Scary - if true

[larshall 4]

From Wired:

 

"A SECURITY RESEARCHER kicked off a United Airlines flight last month after tweeting about security vulnerabilities in its system had previously taken control of an airplane and caused it to briefly fly sideways, according to an application for a search warrant filed by an FBI agent.

Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states."

http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane

Also discussed here:

https://www.petri.com/security-expert-claims-he-hacked-airplanes-while-in-flight

 

[michal 44]

I think the guy is phony and ego-maniac, suffers from 'small man syndrome' and desperately wants his 15 min of fame.

 

A more relevant discussion of his claim is on this pilot's forum:

 

http://www.pilotsofamerica.com/forum/showthread.php?t=82247

[tf51d 284]

I think the guy is phony and ego-maniac, suffers from 'small man syndrome' and desperately wants his 15 min of fame.

 

A more relevant discussion of his claim is on this pilot's forum:

 

http://www.pilotsofamerica.com/forum/showthread.php?t=82247

I agree, and of course the media is running wild with it. If though  he did do this, he should get 20 years for his trouble!!

[Flying Penguin 44]

I think the guy is phony and ego-maniac, suffers from 'small man syndrome' and desperately wants his 15 min of fame.

 

A more relevant discussion of his claim is on this pilot's forum:

 

http://www.pilotsofamerica.com/forum/showthread.php?t=82247

 

Very true, it's almost certainly BS, and if not, it should be fairly self evident from the records of the flight.  

 

Appreciate the FBI have to take it seriously until proven that it's BS, I do worry that we're going to end up with people thinking that any fool with a laptop can take over planes.  Whilst in general, if it's connected, it can be hacked, given time, money and skill, the most credible threat would be nation-state backed actor in the same vein as Stuxnet (which targeted specific Siemens kit used in nuclear power stations), probably targeting the communications systems and using that as a jumping off point to compromise the flight systems*, rather than a random angry nerd with a laptop munching on in-flight peanuts.

 

Besides, if you wanted to take control of an aircraft and don't have the resources of Mossad/the FSB behind you, it would be much easier to just rush the pilots as they go to the bathroom!

 

 

*I have no direct knowledge of the internal systems of airliners, and no-one that is able to do it is likely to go public on how, but it would be the be a logical route for a large scale attack as it would enable proper coordination, rather than just dropping individual planes out of the sky.

[n4gix 4,947]

Flying "sideways"???

 

That's as silly as the news anchors talking about the Amtrak engineer "steering" the train... :Rolling Eyes:

[~Craig~ 10]

........ he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer.

 

What a load of complete and utter TOSH ! 

 

Totally independent, non-networked systems / circuits.

 

The only 'interface' between the IFE and the flight computers, is that of electrical power.     And 'coding' is not possible over a raw electrical supply feed.

[Flying Penguin 44]

What a load of complete and utter TOSH ! 

 

Totally independent, non-networked systems / circuits.

 

The only 'interface' between the IFE and the flight computers, is that of electrical power.     And 'coding' is not possible over a raw electrical supply feed.

 

That's the big unknown (for me at least), are they actually fully independent (power aside)?  My assumption was that they might share sensors for the moving passenger map at least, but without ever having seen the schematics (and being unlikely ever to get to see them), it's not something I can say for certain.  

 

You would hope that they are air gapped from anything of consequence for flight safety, but given the shocking state most critical infrastructure has languished in for the last few decades, it wouldn't surprise me if they were just as "competently" secured....

 

Edit: This link suggests that the 787 is not fully air gapped, it's a little out of date but is a reproduction of an FAA document.  Lovely...

[tf51d 284]

 

 

Edit: This link suggests that the 787 is not fully air gapped, it's a little out of date but is a reproduction of an FAA document. Lovely...

 

This was one of the main reasons for the initial delay in the 787 program. The FAA ordered that the entertainment network totally be segregated from the aircraft flight systems. So unless Boeing didn't do the redesign properly to comply with the order, the 787 should not be susceptible to this issue. I will assume the same would apply to the new Airbus A350's and the upcoming 737 MAX and A3xxx NEO's. The only question is would earlier planes be  susceptible to this type of tampering, and if so, could it be done without the flight crew being aware of it from there display's and gauges. I think though an uncommanded engine manipulation would be noticed by the flight crew, especially one that made the plane fly sideways. So I highly doubt this particular incident.

[michal 44]

 

 

Whilst in general, if it's connected, it can be hacked

I take issue with this statement. I spent my whole life in network programming.

To be 'hacked' not only there must be a connection (wireless or otherwise) but there must also be a logical connection. 

Can somebody listening to a radio station hack it? No. There is a connection but hacking is impossible. Even if flight systems

send a networking broadcast type message (don't know if they do or don't) to the entertainment system (for example aircraft

current position) it's a one way message, hacking through such a connection is impossible. An entertainment system even

though 'connected' can't perform any write operation into the other side.

[Flying Penguin 44]

I take issue with this statement. I spent my whole life in network programming.

To be 'hacked' not only there must be a connection (wireless or otherwise) but there must also be a logical connection.

Can somebody listening to a radio station hack it? No. There is a connection but hacking is impossible. Even if flight systems

send a networking broadcast type message (don't know if they do or don't) to the entertainment system (for example aircraft

current position) it's a one way message, hacking through such a connection is impossible. An entertainment system even

though 'connected' can't perform any write operation into the other side.

Please forgive my imprecision. Think of it as a working assumption, the less funny cousin of 'nothing is foolproof to a sufficiently talented fool'.

 

You are correct that there are certain attributes that may make it impossible in certain cases, but the number of devices that truly act like radio stations at all points in time (and take no external input at all) is minimal compared to those which have some connectivity, even if it's simply a diagnostic port for an engineer to use. To take your example, you wouldn't attack a radio station using a car stereo, but you might target their employees with phishing mails looking for credentials(this happens to banks quite regularly), probe their network perimeter, attempt to get malware inside using a USB stick and an insider, or through any number of other means.

 

I work for an information/cyber security consultancy (albeit not as a pen tester) and whilst I have no special knowledge of airliner systems (it's not an industry we serve, hence I have no evidenced view on the practicality of the entertainment system as a jumping off point for an attack), we are seeing an increasing number of our larger clients investing heavily in protection within their perimeter (such as traffic flow analysis and rogue device detection), on the assumption that someone, somewhere can find a chink in their armour, rather than solely rely on hardening of the perimeter and systems. The reasons behind this are twofold, the more complex and more connected a system or business environment, the more difficult and expensive it is to harden, and (particularly when you talk about critical infrastructure) the sort of groups looking to carry this sort of attack out are well funded, highly skilled and willing to play the long game, particularly if you are talking about organised crime or nation states, and they are just as capable of finding fresh vulnerabilities as security researchers.

 

Which is a very long winded way of saying that if you are a sufficiently interesting target, someone is probably working out how to hack you, and if you think you have no vulnerabilities then you've probably just not found them all yet This will only get worse as airliners and the processes and technologies that support them become progressively more connected.

[n4gix 4,947]

I have more than enough trouble keeping devices that are supposed to be connected, connected... :Whistle:

[HiFlyer 9,333]

Well the reactions certainly do run the gamut.......

[OneWhoKnocks53 51]

I would stake my life on saying that this is complete crap.  No logical person or systems engineer would ever put an IFE system on the same "network" as a thrust management computer or FADEC.  As stated above, the only common wiring would be for electrical power.   He would have had to physically finf the data bus wire bundle somewhere in the miles of cables and wire in the tube of the plane and plug into it with the same proprietary software interface as whoever designs and maintains the system.  Not practical in the passenger cabin.   

[codechris 9]

I have to agree with Flying Penguin on this one, having built PCI-DSS networks and systems. Just because a device is broadcasting messages, i.e a moving map, does not mean it cannot be hacked. If a device is sending messages, it could be broken and messages to get through. It all depends on the code and how it's networked. If an application is blasting messages, it's not impossible to break that in theory.

 

What we are also forgetting is plane, and their systems, are made by humans. Humans make mistake. They may test something to the nth degree, but may miss one thing or another. Also possible that a new exploit is found that was unknown before. Since we don't know exactly how the moving map works, and also a lot of planes allow you to see on-bored camera's that pilots also can see, it's very difficult to speculate how those systems communicate with each other

[wedgantilles 76]

it seems so hard to believe there would be a possibility to do such a thing on a 737 which is "quite old" in terms of technology, I would find it more "believable" on very recent aircraft like the 737 with big "monitors".

 

But still even the premises on a cramped 737 going below a seat playing with a box and placing a cable while being totaly unoticed by the 5 other guys in the line and the flight attendant. Even that seems pretty fishy, I don't hink you can do that in just a few seconds.

 

Making the engine climb is not even understandable, he means going at an higher thrust ? to me CLB is a mode that change the limits for a phase of flight and nothing more. And even so the airplane would not really change course as autopilot would counteract this to keep on course I believe.

 

But seeing some of the documents where he read a maximum altitude of 47 000, I do not think any passenger aircraft can really go that high, and 737 is 41,000 at maximum operation I believe.

 

But most importantly even if true toying with aircraft systems while in flight, potentially endangering the lives of everyone abord, that is just pure insanity to just prove a point.