What could have disabled the communication links on the missing flight MH370?

This is not exactly an M2M topic, but rather in the more general area of communication engineering and is related to the dramatic event of disappearance of MH370. I would just like to put another explanation as an alternative to the leading hypothesis, which states that  the pilots disabled the communication systems on the plane. A disclaimer: I have not been involved with specification or implementation of the communication protocols relevant in this case, but I could infer conclusions based on information that is publicly available (see the references below).

The two communication systems that had been disabled are ACARS (Aircraft Communications Addressing and Reporting System) and the transponder. Let us look first at the ACARS. It is based on a VHF link in the range of 130 MHz. The communication protocol used by ACARS to send messages is called carrier sense multiple access (CSMA) [REF1] which means that the message can be sent only if the communicating device at the airplane senses that there is nobody else transmitting. But this means that, if there is a malicious jamming device attached to the Boeing 777 plane (or even more wildly, on another plane flying very closely to the Boeing 777 plane), which transmits continuously at the same frequency used by ACARS, then the ACARS message would not have been sent. For the ground control it would look as if the ACARS is disabled by the pilots, which is the leading hypothesis at the moment. Note that there is a study [REF2] that already points out the vulnerability of the VHF protocol to jamming.

In a similar way, putting a jammer at 1030 MHz would block the transponder of the plane, as the transponder would not be able to receive message from the ground and would therefore not respond. Jamming of the transponder has also happened before [REF3].

The ping messages received through the satellite link are transmitted/received in frequencies higher than 1500 MHz, hence it is plausible to have a jammer that blocks ACARS at 130 MHz and the transponder at 1030 MHz, but not the satellite link.

Therefore, a probable explanation of what has been observed about the communication systems on MH370 is that ACARS and the transponder have been disabled by jamming.  At first the jammer at 130 MHz was activated and shortly after the one at 1030 MHz. A supplementary element of the above “theory” is the possible use of spoofing techniques. Namely, in addition to jamming the usual ACARS communication, there could have been a device that provides false information to the airplane by capturing the ACARS link and creating an illusion for the pilots that they are communicating with the ground control.  In the same report [REF2], spoofing is mentioned as a plausible attack on the VHF system.

I cannot say that this explanation is totally accurate, since I do not have access to the actual way in which the protocols are implemented, but for the investigators that do have the access, it provides a hint and a possible direction of investigation. On the other hand, it is a plausible alternative to the explanation that the people in the cockpit deliberately turned off the transponder and the ACARS communication system and expand the investigation also towards all the people that had access to the airplane before the takeoff.

Dr. Petar Popovski

Follow-up on this post, with further analysis, can be found here.

References:

[REF1] SITA, “AIRCOM New Generation Services“, position paper, https://www.sita.aero/file/1569/Aircom_new_generation_services.pdf, retrieved March 16, 2014.

[REF2] EUROCONTROL, “VHF security study“, available at http://legacy.icao.int/anb/panels/acp/WG/N/swgn4-1/sgn04-01-misc01.doc‎ 

[REF3] T. Cabannes, “Transponder Jamming”, available at http://icasc.co/sites/faa/uploads/documents/resources/12th_int_flight_inspection_symposium/Transponder_Jamming.doc

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s