It was a shortage of computer memory in the $2.4 billion air traffic control system while a U-2 spy plane flew over southwestern US that caused LAX computers to crash and hundreds of flights to be delayed on April 30. “In theory, the same vulnerability could have been used by an attacker in a deliberate shut-down,” security experts told Reuters. Now that the “very basic limitation of the system” is known, experts expressed concerns about aviation cyber attacks.
Lockheed Martin, which created the En Route Automation Modernization (ERAM) air traffic control system, claims it conducts “robust testing” on all its systems, yet the lack of altitude information in the U-2’s flight plan caused the automated system to cycle off and on trying to fix the error. After an air traffic controller entered an estimated 60,000 feet as the U-2’s altitude, the system attempted to calculate all possible flight paths in order to ensure the U-2 wasn’t on a crash course with other aircraft at much lower altitudes. That process, according to the FAA, “used a large amount of available memory and interrupted the computer’s other flight-processing functions.”
“The ERAM system failed because it limits how much data each plane can send it,” sources told Reuters. “Most planes have simple flight plans, so they do not exceed that limit.” The FAA now requires altitudes for every flight plan and also added memory to the ERAM system to prevent it from crashing in the future.
“It would be hard to replicate by a hostile government, but it shows a very basic limitation of the system,” a former military pilot told Reuters. In fact, intelligence officials and security experts are increasingly concerned about cyberattacks on aviation. A Def Con 20 presentation, called “Hacker + Airplanes = No Good Can Come Of This,” looked at what happens when “ghost airplanes” are injected into radar. A 2013 Hack in the Box presentation claimed an Android can be used to remotely attack and hijack an airplane.
Lockheed Martin should have identified the “routine programming mistake” in testing before ERAM was deployed. “That’s when you put in values anywhere that a human could put in a number, like minus one [foot], or a million feet, to see what that would do,” explained Jeff Moss, founder of Def Con and Black Hat security conferences and advisor to DHS. While it may seem “logical to limit the amount of data associated with one flight plan, anything exceeding that amount should not be able to render the system useless.”
“If it’s now understood that there are flight plans that cause the automated system to fail, then the flight plan is an ‘attack surface,’” said Dan Kaminsky, co-founder of the White Ops security firm and an expert in attacks based on over-filling areas of computer memory.
“It’s certainly possible that there are other forms of flight plans that could cause similar or even worse effects,” Kaminsky said. “This is part of the downside of automation.”
The “new $40 billion air traffic control system, known as NextGen, which encompasses ERAM, including its reliance on Global Positioning System data that could be faked” is “very over-budget and behind schedule,” Moss told Reuters. It “doesn’t surprise me that it’s got some bugs – it’s the way it presented itself’ that’s alarming.” You can expect at least two upcoming Def Con talks to delve into exploiting weaknesses in the system.