Airplanes are a luxury for most people to own, let alone toy with—given all the national security regulations. This year’s DEF CON, however, revealed a fascinating finding leaving many, including myself, surprised.
July this year, British Airways announced it would retire its BOEING-747 fleet “due to the downturn in travel caused by the COVID-19 global pandemic,” as stated by their spokesperson.
This enabled security researchers, Ken Munro and Alex Lomas of Pen Test Partners to get their hands on a BOEING-747, and show us what goes on behind the scenes in the aircraft.
In their DEF CON presentation, the researchers gave a thorough walkthrough of the aircraft and pointed out something that Gareth Corfield of The Register wasted no time in reporting on.
They revealed a critical component of the BOEING-747 jet, the “navigation database loader” which uses 3.5″ floppy disks for updates, even in 2020!
The “diskette stowage” compartment next to the component has a number of floppies as the video (provided at the bottom) gives a quick glimpse of.
To update the navigation database, Lomas explained, an engineer would have to visit the aircraft every 28 days, with a set of floppy disks.
But why floppy disks?
In times where smartphones and IoTs are abundantly ubiquitous, and airlines brag about their inflight entertainment systems equipped with USB ports and Wi-Fi, why would such a critical nav system still rely on these legacy diskettes?
To be clear, not all airplanes do.
Jeff Carrithers, President of GlobalAir.com and a former aircraft researcher, has shed light on the matter:
“The aircraft you are referring must be a vintage aircraft. Floppy disk are no longer used in any modern era aircraft. The vintage aircraft may only have the legacy system still in place because the cost of updating the navigation system would be too cost prohibitive.”
Carrithers further stated this is a remnant of legacy aviation hardware from the seventies. “At a guess, this aircraft would be a commercial or military aircraft made in the early ’70s. Some private aircraft still use CDs to update their navigation systems,” he continued.
These points were further confirmed by a Flight Operations Expert from Simpfly, José Godoy who said, “Most aircraft flying out there have been designed in the 1980s or early 1990s when floppy disks were the ‘state of the art’ technology.”
Godoy said one can find these legacy technologies replaced from time to time whenever a newer fleet is launched:
“A good example is the A320, with the original project from the 1980s which uses floppy disks, while his new version, the A320neo, from 2010s, has ‘retired’ the floppy disks.”
What are “navigation databases” in an aviation context?
Jeff Hall, a senior consultant with and Wesbey Associates and a former private pilot explained that the navigation databases are not maps in the context of Google Earth of MapQuest.
“It is location and frequency information about flight navigation aids and airports in particular countries or regions. This is used in conjunction with programming a flight path when the pilots get on board for the flight.”
“The flight cases that pilots used to carry had the physical navigation charts from Jeppesen. Now those charts are stored on iPads or tablets that the pilots carry,” said Hall.
Godoy also weighed in on the subject, “navigation database comprises routes (composed by airways, waypoints and navigation aids) and airport information (runways, approach and departure instrument procedures).”
What’s with the 28-day mark?
It’s to do with how the U.S. government regulatory body, Federal Aviation Administration (FAA) would update the U.S. airport databases every four weeks, explained Carrithers.
The FAA would then mail these floppy disks to flight departments, aircraft control towers, airlines, and weather services around the country.
“This was all pre-internet and WAN networks were limited to single buildings, [unless] you were with the CIA or other secret organizations. But all large commercial or military aircraft were just starting electronic navigation systems in the cockpits,” Carrithers continued.
What about the security implications?
This is what’s debatable and I can understand both sides of the argument.
Arguably, leaving physical access the only possible way of accessing a critical system, such as via floppy disks, makes it much more secure than expanding the attack surface by opening up remote network access.
If the ground staff tasked with pushing the updates need physically go into the plane to update its navigation loader, the approach is far safer than Wi-Fi-powered “smart updates.”… But that makes ground staff the weakest link in the security chain.
“In theory, it would be more secure from a hack outside the aircraft. But it would probably not have any security protocols to login. Just put the floppy in the drive and it is on and then download it to a hard drive and overwrite the base code. Basic DOS prompts,” explained Carrithers.
What about malware and viruses?
Hall acknowledged, using floppies to provide updates is more secure than doing so over-the-air. But, floppies aren’t exempt from the risks of viruses and malware as expected from any external media device. Although this hasn’t caused any notable problems on airplanes thus far, as Hall states:
“I don’t recall an airplane ever becoming infected using floppy disks as the FAA and airlines had strict procedures for scanning disks for viruses and malware before they ever got near an airplane. But there were a number of incidents over the years where ATMs got infected by floppy disks and CDs performing updates on them.”
Further, these airplanes aren’t running widely used commercial OSes like Windows or Linux which attract malware attacks, “but special non-stop operating systems that are Unix derivatives, so it’s not as easy to infect as one might think,” Hall continued.But the other concern that remains is the use of outdated technologies in aviation.
“If it ain’t broke, don’t fix it!”
Aircraft use multiple legacy systems but the approach works and has worked sufficiently well for years.
“So much about aviation is old-school: the hardware, the software, the infrastructure. And ESPECIALLY the way people in aviation THINK,” said Patrick Smith, an airline pilot and the host of AskThePilot.com.
Reflecting on Carrithers’ previous comment, Smith said, “What is a ‘modern era’ aircraft? The 787 and A350, maybe? Most other planes are based on platforms developed in the 1980s or even the 1970s.”
[Full disclosure: Smith had no knowledge of Carrithers’ comment. I had posed to him a general question: if modern aircraft still relied on floppies]
Inconvenience: too many disks!
If it’s too expensive to replace floppy disk readers with say, a USB interfaced system, it’s understandable.
Moreover, USB ports can’t always be trusted. A cybersecurity professor had recently crashed an in-flight entertainment system using nothing but a USB mouse (CVE-2019-9019).
But using floppies is downright inconvenient. Each diskette can store a mere 1.44 megs. This means a typical update of navigation database may require a series of 8 or so floppies, loaded in a particular order.
A higher-capacity CD-ROM would likely be more efficient and eradicate errors—by that I mean, you wouldn’t have to worry about messing up the sequence in which the diskettes are to be inserted.
ACI Jet, a global aviation services company recently published a blog post titled, “Can data loading be fun?” which actually discusses this very issue.
“In any environment other than aviation, database loading would be easy and cheap (don’t say it). Being that the hardware required is on an aircraft, however, means that you’re likely doing this with archaic media such [as] Zip or floppy disks.”
The post describes the process of pushing the updates may sound easy but can take hours on older systems that have “spotty availability” and are unreliable. And, this nuisance has to be repeated every 2-4 weeks.
In the same blog post, the company lists some products which can take the plain out of the update process. These include capabilities like USB interfaces and wireless updates powered by an iPad app.
The company’s Avionics Manager, Brian Ford stated, “We routinely work on aircraft that use ZIP disks and PCMCIA cards to update databases, along with proprietary software to load said cards.”
“The ‘if it ain’t broke, dont fix it’ concept may be how people rationalize it, but ultimately the development cycles for getting hardware approved for aircraft moves glacially show compared to consumer electronics.
Much of that is due to the reliability, safety, and testing requirements to get the approval of the regulatory agencies involved. That means that once a piece of hardware in approved and installed, that design is unlikely to be improved upon.
If there are features that could be added to justify the cost of a hardware upgrade (perhaps Wi-Fi loading through an iPad vs. proprietary PC software that may require older hardware) then we can start to see components with modern interfaces like USB, such as in the article of ours you mentioned”Brian Ford, Avionics Manager at ACI Jet
Now, for your viewing pleasure, here’s the original DEF CON video stream by Munro and Lomas: