Flight satellite and navigation system security

Posted on

In our last article over satellite navigation and satellite communication equipmentwe discussed over COBHAM AVIATOR 700D Communication Solution and how common and important this system is. In this article we will cover about COBHAM AVIATOR 700D Communication Solution used onboard.We will also understand security of this solution with the help of ethical hacking course expert of International Institute of Cyber Security, Mike Stevens.

Most common satellite navigation and satellite communication equipment COBHAM AVIATOR 700D is available in two versions. First AVIATOR 700 approved to RTCA specification DO-178B level E and DO- 254 level E, second AVIATOR 700D approved to RTCA specification DO-178B level D and DO- 254 level D. What are level D and Level E?

As per information security training expert, Anita Thomas, international certification authorities have defined standardsfor software security of such devices.Some of the standards are Radio Technical Commission for Aeronautics (RTCA)specification DO-178B or the European Organization for Civil Aviation Equipment(EUROCAE) ED-12B. These standards have different levels, mentioned below:

Level A–Catastrophic

Failure may cause multiple accidents, which includes plane crash.

Level B–Hazardous

This can be result in failure to operate plane or partial plane crash, which might cause passenger and crew injuries.

Level C–Major

This might cause reduced safety margin and passenger discomfort.

Level D–Minor

This might cause reduced safety margin and passenger discomfort or flight route change.

Level E–No Effect

This might not cause reduced safety margin but only passenger discomfort.

Devices with levels A, B, or C requires a strict review process and are very secure. Devices with levels D or E are not required to undergo strict review process and are less secure. As per ethical hacking course expert Mike Stevens the main concern here is that the industry is using level D and E devices even after knowing about their security standards. The industry main concern should be interactions between

devices with different security standards.

Information security training experts from Ioactive were able to demonstrate that it is possible to compromise a system certifiedfor level D that interacts with devices certified for level A, potentially putting the level A devices integrity at risk.

The exploit of vulnerabilities of these devices of level E and D can allow a hacker to hack Swift Broadband Unit (SBU) and the Satellite Data Unit (SDU), which provides AeroH+ and Swift64 services.

As per ethical hacking course expert, any systems connected to these devices, could also be hacked. A successful attack could compromise control of the satellite link channel used by the FANS and other system and malfunction of these subsystems could pose a safety threat for the airplane.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s