Sign in to follow this  
Artur Munteanu

Safety Aviation Goodbay (again)...

Recommended Posts

Help AVSIM continue to serve you!
Please donate today!

I don't believe it is true as reported. Most airliners don't have data networks you could hack into, especially not from the IFE. The types he refers to all use ARINC 429 busses for the avionics and you'd need to physically access those busses to hack into them. He may have seen data packets he thought were A/T commands but that doesn't mean they actually were. As for actually changing thrust, I think the flight crew might have noticed that.

 

There is a data security issue on airliners like the 787, which use Ethernet networks and could potentially be hacked remotely. One hopes flight critical data is isolated and protected by design.

Share this post


Link to post

As someone who's spent a number of years in network security, and as someone who works in the levels of aviation where I'd see something come across the wires about this, I'm not fully convinced. I don't doubt he has the capability to hack around and do damage if he were to try hard enough, or have the right access, but I highly doubt his claims about the engine control. An "anomaly" of one engine doing something odd probably wouldn't go unreported - even more so if the crew had gotten word of this story. The guy wouldn't even provide a flight number so that it could be corroborated.

 

Think about it:

Go into a coffee shop with a Win machine, open Windows Explorer, and then click on Network. You might see a bunch of computers listed on the network, but you're likely not able to access them. Depending on the plane, a similar circumstance may have been possible in this guy's case, too. Again, the visibility of those devices doesn't mean accessibility.

 

Moreover, sending an EICAS alert doesn't mean it's going to cause the change (referring to his passenger oxygen joke). It would display the error. You'd have to trigger the passenger oxygen release to get it to actually drop them, and that's not done through EICAS messaging.

Share this post


Link to post

I've been out of the field for awhile, but as a communications engineer I immediately dismissed the news as a publicity prank. The guy is selling something, right?  I professionally grew up around segregated systems in the military where secure systems are protected by philosophies much more robust than electronic firewalls (using Kyle's example, you never even see the system), then a second career in industrial refineries and chemical plants where the control systems for process units are segregated from administrative systems.  It may be possible to read a piece of information from the process such as a process variable, but it is not possible to do a write.  My point is that system segregation, isolation and protection are not new ideas, been around since vacuum tubes.

Share this post


Link to post

 

 


Go into a coffee shop with a Win machine, open Windows Explorer, and then click on Network. You might see a bunch of computers listed on the network, but you're likely not able to access them. Depending on the plane, a similar circumstance may have been possible in this guy's case, too. Again, the visibility of those devices doesn't mean accessibility.

By their very nature hackers won't take such inaccessibility lying down. However it's highly unlikely his IFE network hacks gave him visibility of avionics boxes or their data busses. Certainly not on the aircraft types he mentioned. They simply aren't connected to the IFE. No connection no hack.

Share this post


Link to post

 

 


By their very nature hackers won't take such inaccessibility lying down.

 

Agreed. Thus the earlier mention of "I don't doubt he has the capability to hack around and do damage if he were to try hard enough [...]."

 

 

 


However it's highly unlikely his IFE network hacks gave him visibility of avionics boxes or their data busses. Certainly not on the aircraft types he mentioned. They simply aren't connected to the IFE. No connection no hack.

 

Depending on the plane, there may or may not be an air gap, so, if you went far enough through the rabbit hole, you'd eventually come across something, though it may or may not be accessible or useful. The 787, as an example, doesn't have a fully air gapped network structure. Then again, some of the world's most secure organizations have networks that aren't air gapped, either. It's all about good netsec there.

Share this post


Link to post

ahah I've read and right from the start found so many weird points I thought it was fake. Well I'm no expert on aviation system even after reading the 737 FCOM or 777 FCOM from PMDG ;) (or more acurately buying the pysicals one).

 

And even when it starts with the Electronic Seat Box, I try to imagine someone going below his or her seat on a 737 to access a box and put a cable. Which I guess is inside some screwed compartment, and place his own cable. Without being noticed or reported by any of the probable 5 others person in his row and/or flight attendants.

 

And then I don't know all the details, but somehow to me 737 and 757 have very little computer systems, and then to give command to an engine, seems so weird. Also the fact that he make the engine climb which does not make sense to me. I mean there are thrust mode which are TO/GA, CLB, CRZ, MCT, but to my knowledge those are more on the maximum thrust limits for a specific phase of flight, and that in this case climbing would mean making the engine at an higher thrust power.

 

But then again, I don't think it would be unnoticed by the crew if he had really changed the aircraft direction, and as much as an engine having an higher thrust than the other would tend to turn the aircraft toward the opposite side, the autopilot would compensate for that meaning the aircraft would not actually change course.

 

And finally even if it was true that guy is nuts, I mean just to prove his point he would do something as reckless as to put lives of passengers in danger just for the sake of proving a theory... That would be insane.

Share this post


Link to post

So it's all fake and only publicity? FBI investigation is true or not?

 Where is a lock allways is also a key to open it, and software computers can be bypass or hack, because we must remember that this system are made by humans and computers fail, are logical but not inteligent so if this guy with the wifi network for passengers from the plane really did this, in particular "He stated that he successfully commanded the system he had accessed to issue the "CLB" or climb command", I think that company like Airbus or Boeing should put him on they're pay list to check those system for the future. Company like Microsoft or Apple already did this with some hackers.

Share this post


Link to post

So it's all fake and only publicity? FBI investigation is true or not?

 Where is a lock allways is also a key to open it, and software computers can be bypass or hack, because we must remember that this system are made by humans and computers fail, are logical but not inteligent so if this guy with the wifi network for passengers from the plane really did this, in particular "He stated that he successfully commanded the system he had accessed to issue the "CLB" or climb command", I think that company like Airbus or Boeing should put him on they're pay list to check those system for the future. Company like Microsoft or Apple already did this with some hackers.

And that is one of the reasons that he is making these claims, in the 'hope' that someone will pay him big bucks to test it.

Share this post


Link to post

Also the fact that he make the engine climb which does not make sense to me. I mean there are thrust mode which are TO/GA, CLB, CRZ, MCT, but to my knowledge those are more on the maximum thrust limits for a specific phase of flight, and that in this case climbing would mean making the engine at an higher thrust power.

 

Bingo. CLB would only change the limiter, and if he sent a climb-based MCP command, both engines would've responded.

 

 

 

But then again, I don't think it would be unnoticed by the crew if he had really changed the aircraft direction, and as much as an engine having an higher thrust than the other would tend to turn the aircraft toward the opposite side, the autopilot would compensate for that meaning the aircraft would not actually change course.

 

This is the point that, for me, proves that nothing happened. If something weird happened, the crew might not report it, but if I hadn't reported an anomaly and then heard this story, I'd definitely speak up about it happening. Since that hasn't happened, then my bet is that this is just a veiled "threat."

 

 

 

So it's all fake and only publicity?

 

That's what I would assume. He's been critical of the aviation industry for quite some time, so I'm sure the message was meant to generate a lot of clamor to get attention brought to the issue. Despite having a big name in the industry, I'm not entirely sure he's truly familiar with how the networks are laid out and operate (though that's not to say that he hasn't been figuring it out by hacking around during the long boring hours of cruise). He also works for (owns?) a firm that does security assessments, so boosting publicity about a possible vulnerability could scare firms into contracting (paying) him to check for vulnerabilities.

 

Heck, it could've been a giant ruse by him to drum up a bunch of aviation experts to begin talking about the network layout, security settings, and so on so that he could attack later. This is called social engineering, and is one of many ways to get information valuable in hacking. Another vector - as he mentions in one of his talks - is simply researching information that is already out there in the public, and putting it all together. Interestingly enough, though, in the same talk he mentions a supposed attack on a Boeing 787, he shows screen captures (supposedly from the attack) which refer to a N415RC.

 

...which is registered to a Cessna 182S since 2000. Well before the 787 even took to the skies.

 

 

 

Now, the thing that the industry should be looking into, beyond the validity of the claims, is the validity of the attack vector. It's well known that the more modern aircraft are more connected, network-wise, than the older aircraft. The question, now, is whether that increases vulnerability. As the even more well-known security expert, Bruce Schneier, says, "[...] while remotely hacking the 787 Dreamliner's avionics might be well beyond the capabilities of anyone except Boeing engineers today, that's not going to be true forever."

 

That's what people need to be seeing here. The incident may or may not have happened, but the real issue is that the industry needs to look inward to have a look at potential vulnerabilities. Not air gapping the networks may cut costs, and some redundancy, but it also compromises security. The question is how much does it compromise security, and how likely is it that the compromise will be exploited. Sometimes, the risk is necessary. In my opinion, I don't see it as necessary risk, but I don't know the network topology of the 787 and the reasoning behind the shared network components.

Share this post


Link to post

A larger risk is EMP exposure.... this threat is only going to increase.

Share this post


Link to post

this threat is only going to increase

Because of more non-hardened electronics or more counties possess nuclear warheads with delivery systems in the future?

Share this post


Link to post

A larger risk is EMP exposure.... this threat is only going to increase.

 

I think that would likely be more catastrophic, but I wouldn't consider it as likely. Remember, as well, that the plane itself is somewhat of a low-level Gaussian cage in how it can handle lightning strikes (which are essentially odd blasts of EMP). It's not a perfect one, and some are more hardened (like the E-4B), but it would help some. I get a kick out of people watching those prepper shows, and the lengths to which people will go to shield themselves against the incredibly unlikely. And shows like that only encourage the behavior.

 

Hacking, on the other hand is a potential risk on any flight with IFE/Internet, depending on the network and its associated security posture.

Share this post


Link to post

 

 


Hacking, on the other hand is a potential risk on any flight with IFE/Internet, depending on the network and its associated security posture.

 

Hopefully the systems are at least as robust as Boeing's bank account.  EMP, on the other hand, is very likely.. something that I was involved in at Hq SAC in the 1980's and yes, the E-4B is a good example.  I got to climb all over her one day in the hanger and was impressed.  Comparing EMP to lightening is very wrong.

Share this post


Link to post

 

 


Hopefully the systems are at least as robust as Boeing's bank account.  EMP, on the other hand, is very likely.. something that I was involved in at Hq SAC in the 1980's and yes, the E-4B is a good example.  I got to climb all over her one day in the hanger and was impressed.

 

Last EMP strike on...anyone? Incidentally in 1945. Otherwise? I can't recall one.

 

Last hacking attack on major corporations alone? Daily to weekly.

 

Risk = Vulnerability * Threat. One event in 70 years makes for a pretty low threat metric.

 

 

 


Comparing EMP to lightening is very wrong.

 

Lightning is by its very definition a form of EMP (Lightning EMP, or LEMP, is actually a thing). An aircraft (any commercial, barrel fuselage type made of metal anyway) is by its very form, a simple version of a Faraday cage.

 

Lightening is what happens when you throw passengers off of an airplane, so yes, comparing that to EMP would be very wrong.

Share this post


Link to post

 

 


Risk = Vulnerability * Threat. One event in 70 years makes for a pretty low threat metric.

 

We are in agreement that hacking is more likely than EMP (true, the last event was self-inflicted) and we are parsing words now... but risk assessment includes the cost of an outcome such that a very unlikely event that is catastrophic in terms of property and life is assigned a high need for mitigation.  Not to be confused with the concept of expected value that you implied.  

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this