Originally published in : Deutsche Welle – www.dw.de
The A320, the Germanwings model that crashed over the French Alps, is a highly automated airplane. Computers control almost everything – and these computers could be hacked, experts say.
A fact that’s undisputed is that the Airbus 320, the downed Germanwings model, is a highly computerized plane. But this by no means renders this aircraft immune to accidents – only months prior to the Germanwings crash one of Airbus’ best-selling airplanes went down over the Java Sea: The AirAsia flight that crashed in December 2014 en route from Indonesia to Singapore was an A320-200.
The computer-controlled plane
Aircraft models from the A320 family rely on aviation software to a much higher degree than most Boeing models.
“The A320 is an almost complete fly-by-wire system, which means that the computers actually fly the aeroplane,” David Stupples, professor for electronic and radio systems at City University London, told DW. “The computer has absolute control over most things.”
There are several computer systems on board the plane, such as interfaces for navigation and communication. They are all connected to the central system that controls the aircraft. This means that each A320 is carrying a huge network of computers with highly complex software.
The software is provided directly by Airbus and is updated regularly to meet the necessary technical and security standards. What’s more, everything in the plane’s computer systems is “triplicated,” Stupples explained.
“It’s not a single computer that controls everything, because if that computer failed, you’d have a real problem,” the electronic systems expert said. “They have three computer systems doing the same job for most of the time. And they work on a voting system. That means that two computers have to “agree” on an action. If the third one differs, it is ignored.”
How to hack an aircraft
With these precautionary measures, the computerized aircraft seems safe. But, says Stupples, it could still be hacked. According to the professor, there are two opportunities to feed malware into the closed computer system.
First, hackers could upload a virus during the plane’s software update, because for this, an external data-line has to be established. The second way is even more direct:
“The Airbus has an electronics bay beneath the cockpit where all of the navigation computers are located,” Stupples said. “So if you could get in there with a USB-stick, you could inject malware into the system.”
Trying to sneak a virus into a plane’s system while its software is updating or physically connecting a USB-stick with malware to an aircraft’s computer is no easy feat though. One would have to be a highly knowledgeable hacker to overcome, for example, the “triplification” of the aircraft’s computer system.
And it would be impossible for an outsider to gain the necessary levels of access, Stupples said. So the hacker would have to be an employee.
Hacking likely not a factor in Germanwings crash
In the case of the downed Germanwings A320, politicians are saying that an outside attack was probably not the cause for the crash. France’s interior minister Bernard Cazeneuve said that all possibilities had to be explored, but that a terrorist attack was not the most likely scenario.
Stupples, who worked in the aviation industry for several decades before coming to City University London, also doesn’t believe that Germanwings’ A320 crashed because of a hacker attack. One of the reasons he gave: the lack of communication from the cockpit.
The malware would have had to sabotage the navigation system to make the plane descend while prohibiting the pilots from overriding the board computers. At the same time it would have had to disable the communication systems so the pilots couldn’t send out a distress call. “That’s virtually impossible,” Stupples said.
The public will have to wait for the evaluation of the cockpit’s voice recorder to learn more about what happened to flight 4U9525.