On the security of mobile cockpit information systems

Devin Lundberg; Brown Farinholt; Edward Sullivan; Ryan Mast; Stephen Checkoway; Stefan Savage; Alex C. Snoeren; Kirill Levchenko

doi:10.1145/2660267.2660375

On the security of mobile cockpit information systems

Devin Lundberg, Brown Farinholt, Edward Sullivan, Ryan Mast, Stephen Checkoway, Stefan Savage, Alex C. Snoeren, Kirill Levchenko

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Recent trends in aviation have led many general aviation pilots to adopt the use of iPads (or other tablets) in the cockpit. While initially used to display static charts and documents, uses have expanded to include live data such as weather and traffic information that is used to make flight decisions. Because the tablet and any connected devices are not a part of the onboard systems, they are not currently subject to the software reliability standards applied to avionics. In this paper, we create a risk model for electronic threats against mobile cockpit information systems and evaluate three such systems popular with general aviation pilots today: The Appareo Stratus 2 receiver with the ForeFlight app, the Garmin GDL 39 receiver with the Garmin Pilot app, and the SageTech Clarity CL01 with the WingX Pro7 app. We found all three to be vulnerable, allowing an attacker to manipulate information presented to the pilot, which in some scenarios would lead to catastrophic outcomes. Finally, we provide recommendations for securing such systems. Copyright is held by the authors.

Original language	English (US)
Title of host publication	Proceedings of the ACM Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	633-645
Number of pages	13
ISBN (Print)	9781450329576
DOIs	https://doi.org/10.1145/2660267.2660375
State	Published - Nov 3 2014
Externally published	Yes
Event	21st ACM Conference on Computer and Communications Security, CCS 2014 - Scottsdale, United States Duration: Nov 3 2014 → Nov 7 2014

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	21st ACM Conference on Computer and Communications Security, CCS 2014
Country/Territory	United States
City	Scottsdale
Period	11/3/14 → 11/7/14

Keywords

Aviation
Human factors
Mobile cockpit information systems
Security

ASJC Scopus subject areas

Software
Computer Networks and Communications

Online availability

10.1145/2660267.2660375

Library availability

Discover UIUC Full Text

Cite this

Lundberg, D., Farinholt, B., Sullivan, E., Mast, R., Checkoway, S., Savage, S., Snoeren, A. C., & Levchenko, K. (2014). On the security of mobile cockpit information systems. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 633-645). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/2660267.2660375

On the security of mobile cockpit information systems. / Lundberg, Devin; Farinholt, Brown; Sullivan, Edward et al.
Proceedings of the ACM Conference on Computer and Communications Security. Association for Computing Machinery, 2014. p. 633-645 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lundberg, D, Farinholt, B, Sullivan, E, Mast, R, Checkoway, S, Savage, S, Snoeren, AC & Levchenko, K 2014, On the security of mobile cockpit information systems. in Proceedings of the ACM Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 633-645, 21st ACM Conference on Computer and Communications Security, CCS 2014, Scottsdale, United States, 11/3/14. https://doi.org/10.1145/2660267.2660375

@inproceedings{b9eef439224d4e9e926d7ad226f167b3,

title = "On the security of mobile cockpit information systems",

abstract = "Recent trends in aviation have led many general aviation pilots to adopt the use of iPads (or other tablets) in the cockpit. While initially used to display static charts and documents, uses have expanded to include live data such as weather and traffic information that is used to make flight decisions. Because the tablet and any connected devices are not a part of the onboard systems, they are not currently subject to the software reliability standards applied to avionics. In this paper, we create a risk model for electronic threats against mobile cockpit information systems and evaluate three such systems popular with general aviation pilots today: The Appareo Stratus 2 receiver with the ForeFlight app, the Garmin GDL 39 receiver with the Garmin Pilot app, and the SageTech Clarity CL01 with the WingX Pro7 app. We found all three to be vulnerable, allowing an attacker to manipulate information presented to the pilot, which in some scenarios would lead to catastrophic outcomes. Finally, we provide recommendations for securing such systems. Copyright is held by the authors.",

keywords = "Aviation, Human factors, Mobile cockpit information systems, Security",

author = "Devin Lundberg and Brown Farinholt and Edward Sullivan and Ryan Mast and Stephen Checkoway and Stefan Savage and Snoeren, {Alex C.} and Kirill Levchenko",

year = "2014",

month = nov,

day = "3",

doi = "10.1145/2660267.2660375",

language = "English (US)",

isbn = "9781450329576",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "633--645",

booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

address = "United States",

note = "21st ACM Conference on Computer and Communications Security, CCS 2014 ; Conference date: 03-11-2014 Through 07-11-2014",

}

TY - GEN

T1 - On the security of mobile cockpit information systems

AU - Lundberg, Devin

AU - Farinholt, Brown

AU - Sullivan, Edward

AU - Mast, Ryan

AU - Checkoway, Stephen

AU - Savage, Stefan

AU - Snoeren, Alex C.

AU - Levchenko, Kirill

PY - 2014/11/3

Y1 - 2014/11/3

N2 - Recent trends in aviation have led many general aviation pilots to adopt the use of iPads (or other tablets) in the cockpit. While initially used to display static charts and documents, uses have expanded to include live data such as weather and traffic information that is used to make flight decisions. Because the tablet and any connected devices are not a part of the onboard systems, they are not currently subject to the software reliability standards applied to avionics. In this paper, we create a risk model for electronic threats against mobile cockpit information systems and evaluate three such systems popular with general aviation pilots today: The Appareo Stratus 2 receiver with the ForeFlight app, the Garmin GDL 39 receiver with the Garmin Pilot app, and the SageTech Clarity CL01 with the WingX Pro7 app. We found all three to be vulnerable, allowing an attacker to manipulate information presented to the pilot, which in some scenarios would lead to catastrophic outcomes. Finally, we provide recommendations for securing such systems. Copyright is held by the authors.

AB - Recent trends in aviation have led many general aviation pilots to adopt the use of iPads (or other tablets) in the cockpit. While initially used to display static charts and documents, uses have expanded to include live data such as weather and traffic information that is used to make flight decisions. Because the tablet and any connected devices are not a part of the onboard systems, they are not currently subject to the software reliability standards applied to avionics. In this paper, we create a risk model for electronic threats against mobile cockpit information systems and evaluate three such systems popular with general aviation pilots today: The Appareo Stratus 2 receiver with the ForeFlight app, the Garmin GDL 39 receiver with the Garmin Pilot app, and the SageTech Clarity CL01 with the WingX Pro7 app. We found all three to be vulnerable, allowing an attacker to manipulate information presented to the pilot, which in some scenarios would lead to catastrophic outcomes. Finally, we provide recommendations for securing such systems. Copyright is held by the authors.

KW - Aviation

KW - Human factors

KW - Mobile cockpit information systems

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=84910658797&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84910658797&partnerID=8YFLogxK

U2 - 10.1145/2660267.2660375

DO - 10.1145/2660267.2660375

M3 - Conference contribution

AN - SCOPUS:84910658797

SN - 9781450329576

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 633

EP - 645

BT - Proceedings of the ACM Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 21st ACM Conference on Computer and Communications Security, CCS 2014

Y2 - 3 November 2014 through 7 November 2014

ER -

On the security of mobile cockpit information systems

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this