Flight satellite and navigation system security


In our last article over satellite navigation and satellite communication equipment we discussed over COBHAM AVIATOR 700D Communication Solution and how common and important this system is. In this article we will cover about COBHAM AVIATOR 700D Communication Solution used onboard. We will also understand security of this solution with the help of ethical hacking course expert of International Institute of Cyber Security, Mike Stevens.
Most common satellite navigation and satellite communication equipment COBHAM AVIATOR 700D is available in two versions. First AVIATOR 700 approved to RTCA specification DO-178B level E and DO- 254 level E, second AVIATOR 700D approved to RTCA specification DO-178B level D and DO- 254 level D. What are level D and Level E?
As per information security training expert, Anita Thomas, International certification authorities have defined standards for software security of such devices. Some of the standards are Radio Technical Commission for Aeronautics (RTCA) specification DO-178B or the European Organization for Civil Aviation Equipment (EUROCAE) ED-12B. These standards have different levels, mentioned below:
Level A–Catastrophic
Failure may cause multiple accidents, which includes plane crash.
Level B–Hazardous
This can be result in failure to operate plane or partial plane crash, which might cause passenger and crew injuries.
Level C–Major
This might cause reduced safety margin and passenger discomfort.
Level D–Minor
This might cause reduced safety margin and passenger discomfort or flight route change.
Level E–No Effect
This might not cause reduced safety margin but only passenger discomfort.

Devices with levels A, B, or C requires a strict review process and are very secure. Devices with levels D or E are not required to undergo strict review process and are less secure. As per ethical hacking course expert Mike Stevens the main concern here is that the industry is using level D and E devices even after knowing about their security standards. The industry main concern should be interactions between devices with different security standards.
Information security training experts from Ioactive were able to demonstrate that it is possible to compromise a system certified for level D that interacts with devices certified for level A, potentially putting the level A devices integrity at risk. The exploit of vulnerabilities of these devices of level E and D can allow a hacker to hack SwiftBroadband Unit (SBU) and the Satellite Data Unit (SDU), which provides AeroH+ and Swift64 services.
As per ethical hacking course expert , any systems connected to these devices, could also be hacked. A successful attack could compromise control of the satellite link channel used by the FANS and other system and malfunction of these subsystems could pose a safety threat for the airplane.

Blog Page