It turns out the many of the popular apps used by private pilots during flight are available on the app store and are prone to being hacked. When paired with a tablet, most often an iPad, the apps display altitude, location of nearby aircrafts, airspace restrictions, GPS information and more; essentially, the same data that could be obtained from an otherwise high-end $20,000 cockpit, but at a merely fraction of the cost.
Researchers from University of California, San Diego, and John Hopkins University have discovered that the three of the most popular device and app combinations are also the most vulnerable: the Appareo Stratus 2 receiver with the ForeFlight app; the Garmin GDL 39 receiver with the Garmin Pilot app; and the SageTech Clarity CL01 with the WingX Pro7 app. Including the price of the hardware peripheral used to display the data, the total cost of all these tools is $1,000 — much less than official solutions.
Attacking the apps won’t grant malicious outsiders control over the aircraft, but rather grants them control over the information the pilot sees, says Kirill Levchenko, a computer scientist at the Jacobs School of Engineering at UC San Diego, who led the study. The findings encompassing the risks were presented on Nov. 5 at the 21st ACM Conference on Computer and Communication Security in Scottsdale, Arizona with the goal of increasing awareness among users.
For example, the researchers discovered that vulnerabilities in Appareo Stratus 2 allowed its firmware to be downgraded to an older version, whereas the communication between the receiver and the tablet can be disrupted on all three devices. The researchers also pointed out that cryptographically securing communication between the receiver and the tablet and signing the firmware updates and requiring explicit user interaction before updating device firmware would go a long way in fixing the flaws.
Via Phys.org
Advertisement
Learn more about Electronic Products Magazine
