On the Security of Mobile Cockpit Information Systems

By Devin Lundberg, Brown Farinholt, Edward Sullivan, Ryan Mast, Stephen Checkoway, Stefan Savage, Alex C. Snoeren, and Kirill Levchenko.

In Proceedings of CCS 2014. ACM Press, November 2014.

Abstract

Recent trends in aviation have led many general aviation pilots to adopt the use of iPads (or other tablets) in the cockpit. While initially used to display static charts and documents, uses have expanded to include live data such as weather and traffic information that is used to make flight decisions. Because the tablet and any connected devices are not a part of the onboard systems, they are not currently subject to the software reliability standards applied to avionics. In this paper, we create a risk model for electronic threats against mobile cockpit information systems and evaluate three such systems popular with general aviation pilots today: The Appareo Stratus 2 receiver with the ForeFlight app, the Garmin GDL 39 receiver with the Garmin Pilot app, and the SageTech Clarity CL01 with the WingX Pro7 app. We found all three to be vulnerable, allowing an attacker to manipulate information presented to the pilot, which in some scenarios would lead to catastrophic outcomes. Finally, we provide recommendations for securing such systems.

Material

• Full version, local copy in PDF.

Reference

@InProceedings{lundberg-et-al:mcis:ccs14,
  author =    {Devin Lundberg and Brown Farinholt and Edward
               Sullivan and Ryan Mast and Stephen Checkoway and
               Stefan Savage and Alex C. Snoeren and Kirill Levchenko},
  title =     {On the Security of Mobile Cockpit Information Systems},
  booktitle = {Proceedings of CCS 2014},
  editor =    {Moti Yung and Ninghui Li},
  publisher = {ACM Press},
  month =     nov,
  year =      2014,
  url =       {https://checkoway.net/papers/mcis2014},
}