A new class of apps and wireless devices used by private pilots are vulnerable to a wide range of security attacks, which in some scenarios could lead to catastrophic outcomes, according to computer scientists at the University of California, San Diego and Johns Hopkins University. They examined three combinations of devices and apps most commonly used by private pilots to access the same information available to the pilot of a private jet at a fraction of the cost. All have to be paired with tablet computers to display information.
During testing, researchers found significant safety flaws in all three systems. Two of the systems allowed an attacker to replace completely the firmware, which is home to the programs controlling the devices. All three devices allowed an attacker to tamper with the communication between receiver and tablet. Both types of attacks give an attacker full control over safety-critical, real-time information shown to the pilot.
By tampering with the aircraft position, altitude, and direction indications, also known as heading, as well as weather data and positions of other aircraft displayed to the pilot, an attacker can deceive the pilot, leading them to take actions detrimental to flight safety. Factors such as visibility and pilot workload increase the likelihood of a catastrophic outcome.