Flight satellite and navigation system security

In our last article over satellite navigation and satellite communication equipment, we discussed over the COBHAM AVIATOR 700D Communication Solution and how common and important this system is. In this article we will cover the COBHAM AVIATOR 700D Communication Solution used onboard. We will also understand the security of this solution with the help of ethical hacking course expert of the International Institute of Cyber Security, Mike Stevens.

 

Flight satellite and navigation system security

The most common satellite navigation and satellite communication equipment COBHAM AVIATOR 700D is available in two versions. First, the AVIATOR 700 approved to RTCA specification DO-178B level E and DO- 254 level E, secondly the AVIATOR 700D approved to RTCA specification DO-178B level D and DO- 254 level D. What are level D and Level E?

As per information security training expert, Anita Thomas, International certification authorities have defined standards for software security of such devices. Some of the standards are Radio Technical Commission for Aeronautics (RTCA) specification DO-178B or the European Organization for Civil Aviation Equipment (EUROCAE) ED-12B. These standards have different levels, mentioned below:
Level A–Catastrophic
Failure may cause multiple accidents, which includes plane crash.
Level B–Hazardous
This can result in failure to operate plane or partial plane crash, which might cause passenger and crew injuries.
Level C–Major
This might cause reduced safety margin and passenger discomfort.
Level D–Minor
This might cause reduced safety margin and passenger discomfort or flight route change.
Level E–No Effect
This might not cause reduced safety margin but can cause passenger discomfort.

Devices with levels A, B, or C require a strict review process and are very secure. Devices with levels D or E are not required to undergo strict review processes and are less secure. As per ethical hacking course expert Mike Stevens the main concern here is that the industry is using level D and E devices even after knowing about their security standards. The industry main concern should be interactions between devices with different security standards.

Information security training experts from Ioactive, were able to demonstrate that it is possible to compromise a system certified for level D that interacts with devices certified for level A, potentially putting the level A devices integrity at risk. The exploit of vulnerabilities of these devices of level E and D can allow a hacker to hack SwiftBroadband Unit (SBU) and the Satellite Data Unit (SDU), which provides AeroH+ and Swift64 services.

As per an ethical hacking course expert, any system connected to these devices, could also be hacked. A successful attack could compromise the controls of the satellite link channel used by FANS and other systems. Malfunction of these subsystems could pose a safety threat for the airplane.

Contact Us

stay in touch

We are based in India, USA, Mexico.
We provide trainings & services all around the globe.
Drop us an message, email or Call us

    India
    Fifth Floor, HB Twin Tower Netaji Subhash Place, Delhi NCR, 110034 India
    • +91 11 4556 6845
    USA
    620 West Germantown Pike #272 Plymouth Meeting, PA 19462 USA
    • +1 267 705 5264
    México
    538 Homero # 303-703 Polanco, México D.F - Ciudad de México, CDMX 11570 México
    • +52 55 9183 5420