Flight Safety Information April 11, 2013 - No. 075 In This Issue Plane without front landing gear touches down safely at Essex County Airport Vulnerabilities in aircraft systems allow remote airplane hijacking, researcher says Texting and flying: The rules for pilots Texas legislators take aim at airport searches, consider opting out of federal security PROS IOSA Audit Experts Japan Re-Emerges in the Aerospace Arena With a New Jet San Francisco Airport Bans Rideshare App Companies from Taxi Line Dark Lightning Zaps Unknowing Airline Passengers with Radiation During Flight Plane without front landing gear touches down safely at Essex County Airport A flying lesson turned scary, but ended safely, when the plane's landing gear malfunctioned in flight, Fairfield Police said. Around noon today, Fairfield Police received a 9-1-1 call from the Essex County Airport reporting a plane would be attempting to land without its front landing gear engaged. The plane, a 1982 fixed wing, single engine Cessna is owned by CF Images LLC and was being operated by Frederick Hartman Jr. of Century Air, a flight training company located at the airport. He was training a second man, Alberto Corvo, to become a flight instructor, police said. Emergency personnel went to the scene and the plane landed without incident. No one was injured. The Fairfield Fire Department, Atlantic Ambulance and Paramedics and the Essex County Sheriff's Department all responded to the emergency. The investigation of the incident was turned over to the Federal Aviation Administration and the airport has resumed normal operations. This is the second incident at the Essex County Airport this year involving a plane that had a landing gear malfunction during landing. On February 7th a 1964 Piper PA-30, fixed wing, multi-engine airplane lost the use of all of its landing gear and the plane ended up sliding down the runway. No one was injured. http://www.nj.com/essex/index.ssf/2013/04/plane_without_front_landing_ge.html Back to Top Vulnerabilities in aircraft systems allow remote airplane hijacking, researcher says The lack of security in communication technologies used in the aviation industry makes it possible to remotely exploit vulnerabilities in critical on-board systems and attack aircraft in flight, according to research presented Wednesday at the Hack in the Box security conference in Amsterdam. The presentation, by Hugo Teso, a security consultant at consultancy firm N.runs in Germany, who has also had a commercial pilot license for the past 12 years, was the result of the researcher's three-yearlong research into the security of avionics. Teso showed how the absence of security features in ADS-B (automatic dependent surveillance-broadcast), a technology used for aircraft tracking, and ACARS (Aircraft Communications Addressing and Reporting System), a datalink system used to transmit messages between aircraft and ground stations via radio or satellite, can be abused to exploit vulnerabilities in flight management systems. He did not experiment on real airplanes, which would be both dangerous and illegal, according to his own account. Instead Teso acquired aircraft hardware and software from different places, including from vendors offering simulation tools that use actual aircraft code and from eBay, where he found a flight management system (FMS) manufactured by Honeywell and a Teledyne ACARS aircraft management unit. Using these tools, he set up a lab where he simulated virtual airplanes and a station for sending specifically crafted ACARS messages to them in order to exploit vulnerabilities identified in their flight management systems -- specialized computers that automate in-flight tasks related to navigation, flight planning, trajectory prediction, guidance and more. The FMS is directly connected to other critical systems like navigation receivers, flight controls, engine and fuel systems, aircraft displays, surveillance systems and others, so by compromising it, an attacker could theoretically start attacking additional systems. However, this aspect was beyond the scope of this particular research, Teso said. Identifying potential targets and gathering basic information about them via ADS- B is fairly easy because there are many places online that collect and share ADS- B data, such as flightradar24.com, which also has mobile apps for flight tracking, Teso said. ACARS can be used to gather even more information about each potential target, and by combining this information with other open-source data, it is possible to determine with a fairly high degree of certainty what model of FMS a specific aircraft is using, Teso said. After this is done, an attacker could send specifically crafted ACARS messages to the targeted aircraft to exploit vulnerabilities identified in the code of its FMS. In order to do this, the attacker could build his own software-defined radio system, which would have a range limit depending on the antenna being used, or he could hack into the systems of one of the two main ground service providers and use them to send ACARS messages, a task that would probably be more difficult, Teso said. Either way, sending rogue ACARS messages to real aircraft would most likely lead to the authorities searching and eventually locating you, the researcher said. Teso created a post-exploitation agent dubbed SIMON that can run on a compromised FMS and can be used to make flight plan changes or execute various commands remotely. SIMON was specifically designed for the x86 architecture so that it can only be used in the test lab against virtual airplanes and not against flight management systems on real aircraft that use different architectures. The researcher also created an Android app called PlaneSploit that can automate an entire attack, from discovering targets using Flightradar24 to exploiting vulnerabilities in their FMS, installing SIMON and then performing various actions, like modifying the flight plan. As previously mentioned, the research and demonstrations were performed against virtual planes in a lab setup. However, the FMS vulnerabilities identified and the lack of security in communication technologies like ADS-B and ACARS are real, Teso said In a real-world attack scenario, the pilot could realize that something is wrong, disengage the auto-pilot and fly the plane like in the old days using analog systems, Teso said. However, flying without auto-pilot is becoming increasingly difficult on modern aircraft, he said. Teso did not reveal any specifics about the vulnerabilities he identified in flight management systems because they haven't been fixed yet. The lack of security features like authentication in ADS-B and ACARS is also something that will probably take a lot of time to address, but the researcher hopes that it will be done while these technologies are still being deployed. In the U.S., the majority of aircraft are expected to use ADS-B by 2020. N.runs has been in contact with the European Aviation Safety Agency (EASA) for the past few weeks about the issues identified during this research, Teso said, adding that he has been pleasantly surprised by their response so far. "They haven't denied the issues, they listened to us and they offered resources," he said. "They're trying to help us to take this research on a real plane." http://www.pcworld.com/article/2033807/vulnerabilities-in-aircraft-systems-allow- remote-airplane-hijacking-researcher-says.html Back to Top Texting and flying: The rules for pilots A helicopter runs out of fuel midair after its pilot was evidently flying with one hand and texting with another. The chopper crashes, killing everyone on board. It sounds incredible, but it's true. We live in a multitasking society. That's a reality. Now some experts wonder whether that reality is clashing with the safe operation of our nation's aircraft. Distraction in the cockpit was a key element of testimony delivered Tuesday on a deadly 2011 medivac helicopter crash. The pilot was violating Federal Aviation Administration rules and company policy by using his phone in flight. Yet in some cases, the use of other types of personal electronic devices in the cockpit is still allowed. But that may be changing. Experts and officials say a total ban on using personal electronic devices in the cockpit is needed. "You can't multitask everything," said John Goglia, a former member of the National Transportation Safety Board, which is the nation's top aviation investigation agency. "To think that you can text and fly, especially a helicopter, is ludicrous. Helicopters require concentration, even more so than many airplanes." Medivac chopper pilots fall under the same rules for electronic communications devices as commercial airplanes. Goglia and other experts favor stricter FAA rules for all aircraft, including helicopter ambulances. Under a newly proposed FAA rule, commercial pilots would be banned at all times from using "a wireless communications device or laptop computer for personal use while at their duty station on the flight deck while the aircraft is being operated." Nonflight related conversations, including via electronic devices, are banned during take off and landing and during flight below 10,000 feet. Above 10,000 feet, commercial pilots can use tablets and laptops. Yet laptop distractions were blamed in an embarrassing 2009 incident where Northwest pilots overshot their destination by 150 miles. The FAA cited that blunder as a factor in its January proposal to toughen the current rules, which haven't been updated since 1981. Laptops and tablet computers such as iPads have been around for years. The Northwest incident happened in 2009, so why is the FAA only now getting around to stiffening the rules? "The FAA is behind the curve across the board," said Goglia. "The rule making process has become so cumbersome that even when there's a strong desire to change the rules, it still takes forever." When tougher rules might go into effect is uncertain, the FAA said. The agency says it is reviewing comments on their proposal. It's a challenging time for the FAA to respond quickly to rapidly changing technology, said former Department of Transportation Inspector General Mary Schiavo. "It's kind of a learning phase ... a work in progress really." She said the FAA has been hampered recently by less than ideal congressional leadership on aviation issues. The FAA points out that its longstanding policy has always prohibited "during a critical phase of flight" any activity that would distract from the safe operation of an aircraft. Even if personal electronic devices are banned during flight, pilots often use text- based systems to communicate with controllers on the ground. The difference is in situational awareness. Using technology that folds into flight operations is directly connected to the job at hand. Making dinner plans is not. Pilots follow an approved FAA process. "One pilot tells the other that he's going heads down for a minute," Goglia explained. "That's his signal that the other pilot has to pay more attention." When it comes to single pilots flying alone, operating heads-down technology is supposed to be very limited, Goglia said, but it's still a problem that the FAA needs to address. http://www.cnn.com/2013/04/10/travel/texting-flying-rules/?hpt=us_c2 Back to Top Texas legislators take aim at airport searches, consider opting out of federal security Lawmakers took aim at airport pat-downs Wednesday, considering proposals to opt out of federal protection at all Texas airports and criminalize aggressive body checks. Similar debate two years ago led to threats by federal aviation officials of the possibility of shutting down the state's airports because of security concerns. That prospect effectively halted the so-called anti-groping bill, which had unanimously passed the House. But the cause of intrusive and offensive searches of innocent passengers has ignited conservative and tea party adherents, leading to the latest attempt to clip the wings of the Transportation Security Agency. Both bills were left pending before the House State Affairs Committee, which approved the anti-groping bill two years ago. This year, nearly a third of House members have signed on as co-sponsors. Rep. Larry Phillips, R-Sherman, told the committee that a provision of federal law allows airports to opt out of TSA protection in favor of state or private security forces. He cited San Francisco International Airport and numerous smaller facilities in Montana as having successfully done so. His proposal would require all Texas airports to seek the opt-out so that no one terminal could be targeted with retribution. He said the airports could then use federal dollars to hire private security. Phillips argued that contractors would be more responsive to the traveling public. "I won't argue that when you walk through you'll see anything different, you'll just be treated better," he said. Rep. David Simpson, R-Longview, reprised his anti-groping bill that would make it a felony for a public servant to touch the private parts of citizen without having probable cause for a search. The legislation "seeks to restore a measure of freedom and dignity to traveling and entering public places," Simpson said. He cited incidents in which wounded veterans have been forced to remove prosthetics and where young children have been separated from their parents and improperly touched. "The terrorists have won if we allow that to go on in the name of safety," Simpson said. Rep. Rene Oliveira, D-Brownsville, raised questions about how an agent would address a suspicion, especially knowing that if his hunch didn't meet the definition of probable cause he might go to prison. Simpson said training should take care of the issue. http://www.dallasnews.com/news/politics/headlines/20130410-lawmakers-take- aim-at-airport-searches-consider-opting-out-of-federal-security.ece Back to Top Back to Top Japan Re-Emerges in the Aerospace Arena With a New Jet As a small boy, Teruaki Kawai watched wide-eyed as American DC-3s took off and landed at a small airport across an inlet from his home on the Hiroshima coast. Japan's golden era of aviation, which culminated with the feared and respected Mitsubishi Zero fighter planes, had ended a decade earlier along with World War II. Banned from making planes by American occupiers after the war, then allowed only to make parts for American military jets, Japan's aircraft industry was a shadow of its former self. If all goes well this year, Mr. Kawai, now 65 and president of the Mitsubishi Aircraft Corporation, will preside over Japan's biggest aviation comeback since the war. In late 2013, the company plans the first flight of its Mitsubishi Regional Jet, a sleek, 90-seat commercial plane that is Japan's bid to break into the industry's big leagues after almost 70 years. "For decades, we were confined to supplying parts for other passenger jets. But we're finally heading into new territory," Mr. Kawai said in a recent interview at Mitsubishi Aircraft's Tokyo office. Mitsubishi's comeback was abetted in large part by Boeing's outsourcing more of its aircraft manufacture to overseas suppliers. As Boeing came to rely on foreign contractors, Japanese manufacturers moved in, designing and supplying some of the jet's most vital sections. A full third of Boeing's new 787 Dreamliner is supplied by Japanese manufacturers, including Mitsubishi Aircraft's parent company, Mitsubishi Heavy Industries, which makes the jet's carbon-fiber composite main wings. Even so, Boeing and Mitsubishi could not be further apart in their approach to jet- building. In contrast to the cutting-edge 787, Mitsubishi's regional jet uses only a little of the advanced carbon fiber that its parent company supplies to Boeing. Neither does the regional jet use the volatile lithium-ion batteries that have become a major headache for Boeing, overheating on two planes in January and prompting American and Japanese safety regulators to ground the entire 787 fleet. Mitsubishi's caution underscores the importance, to the company and to Japan, of getting the regional jet project off the ground in an industry where reputation for reliability is paramount. That is especially the case, experts say, for a country long absent from the business of making planes, save military jets under license from the United States, and a series of small private jets. In the late 1950s and 1960s, Mitsubishi participated in a consortium to develop the YS-11 plane, a 60-seat turboprop airliner led and largely financed by the Japanese government, which was eager to restart the country's aviation industry. Leading the YS-11's design was Teruo Tojo, one of the Mitsubishi Zero fighter's original engineers and the second son of Hideki Tojo, the Japanese wartime leader who was executed as a war criminal by the Allies. But with no experience in making civilian jets, Mr. Tojo and his team of engineers struggled with the YS- 11's design. Regulators in the United States who tested the plane said early versions of the aircraft rolled from side to side and leaked rainwater. Its air-conditioning systems broke down. Passengers complained its roaring twin engines were too loud. And despite generous state backing, soaring manufacturing costs crippled the consortium's finances. In 1973, barely 10 years after the YS-11's maiden flight, the consortium canceled the project. It built just 182 aircraft and sold its planes at a loss. "We wanted to sell to the world, but on the ground, we felt we were chasing an impossible dream," Mr. Tojo, who eventually became vice president of Mitsubishi Heavy Industries and president of Mitsubishi Motors, reminisced in a 1990 interview with the Nikkei Sangyo Shimbun newspaper. "Who would buy a plane made in Japan?" Mr. Tojo passed away last year at the age of 98. Burned by the YS-11 flop, Japan shifted its aviation strategy to supplying, and learning from, the largest aircraft makers of the time, of which the largest was Boeing. Japanese suppliers have played an increasingly bigger role in building Boeing aircraft, supplying 15 percent of the 767 jet, 21 percent of the 777, and 35 percent of the 787. The Japanese government quickly became one of the largest financial backers of those projects, handing out billions of yen in subsidies to help Japanese suppliers develop technology and win lucrative contracts from Boeing. Though the government declines to reveal exact numbers, estimates by researchers at the State University of New York of how much Japan has handed out to 787 suppliers in subsidies and loans over the past decade are as high as $1.6 billion. . Boeing, which is based in Chicago, outsources its parts manufacturing to pare its investment in research and development, design, manufacturing and also its work force. These Boeing contracts have kept tens of thousands of Japanese workers busy for years, and still account for about 40 percent of jobs in the industry. They also help keep Japanese companies on the forefront of crucial aeronautical technology. And in a cozy quid pro quo, Japan's biggest airlines have for years bought their planes almost exclusively from Boeing - an unusual practice among global carriers, which tend to play Boeing off against its rival, Airbus, to negotiate better terms and prices. "It's been a 'you scratch my back, and I'll scratch yours' kind of relationship that made both sides captive to each other," said Takanori Maema, an aeronautics expert and former engine designer at the IHI Corporation, another major Boeing supplier. "But all along, Japan always aspired to build its own plane." At the same time, the Japanese government was ready to give passenger plane manufacturing another try, as it looked in the early 2000s for ways to bolster Japanese exports and revitalize the country's stagnant economy. In 2003, it announced bold plans to finance the development of compact, fuel- efficient aircraft. By the mid-2000s, Mitsubishi executives were gearing up to develop a passenger jet. The company placed Mitsubishi Aircraft's new headquarters in its prewar offices in Nagoya, where engineers designed the Zero. The Mitsubishi Regional Jet, announced in 2008, is conservative in its use of new technologies and materials. Mitsubishi drastically reduced its use of advanced carbon composite material, opting to use high-grade aluminum alloy wings after discovering that carbon fiber still did not deliver the weight savings that engineers had hoped for. (The weight savings from carbon composite materials are greater for the 787, a larger plane.) After initially exploring the use of advanced lithium-ion batteries, Mitsubishi engineers also concluded that the technology was not tested enough to power a passenger jet, opting instead to use conventional cadmium nickel packs. ("It's too dangerous. The technology isn't mature enough for a plane like ours," Mr. Kawai said of lithium-ion batteries.) Still, Mitsubishi's regional jet boasts about 20 percent in fuel savings compared to similar size Brazilian-built Embraer 190 jets. Much of the fuel economy comes from its use of new engines from the American manufacturer, Pratt & Whitney. The plane's wings are thinner and are more aerodynamic than those on similar models, also improving energy efficiency. Mitsubishi says newly designed seats on the M.R.J. also offer wider seats than rival aircraft: 18.5 inches across compared with 17.3 inches on Canada's Bombardier's CRJ700 series. The company has 165 firm orders to date for the $42 million jet, and it aims to secure as many as 5,000 orders over the next two decades - a goal some experts dismiss as unrealistic. It faces well-established rivals like Bombardier and Embraer. The Russians and Chinese are also making inroads into plane-building. By bolstering its aviation credentials, Japan could also keep upstarts in South Korea, Taiwan and China from encroaching on its lucrative Boeing work, which analysts say contributes around a fifth of Mitsubishi's roughly $5.7 billion aeronautics business. "As a boy, I didn't think that Japan would build a plane again," Mr. Kawai said. "But it's been over a half-century. It's high time for Japan to give it another go." http://www.nytimes.com/2013/04/10/business/global/japan-re-emerges-in-the- aerospace-arena-with-a-new-jet.html?pagewanted=all&_r=0 Back to Top San Francisco Airport Bans Rideshare App Companies from Taxi Line Last month, San Francisco International Airport issued cease-and-desist orders to six different app-based rideshare companies like Lyft, SideCar, and UberX. These companies connect regular drivers -not licensed taxi or limo drivers- to passengers via smartphone app. The driver gets paid through a voluntary donation, also done through the app. Doug Yakel, a spokesperson for the airport, said it's not about shutting out new forms of transportation. "We're very open to new business ideas and we would like to provide a way to provide those options, but we have an obligation to safety," he said. "We also have to keep a level playing field and promote fairness." With 44 million people coming through SFO each year, Yakel says it's important to make sure each passenger gets a safe and fairly priced ride from the airport. On its website, SideCar says it shouldn't be regulated like a taxi or limo company, because it isn't one. They say they are a "peer to peer ridesharing app," not a typical dispatch service that requires regulation. SideCar says it simply facilitates trips that are legal in California- think casual carpools. Yakel acknowledges that carpooling and traditional ridesharing are legal, but he maintains that SideCar and similar companies have a key difference. "The difference is money is being exchanged for transportation and the company is keeping some of the profits," Yakel said. In other words, app-based rideshare companies can't claim they're just helping people find rides - so the airport says they should be regulated like taxis and shuttles. Back in November, the California Public Utilities Commission (CPUC) issued cease-and-desist orders and fines to Lyft, Uber, and Sidecar to stop all operations within the state. Since then, Lyft and Uber have entered into operating agreements with the CPUC, meaning they've showed proof of insurance that will protect their passengers in the case of accident or injury. But that's just temporary. The CPUC is studying how to determine - if at all - how the agency should regulate ridesharing companies. "We're concerned for the safety of riders and everyone involved in these new operations," said CPUC spokesperson Andrew Kotch. "We're figuring out how rules might be revised to include these new transportation entities." The CPUC is holding a workshops this week to bring together representatives from all affected parties -including rideshare companies, limousine services, and taxis - and discuss the agency's options in regulation. "The information we gather will be taken into consideration and will help come up with a new proposal, expected in mid- to late summer," said Kotch. Meanwhile, airport spokesperson Doug Yakel said the airport permit process is closely linked to the CPUC's. "Before we could begin the airport permit process, they have to clear the CPUC and MTA processes," he said. "These companies have to find their place in the transportation process." http://transportationnation.org/2013/04/10/san-francisco-airport-bans-rideshare- app-companies-from-taxi-line/ Back to Top Dark Lightning Zaps Unknowing Airline Passengers with Radiation During Flight You may not have seen it, but you may have been exposed to it. Dark lightning, the flashes of gamma rays that occur at altitudes at which aircraft fly, can zap unknowing passengers with radiation during thunderstorms. Yet how much radiation that passengers and pilots are exposed to has remained a mystery--until now. New research has pinpointed the amount of radiation that dark lightning produces and how much airline personnel may experience. Researchers first discovered dark lightning about a decade ago. That's when they found that thunderstorms could generate brief but powerful bursts of gamma rays with the ability to blind sensors on satellites hundreds of miles away, according to Discovery News. Yet while they're bright to the satellites, they're barely noticeable to humans. It's unlikely that many people flying have even noticed the faintly purple flashes. The new study used computer models in order to find out exactly how this dark lightning discharges. More specifically, the physics-based model was able to pinpoint the exposure dose that someone on a plane would likely receive during one of these dark lightning events. So how much do passengers receive? At the top of thunderstorms at about 40,000 feet, radiation doses are comparable to about 10 X-rays, or the same dose that people receive from natural background sources of radiation over the course of an entire year. In the middle of the storms at about 16,000 feet, radiation doses could be about 10 times larger and comparable to some of the largest doses received during medical procedures--such as a full-body CT scan. While these doses could be large, though, there's currently no data on exactly how often these storms actually occur. Because the bursts of dark lightning are so brief, they are usually undetected. This makes it more difficult to calculate exactly how often they occur. However, researchers estimate that dark lightning bursts occur anywhere between 1/100th to 1/1000th as often as normal lightning bursts. The new findings could allow researchers to better understand how dark lightning can impact flight personnel that are more likely to be exposed to these types of storms. In addition, it could prompt airlines to develop planes that can better resist this type of radiation. Currently, researchers recommend that pilots do what they already do: avoid major thunderstorms while in flight. The research was presented at a meeting of the European Geosciences Union in Vienna. http://www.scienceworldreport.com/articles/6153/20130410/dark-lightning-zaps- unknowing-airline-passengers-radiation-during-flight.htm Curt Lewis