definitely new to the site so apologies if this question is naive but google turned up no answers for me:

I was reading this article and read the following paragraph:

As an example, Hypponen said he had recently spoken to a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit.

The question that immediately sprung to my mind was:

What is the intended purpose of USB port(s) in the plane cockpit?

Was it really intended for charging devices like phones? That seems naively insecure.

user13197
  • 11,437
  • 23
  • 89
  • 171
NeedAName
  • 193
  • 4
  • 3
    Welcome to the site! Good question, it was actually just discussed in our chat room. – fooot Apr 27 '16 at 15:24
  • 3
    The fact that it allows them to link to the flight computers is unsettling, but yeah, pilots may have an EFB they want to keep running or something else electronic that needs power, but I don't see why they don't just install a "power-only" USB socket. – Ryan Mortensen Apr 27 '16 at 15:30
  • 2
    Related: http://aviation.stackexchange.com/questions/17621/how-are-avionics-updates-delivered – user13197 Apr 27 '16 at 15:36
  • 4
    A USB port that only delivers power (i.e. only for charging) is not a security threat. So, evidently, the USB port is actually connected to the on board systems. – Thomas Apr 27 '16 at 17:11
  • 6
    I would treat that article with a great deal of caution. This quote - Because the plane runs a different operating system, nothing would befall it. But it would pass the virus on to other devices that plugged into the charger is technical nonsense. Officers of anti-virus software vendors are not to be trusted when talking about viruses. There are several other quotes which suggest either "bending of the truth" or a lack of understanding. – Simon Apr 27 '16 at 17:54
  • @MortensenAviation Who said they could connect to the flight computers? – Simon Apr 27 '16 at 17:59
  • @Simon "Some Flight Management System databases are updated via USB stick and require a USB port." It is the first line in what is the only current answer to the question posted by Dave. – Ryan Mortensen Apr 27 '16 at 18:13
  • @Simon: "it cleans the cockpits of its planes every week of malware" means something with computing power has been altered. But I agree that there are many essential elements not provided, as: How is this cleaning done? which would help understanding the aircraft OS (if any). And to answer the question: Indeed the USB port is not for charging devices, else the two data pins would be left unconnected, only the two power pins would be connected to a 5V charger. – mins Apr 27 '16 at 18:13
  • 2
    @mins I mean, it is impossible for one operating system to pass a virus to another without executing code. I could go into a long explanation about why this is technical nonsense but it would be wildly off-topic. SuperUser.SE would be a good place to post a question about this but suffice to say, passing viruses in this manner is nonsense and I simply don't believe the entire "cleaning the cockpit" bit. Any developer who would put a driver behind the USB port, that would execute code from a consumer operating system is too stupid to get through the first interview. – Simon Apr 27 '16 at 18:27
  • @Simon: I see what you mean, but actually it is possible using DMA and other techniques. The (really) pervasive buffer overflow attack generally doesn't use code, at least not explicitly. Code is ran without asking for, because it's part of the protocol. If you want to post a question on SU, I'll provide an answer. – mins Apr 27 '16 at 18:39
  • 1
    @mins Yes, but a DMA attack requires the same OS on both sides since the driver must execute code in order to access the address space, although I suppose a theoretical exploit is possible, it would need to be engineered to understand both OSes. I seriously doubt that any Android malware is targeted at the proprietary OSes installed in cockpit systems. Just imagine the complexity of trying to transfer a virus from one consumer OS to another. Once again, the stupidity of a developer who enabled a kernel DMA driver would lead to instant dismissal after the design review. – Simon Apr 27 '16 at 18:52
  • @MortensenAviation Yes, I know. My point is that there is no evidence anywhere in the links that this was/is the case. The whole story has more holes than a good Swiss cheese. – Simon Apr 27 '16 at 18:56
  • @Simon: DMA: The initial demo was to read a PC from an iPod, the target OS is actually not involved (DMA and Fireware are features of the motherboard). For the question here, I'm not either convinced of the "virus" story, as it is reported. I can't continue on this thread here... this is really off topic. – mins Apr 27 '16 at 19:23

1 Answers1

11

Some Flight Management System databases are updated via USB stick and require a USB port. Since navigational databases are updated frequently and require a simple way to make an update, USB (or memory card slots) are generally used to allow for rapid and easy updates without having to remove any panels. In some cases the port may be in the avionics bay however that is usually easily accessed as well. It should be noted that a recent change in regulation now allows pilots to update nav data, this question covers it well.

Was it really intended for charging devices like phones? That seems naively insecure.

Generally these ports are not for charging but the basic design of a USB port more or less always allows you to charge from it because of the nature of the port. The security on the ports is more about cockpit security. In most cases the security lies in making it difficult to get into the cockpit in the first place. It is often assumed now that if you are in the cockpit you should be there. There is of course many questions this opens up some of which have been answered here or would be good to ask about.

As iPads become more common in the cockpit for navigation and the such USB ports are becoming more commonplace on panels for charging but this seems to be more common in GA planes currently.

Community
  • 1
Dave
  • 101,073
  • 5
  • 220
  • 364
  • But why would the USB port for software updates be in the cockpit? Seems like a better (or at least more secure) design would be to have it behind a panel somewhere, with the rest of the avionics. – jamesqf Apr 27 '16 at 18:09
  • See my edits above. – Dave Apr 27 '16 at 18:21
  • Thanks for the concise answer and links included. Good point that if you're in the cockpit you could always just crash the plane anyways, so being able to inject malware is petty in comparison, but the fact that the pilot/copilot could unintentionally be allowing hijackers into the software running the controls is still a bit scary (assuming the article is to be believed) – NeedAName Apr 27 '16 at 20:54