In our last article over satellite navigation and
satellite communication equipmentwe discussed over COBHAM AVIATOR 700D
Communication Solution and how common and important this system is. In this
article we will cover about COBHAM AVIATOR 700D Communication Solution used
onboard.We will also understand security of this solution with the help of ethical
hacking course expert of International Institute of Cyber Security, Mike
Stevens.
Most common satellite navigation and satellite
communication equipment COBHAM AVIATOR 700D is available in two versions. First
AVIATOR 700 approved to RTCA specification DO-178B level E and DO- 254 level E,
second AVIATOR 700D approved to RTCA specification DO-178B level D and DO- 254
level D. What are level D and Level E?
As per information security
training expert, Anita Thomas, international certification authorities
have defined standardsfor software security of such devices.Some of the
standards are Radio Technical Commission for Aeronautics (RTCA)specification
DO-178B or the European Organization for Civil Aviation Equipment(EUROCAE)
ED-12B. These standards have different levels, mentioned below:
Level A–Catastrophic
Failure may cause multiple accidents, which includes
plane crash.
Level B–Hazardous
This can be result in failure to operate plane or
partial plane crash, which might cause passenger and crew injuries.
Level C–Major
This might cause reduced safety margin and passenger
discomfort.
Level D–Minor
This might cause reduced safety margin and passenger
discomfort or flight route change.
Level E–No Effect
This might not cause reduced safety margin but only
passenger discomfort.
Devices with levels A, B, or C requires a strict
review process and are very secure. Devices with levels D or E are not required
to undergo strict review process and are less secure. As per ethical hacking
course expert Mike Stevens the main concern here is that the industry is
using level D and E devices even after knowing about their security standards.
The industry main concern should be interactions between
devices with different security standards.
Information
security training experts from
Ioactive were able to demonstrate that it is possible to compromise a system
certifiedfor level D that interacts with devices certified for level A,
potentially putting the level A devices integrity at risk.
The exploit of vulnerabilities of these devices of
level E and D can allow a hacker to hack Swift Broadband Unit (SBU) and the
Satellite Data Unit (SDU), which provides AeroH+ and Swift64 services.
As per ethical hacking
course expert, any systems connected to these devices, could also be
hacked. A successful attack could compromise control of the satellite link
channel used by the FANS and other system and malfunction of these subsystems
could pose a safety threat for the airplane.
0 comments:
Post a Comment