Jump to content

Sign in to follow this  
larshall

Scary - if true

Recommended Posts

From Wired:

 

"A SECURITY RESEARCHER kicked off a United Airlines flight last month after tweeting about security vulnerabilities in its system had previously taken control of an airplane and caused it to briefly fly sideways, according to an application for a search warrant filed by an FBI agent.

Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states."

http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane

Also discussed here:

https://www.petri.com/security-expert-claims-he-hacked-airplanes-while-in-flight

 

Share this post


Link to post

I think the guy is phony and ego-maniac, suffers from 'small man syndrome' and desperately wants his 15 min of fame.

 

A more relevant discussion of his claim is on this pilot's forum:

 

http://www.pilotsofamerica.com/forum/showthread.php?t=82247

I agree, and of course the media is running wild with it. If though  he did do this, he should get 20 years for his trouble!!


Thanks

Tom

My Youtube Videos!

http://www.youtube.com/user/tf51d

Share this post


Link to post

I think the guy is phony and ego-maniac, suffers from 'small man syndrome' and desperately wants his 15 min of fame.

 

A more relevant discussion of his claim is on this pilot's forum:

 

http://www.pilotsofamerica.com/forum/showthread.php?t=82247

 

Very true, it's almost certainly BS, and if not, it should be fairly self evident from the records of the flight.  

 

Appreciate the FBI have to take it seriously until proven that it's BS, I do worry that we're going to end up with people thinking that any fool with a laptop can take over planes.  Whilst in general, if it's connected, it can be hacked, given time, money and skill, the most credible threat would be nation-state backed actor in the same vein as Stuxnet (which targeted specific Siemens kit used in nuclear power stations), probably targeting the communications systems and using that as a jumping off point to compromise the flight systems*, rather than a random angry nerd with a laptop munching on in-flight peanuts.

 

Besides, if you wanted to take control of an aircraft and don't have the resources of Mossad/the FSB behind you, it would be much easier to just rush the pilots as they go to the bathroom!

 

 

*I have no direct knowledge of the internal systems of airliners, and no-one that is able to do it is likely to go public on how, but it would be the be a logical route for a large scale attack as it would enable proper coordination, rather than just dropping individual planes out of the sky.


30xhnrt.png

Banner_MJC1.png

Share this post


Link to post

Flying "sideways"???

 

That's as silly as the news anchors talking about the Amtrak engineer "steering" the train... :Rolling Eyes:


Fr. Bill    

AOPA Member: 07141481 AARP Member: 3209010556

Interests: Gauge Programming - 3d Modeling for Milviz

Many Thanks to All That Donated To Our Server Drive!

Share this post


Link to post

........ he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer.

 

What a load of complete and utter TOSH !  :lol:

 

Totally independent, non-networked systems / circuits.

 

The only 'interface' between the IFE and the flight computers, is that of electrical power.     And 'coding' is not possible over a raw electrical supply feed.

Share this post


Link to post

What a load of complete and utter TOSH !  :lol:

 

Totally independent, non-networked systems / circuits.

 

The only 'interface' between the IFE and the flight computers, is that of electrical power.     And 'coding' is not possible over a raw electrical supply feed.

 

That's the big unknown (for me at least), are they actually fully independent (power aside)?  My assumption was that they might share sensors for the moving passenger map at least, but without ever having seen the schematics (and being unlikely ever to get to see them), it's not something I can say for certain.  

 

You would hope that they are air gapped from anything of consequence for flight safety, but given the shocking state most critical infrastructure has languished in for the last few decades, it wouldn't surprise me if they were just as "competently" secured....

 

Edit: This link suggests that the 787 is not fully air gapped, it's a little out of date but is a reproduction of an FAA document.  Lovely...


30xhnrt.png

Banner_MJC1.png

Share this post


Link to post

 

 


Edit: This link suggests that the 787 is not fully air gapped, it's a little out of date but is a reproduction of an FAA document. Lovely...

 

This was one of the main reasons for the initial delay in the 787 program. The FAA ordered that the entertainment network totally be segregated from the aircraft flight systems. So unless Boeing didn't do the redesign properly to comply with the order, the 787 should not be susceptible to this issue. I will assume the same would apply to the new Airbus A350's and the upcoming 737 MAX and A3xxx NEO's. The only question is would earlier planes be  susceptible to this type of tampering, and if so, could it be done without the flight crew being aware of it from there display's and gauges. I think though an uncommanded engine manipulation would be noticed by the flight crew, especially one that made the plane fly sideways. So I highly doubt this particular incident.


Thanks

Tom

My Youtube Videos!

http://www.youtube.com/user/tf51d

Share this post


Link to post

 

 


Whilst in general, if it's connected, it can be hacked

I take issue with this statement. I spent my whole life in network programming.

To be 'hacked' not only there must be a connection (wireless or otherwise) but there must also be a logical connection. 

Can somebody listening to a radio station hack it? No. There is a connection but hacking is impossible. Even if flight systems

send a networking broadcast type message (don't know if they do or don't) to the entertainment system (for example aircraft

current position) it's a one way message, hacking through such a connection is impossible. An entertainment system even

though 'connected' can't perform any write operation into the other side.


Michael J.

Share this post


Link to post

I take issue with this statement. I spent my whole life in network programming.

To be 'hacked' not only there must be a connection (wireless or otherwise) but there must also be a logical connection.

Can somebody listening to a radio station hack it? No. There is a connection but hacking is impossible. Even if flight systems

send a networking broadcast type message (don't know if they do or don't) to the entertainment system (for example aircraft

current position) it's a one way message, hacking through such a connection is impossible. An entertainment system even

though 'connected' can't perform any write operation into the other side.

Please forgive my imprecision. Think of it as a working assumption, the less funny cousin of 'nothing is foolproof to a sufficiently talented fool'. :)

 

You are correct that there are certain attributes that may make it impossible in certain cases, but the number of devices that truly act like radio stations at all points in time (and take no external input at all) is minimal compared to those which have some connectivity, even if it's simply a diagnostic port for an engineer to use. To take your example, you wouldn't attack a radio station using a car stereo, but you might target their employees with phishing mails looking for credentials(this happens to banks quite regularly), probe their network perimeter, attempt to get malware inside using a USB stick and an insider, or through any number of other means.

 

I work for an information/cyber security consultancy (albeit not as a pen tester) and whilst I have no special knowledge of airliner systems (it's not an industry we serve, hence I have no evidenced view on the practicality of the entertainment system as a jumping off point for an attack), we are seeing an increasing number of our larger clients investing heavily in protection within their perimeter (such as traffic flow analysis and rogue device detection), on the assumption that someone, somewhere can find a chink in their armour, rather than solely rely on hardening of the perimeter and systems. The reasons behind this are twofold, the more complex and more connected a system or business environment, the more difficult and expensive it is to harden, and (particularly when you talk about critical infrastructure) the sort of groups looking to carry this sort of attack out are well funded, highly skilled and willing to play the long game, particularly if you are talking about organised crime or nation states, and they are just as capable of finding fresh vulnerabilities as security researchers.

 

Which is a very long winded way of saying that if you are a sufficiently interesting target, someone is probably working out how to hack you, and if you think you have no vulnerabilities then you've probably just not found them all yet :) This will only get worse as airliners and the processes and technologies that support them become progressively more connected.


30xhnrt.png

Banner_MJC1.png

Share this post


Link to post

I have more than enough trouble keeping devices that are supposed to be connected, connected... :Whistle:


Fr. Bill    

AOPA Member: 07141481 AARP Member: 3209010556

Interests: Gauge Programming - 3d Modeling for Milviz

Many Thanks to All That Donated To Our Server Drive!

Share this post


Link to post

Well the reactions certainly do run the gamut.......


Orbx Beta Tester
Just Flight Beta Tester
 
We are all connected..... To each other, biologically...... To the Earth, chemically...... To the rest of the Universe atomically.
 
Devons rig
Intel Core i7 8700K @ 5.0GHz / 32.0GB G.SKILL TridentZ Series Dual-Channel Ram / ZOTAC GAMING GeForce® RTX 2080 Ti Triple Fan / Sound Blaster Z / Oculus Rift VR Headset / Klipsch® Promedia 2.1 Computer Speakers / ASUS ROG SWIFT PG279Q ‑ 27" IPS LED Monitor ‑ QHD / 2x Samsung SSD 850 EVO 500GB / Windows 10 Pro 64-bit / Gigabyte Z370 AORUS Gaming 5 Motherboard

Share this post


Link to post

I would stake my life on saying that this is complete crap.  No logical person or systems engineer would ever put an IFE system on the same "network" as a thrust management computer or FADEC.  As stated above, the only common wiring would be for electrical power.   He would have had to physically finf the data bus wire bundle somewhere in the miles of cables and wire in the tube of the plane and plug into it with the same proprietary software interface as whoever designs and maintains the system.  Not practical in the passenger cabin.   


<p>Dassault Falcon, Lear, Embraer and Challenger and Cessna Mechanic.Broadcasting live from former Soviet Missile Silo.Rhys Legge

Share this post


Link to post

I have to agree with Flying Penguin on this one, having built PCI-DSS networks and systems. Just because a device is broadcasting messages, i.e a moving map, does not mean it cannot be hacked. If a device is sending messages, it could be broken and messages to get through. It all depends on the code and how it's networked. If an application is blasting messages, it's not impossible to break that in theory.

 

What we are also forgetting is plane, and their systems, are made by humans. Humans make mistake. They may test something to the nth degree, but may miss one thing or another. Also possible that a new exploit is found that was unknown before. Since we don't know exactly how the moving map works, and also a lot of planes allow you to see on-bored camera's that pilots also can see, it's very difficult to speculate how those systems communicate with each other


Chris Smith

Share this post


Link to post

it seems so hard to believe there would be a possibility to do such a thing on a 737 which is "quite old" in terms of technology, I would find it more "believable" on very recent aircraft like the 737 with big "monitors".

 

But still even the premises on a cramped 737 going below a seat playing with a box and placing a cable while being totaly unoticed by the 5 other guys in the line and the flight attendant. Even that seems pretty fishy, I don't hink you can do that in just a few seconds.

 

Making the engine climb is not even understandable, he means going at an higher thrust ? to me CLB is a mode that change the limits for a phase of flight and nothing more. And even so the airplane would not really change course as autopilot would counteract this to keep on course I believe.

 

But seeing some of the documents where he read a maximum altitude of 47 000, I do not think any passenger aircraft can really go that high, and 737 is 41,000 at maximum operation I believe.

 

But most importantly even if true toying with aircraft systems while in flight, potentially endangering the lives of everyone abord, that is just pure insanity to just prove a point.


Aurelien Vandoorine

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  
×
×
  • Create New...