FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems 190
Salo2112 writes with a followup to a story from April in which a security researcher was pulled off a plane by FBI agents seemingly over a tweet referencing a security weakness in one of the plane's systems. At the time, the FBI insisted he had actually tampered with core systems on an earlier flight, and now we have details. The FBI's search warrant application (PDF) alleges that the researcher, Chris Roberts, not only hacked the in-flight entertainment system, but also accessed the Thrust Management Computer and issued a climb command. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system." Roberts says the FBI has presented his statements out of their proper context.
call me skeptical (Score:5, Insightful)
More likely the government is trying to save face right now. and since the TSA cant seem to catch any real terrorists, might as well make an example out of someone instead.
Re:call me skeptical (Score:5, Informative)
Re:call me skeptical (Score:5, Insightful)
Surely if he ACTUALLY did any such thing the FAA would have issued a notice requiring aircraft WiFi (at least in that model plane)to be disabled. It seems like we have an id10t at the FBI who wants to notch his belt and hasn't considered the wider implications of his allegations.
Consider if the FBI should prevail in court. Suddenly the FAA comes under fire and has to publicly denounce the verdict and the FBI to save itself. The flip side is that the FAA gets proactive and testifies that it can't happen and the FBI gets to sit in the hot seat.
Re:call me skeptical (Score:5, Insightful)
You obviously didn't read the search warrant.
First, it states that in previous interviews (in Feb, and I'll bet the FBI has audio records to support that), he had described connecting to the network using Ethernet connected to a "Seat Electronic Box" ("SEB") which is mounted under the seats. So, WiFi has nothing to do with it. In the same interview, he said he understood the legal ramifications and would not access airplane networks.
The warrant goes on to state that the FBI inspected the SEBs around the seat he occupied on his 4/15 Denver to Chicago leg, and found signs of damage and tampering.
That, along with his history and the tweet regarding being on the flight and suggesting he could tamper with the flight systems seems to me to be reasonable grounds for a warrant.
And, I hope he's prosecuted. Also in the Feb. interview, he admitted actually tampering with flight control systems. It's one thing to find a vulnerability and try to get it addressed. It's quite another to actually make use of that vulnerability during a flight, placing the public at risk.
Re:call me skeptical (Score:4, Interesting)
s/WiFi/SEB/g and it's the same issue. Surely you could have managed to work that out.
How many of the OTHER SEBs showed the same signs, I wonder?
Re:call me skeptical (Score:5, Interesting)
The network that he gained access to was the In Flight Entertainment System via default userids and passwords
The primary order should have been for the airlines to set up routines to cycle the passwords
We do not know if they did that because the only access that they claim he got at this point is to the box under his seat
I think that more definitive proof would be that he managed to log into the system because there could be claims that the box under the seat was being moved around by luggage feet of passengers behind him
None of this addresses how he managed to hop from the entertainment system network to the flight system network, which many people have claimed are air gapped from each other
Re:call me skeptical (Score:5, Insightful)
Well, either he did manage to access the flight controls from the entertainment system, or he didn't.
If he didn't, I don't think the FBI has much of a case.
If he did, then the FAA should certainly be issuing an airworthiness directive banning any inflight entertainment system with a connection to the flight control systems. I don't think it is likely that they'd be satisfied with passwords. As far as the FAA is concerned video games on planes are optional, safe flight is not.
The fact that the FAA hasn't gotten involved makes me skeptical of the FBI's claims. I have a lot of issues with how the FAA does things, but they usually take any kind of potential aircraft defect seriously.
Re:call me skeptical (Score:5, Insightful)
Well, either he did manage to access the flight controls from the entertainment system, or he didn't.
If he didn't, I don't think the FBI has much of a case.
I don't think that this has anything to do with whether or not the FBI actually has a case. I suspect that this is the federal government sending a message to security researchers that airplanes are off-limits. It's the same reason for the TSA's billions of dollars of security theater - it's not about safety, it's about making people feel like they are safe. If average citizens do not feel safe flying, they won't fly and we won't have an airline industry. This would have a tremendous effect on our economy. If average citizens believe that flight control systems can be hacked by a geek in his/her seat with a laptop, they will not feel safe, and may not fly.
I'm not much of a conspiracy theorist, and I'm not about to start now. However, given the fact that it seems other-worldly outlandish that a security researcher can gain control of any flight controls via the wi-fi entertainment system, I strongly suspect that this is the purpose of the FBI's heavy-handed tactics.
Re:call me skeptical (Score:4, Informative)
...it's not about safety, it's about making people feel like they are safe.
I'd feel safer if security professionals vetted the system, and verified that it was safe from hacking. Precisely what the FBI is actively working to prevent.
I do like the phrase "other-worldly outlandish" to describe the situation. It beats "hogwash", which was my first reaction. This is just a search warrant application, though, and I wonder what the FBI agent's culpability is for making, let's say, "less than truthful" statements in order to obtain a search warrant.
Re: (Score:2)
Alleging that someone actually did hack the flight system is not going to promote safety. No one is going to fail safer because they caught the guy. They're going to worry about who is on their flight that won't get caught because he's going to fly the plane into a building first.
Re: (Score:2)
There is almost no outrage anymore to the rape-a-scanners. There are studies showing people who have high levels of CAT scans have an increase risk of cancer above baseline. There has never been an independent (non-TSA) study on the body scanners or milimeter-wave machines.
Fifteen years from now, are we going to see a significant increase of certain cancers for all frequent fliers?
Re: (Score:2)
Re: (Score:2)
it's not about safety, it's about making people feel like they are safe. If average citizens do not feel safe flying, they won't fly and we won't have an airline industry. This would have a tremendous effect on our economy
What, we might to back to rail, like we should have done decades ago? Bring on the security researchers!
Re: (Score:2)
I think you're giving the average citizen far too much credit. They see entire corporate IT systems taken over with dozen keystrokes on TV a dozen times a month, if you asked you might be surprised to find that an awful lot of people would immediately believe that an airplane could be taken over in flight the same way. The reason they don't worry about it is because they don't think about it, it never occurs to them. They never worried about box cutters being a hazard to everyone on a plane until after
Re: (Score:2)
Re:call me skeptical (Score:4, Funny)
For once, not xkcd.
https://www.flickr.com/photos/... [flickr.com]
Re:call me skeptical (Score:4, Interesting)
That's more or less my point. Apparently the many who say it can't happen includes the FAA (otherwise, why no advisory). The FBI alleges that he actually did just that during the flight (even if not impossible, their story is a bit thin).
More strangely, he as a future defendant is one of the few experts who believes it is even possible, but they can't exactly use him as an expert witness for the prosecution.
Re:call me skeptical (Score:5, Informative)
Not quite air-gapped, bridged one way. Otherwise how do you think the flight page on the entertainment system gets its data form?
The aircraft has two networks. The inflight system is Ethernet based, traditional IP and everything. Inflight WiFi is usually a separate network from this, maybe, which leads to its own satellite transponder and antenna array on the aircraft.
The other network is the one all the avionics talk via. On modern aircraft, it's Ethernet-like. It's not quite ethernet, more slotted and with QoS guarantees and priorities. Basically it has real-time extensions added to it. They are not compatible with each other. It is NOT IP based at all, relying on proprietary protocols and addressing. There is a bridge device that allows data from the avionics network to be passed to the inflight network, but not the other way around. The bridge does not allow communications the other way because it lacks the ability to transmit on that network.
On older planes, the network isn't Ethernet based at all, it's a completely proprietary protocol, and again, the bridge is one-way because they lack the ability to transmit.
The easiest way for a passenger to take over the plane electronically is to get through the floor. The cabling for both networks usually runs close to each other.
Re: (Score:2)
Nitpick: it's not proprietary, it's just not used outside of aerospace environments.
Otherwise, you're exactly right.
FBI is lying (Score:4, Interesting)
He said if he was an attacker he could "access the control computer, ... issue a climb command..." etc.. FBI has just taken those quotes out of context to justify its warrant.
In this case he was dumb and was reporting what he thought was a vulnerability to the FBI, and explaining the possible attack scenarios, and the FBI have thought "great! finally we can justify our terrorism budget!" and arrested him.
As to whether there is a cat5e ethernet port that connects to the flight computer under a passenger seat. Why would there be such a thing? The only network there is the inflight entertainment system and those systems have no physical route to the flight controls.
Re: (Score:2)
FBI policy is to *not* to record interrogations and instead rely on the written notes and memories of the agents. If the agent misremember or wrote down the wrong thing, then it sucks to be you.
Re: (Score:3)
Re: (Score:3)
That is a recent change and the DOJ says lots of things. I am sure the FBI has a way to weasel out of it.
Re: (Score:2)
The warrant goes on to state that the FBI inspected the SEBs around the seat he occupied on his 4/15 Denver to Chicago leg, and found signs of damage and tampering.
Whats more they found his pubic hair on the SEB pcb, DNA matches.
Re: (Score:2)
The warrant goes on to state that the FBI inspected the SEBs around the seat he occupied on his 4/15 Denver to Chicago leg, and found signs of damage and tampering.
So... during a 2 hour flight (30 minutes of which is spent climbing and descending) there wasn't one person or flight attendant who noticed the guy pushing the person next to him out of their seat to squeeze down in the pitiful space between coach seats to fiddle with the SEB? I'm sorry, I don't buy it. Doesn't matter how familiar you are with the hardware... in order to tamper with it to the extent that you can then plug your laptop into it you can't do that by touch, or quickly. Given all the paranoia abo
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
http://en.wikipedia.org/wiki/U... [wikipedia.org]
Re: (Score:3)
P roblem
E xists
B etween
K eyboard
A nd
C hair
Re:call me skeptical (Score:5, Informative)
We called it failure at OSI level 8.
And in radio/communications, (Score:2)
we always referred to it as a "short circuit between the headphones".
Re: (Score:2)
AKA "there's a nut loose behind the keyboard."
Re:call me skeptical (Score:4, Informative)
he didn't do it (on a real plane).
The "not on a real plane" bit comes from this paragraph of the article:
Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight.
That was then. This is now.
The FBI says he admitted to - briefly - taking control of a plane .He's saying they've got that "out of context". The only context I can think of that makes it okay is if it was with the full knowledge and backing of the airline.
Re: (Score:3)
My money is on the FBI flat-out lying. It's what cops do. But of course I'm speculating and haven't seen the evidence. If it gets to court, a jury will make the call, and if they find the FBI's actual evidence convincing, that's what matters. OTOH if the FBI drops the case then we'll know this was all BS.
Re: (Score:3)
My money is on the FBI flat-out lying. It's what cops do. But of course I'm speculating and haven't seen the evidence. If it gets to court, a jury will make the call, and if they find the FBI's actual evidence convincing, that's what matters. OTOH if the FBI drops the case then we'll know this was all BS.
Indeed, lying is the main method that cops use to secure a confession. Especially in the context of an interrogation never believe anything that a cop or fed says, assume its a lie trying to trick you into revealing something.
Re: (Score:2)
My money is on the FBI flat-out lying.
not this time, they even have hair evidence to prove it!
Re: (Score:3)
Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight.
That was then. This is now.
The FBI says he admitted to - briefly - taking control of a plane .He's saying they've got that "out of context". The only context I can think of that makes it okay is if it was with the full knowledge and backing of the airline.
Your quoted text says he took control of a virtual plane. That is not the same as taking control of a plane. Did you quote the wrong text, or does the quoted text contain your answer, making it spectacularly puzzling as to why you would ask the already-answered question?
Re: (Score:2)
What I'm pointing out is that him previously stating that he took control of a virtual plane does not rule out him subsequently taking control of a real plane, though it's not clear from the article just what period "previously" covers, and now I think about it it's vague enough to make little sense whichever way you take it.
Still, his previous denial that he took control of an actual plane does seem to clash a little with his new stance of apparently quite carefully not denying that he took control of an a
Re: (Score:2)
He's the one that made the claims. He said he did it, and then went to the FBI to explain how he did it. Other than finding the tampered box lid, all the "evidence" is in his claims.
I could knock a panel loose and then claim I hacked the in-flight entertainment system and made an airplane into a sperm whale and then a potted plant. That doesn't make it real, even if I showed them a box containing an infinite improbability drive. Funny thing about that, when most people see it, they see an empty box.
Re:call me skeptical (Score:5, Informative)
Re:call me skeptical (Score:5, Insightful)
The FBI is notorious for taking statements out of context and using them against you, including charging you with lying when your out of context statement isn't correct. You should NEVER talk to the FBI without a lawyer and without a recording device running that records the entire conversation. The ironic thing is the FBI will actually refuse to interview you with a recording device running because they then can't use out of context statements against you.
Never ever talk to the FBI unless it's in YOUR lawyers office with a recording device running. There are plenty of videos on youtube that explain how the FBI uses these conversations against people and why you should never talk to them.
Re:call me skeptical (Score:4, Informative)
The police CAN and WILL use anything you say against you, NEVER EVER EVER for your benefit or for you. People do not realize that. They are trained to use various tactics to extract information out of you, The rooms are uncomfortable, they are small, they leave you alone for long periods of time, they make promises that you can leave soon if... etc.. Please people, never talk to police, you get ZERO benefit from it. Really, ZERO. If you said he hit me 20 times and I hit him back, They will only use the part where you said you hit the person, it might not ever be on an official record anywhere either. They very selectively cherry pick small bits and pieces from your sessions. There is no context at all. They are not interested in finding the actual person who committed a specific crime, they are interested in find a person.
Re: (Score:3)
Think what you will, but wasn't there physical evidence that the boxes in question had been tampered with?
Yeah, because something stuck under the tiny no-legroom airline seats can realistically be "tampered with" during a flight without anyone noticing. That's much more likely than several years' of feet and bags bumping into and damaging it. I'm also sure they gave comparison photos of the "tampering damage" with other jacks on the same airplane, and didn't compare them to photos of a brand new jack.
Re: (Score:3)
Think what you will, but wasn't there physical evidence that the boxes in question had been tampered with? It's difficult to play the innocent victim of a grand conspiracy after 1) you describe to the authorities how to compromise a system
This guys raison detre is spreading the word about how these systems can be compromised. The question is whether he actually did it for realz.
and 2) said system has been tampered with exactly the way you described, by someone sharing your physical space at the time.
People are adept at finding evidence supporting their presuppositions. A disease whose only cure is actively searching for evidence contradicting your assumptions.
He supposedly was in seat 2A... from search warrant:
"He said he was able to remove the cover for the SEB under the seat in front of him by wiggling and squeezing the box".
"After removing the cover to the S
Re: (Score:3)
Roberts had been sitting in seat 3A and the SEB under 2A, the seat in front of him, “was damaged.”
So he tried to get at the one under his seat (which was "tampered with"), but since he couldn't get it opened, he tried the seat in front of him (which was "damaged"), and he succeeded.
Re: (Score:2, Insightful)
>Is there any benefit to talking to the FBI under these conditions, as opposed to not talking at all?
No, there is no benefit to you. Your words can only be used against you in a court, not for you. Innocent or guilty, always get a lawyer first and consult on everything before talking.
>If you tell them "I don't feel like talking to you, see you in court", can they charge you with something? Can it reflect badly on you?
Nope! We have this thing called the fifth amendment. It's pretty neat. Just say that
Re: (Score:2)
Re:call me skeptical (Score:4, Funny)
It turns out the plane did in fact climb, for 20-30 minutes, at the start of the flight.
Re: (Score:2)
Wouldn't it be a simple matter to check the flight data recorder to see if the engine in question actually did what the FIB (intentionally written that way) said it did?
You might miss out on the opportunity to plead guilty to a crime you didn't commit in order to take a short cut through an otherwise long and expensive legal process. I believe this is called a 'plea bargain' where the US legal system accepts your blatant lie in exchange for improving their case closed statistics. Ie a corrupt practice.
Re: (Score:2)
Re: (Score:2)
I believe the data recorders are overwritten every flight. So unless they grabbed the black box at the time, too late.
Re: (Score:3)
"Somehow I doubt this actually happened. While I can believe that in theory it might be possible."
Note this is not an indictment, it is a search warrant application.
The FBI alleges that Chris Roberts claims to have committed a crime. That would be the probable cause for a search warrant for the investigation into whether he did in fact commit the crime that he claims. An alternative explanation for Roberts's claim is that he was just bullshiting the proles.
Those crying that the lack of action thus far on th
It's bullshit (Score:3)
It's not even possible in theory. There are several reasons for that.
1. The routing of data is hardcoded into the switches and cannot be changed without physically accessing the switch. The routing table not only determines which devices may talk to which devices, but also the direction of the data flow. This means that a monitor device cannot talk to an engine because the monitor is configured only to receive data.
2. But even if they managed to get the monitor device to send data, the switch would recogniz
Re: (Score:2)
3. There are actually two networks, sending identical data for redundancy. Now guess what happens if one of the networks sends different data than the other? Right: The offending port / device gets shut down.
If there are only two networks, how do you know which one is sending the wrong data?
Re: (Score:2)
Well, it's the one which passes all the checksums and error corrections. Plus, in case it's ambiguous, you can always shut down both ports in both networks.
Re: (Score:2)
The fucking "summary" is wrong.
If you read the warrant application, the feds state the following:
- He did try to access the IFE box, as evidenced by physical damage.
- It is possible that he interfaced with the IFE systems and *possibly* other aircraft systems
Nowhere did they say: "This guy accessed flight control systems."
Re: (Score:2)
It's a PR campaign (Score:5, Insightful)
Re: (Score:2)
Re:It's a PR campaign (Score:5, Insightful)
while i agree with you that this story sounds like bs, i despise this "always dealing with rational actors" argument
people do insane things. all the time. if your argument depends upon how someone you don't know is perfectly sane and rational, your argument sucks
Re: (Score:2)
people do insane things. all the time. if your argument depends upon how someone you don't know is perfectly sane and rational, your argument sucks
I don't know. What Roberts did sounds pretty reasonable to me.
Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight.
If you ask me, it's the FBI that sounds completely insane.
And if your argument is that the FBI is perfectly sane and rational, your argument sucks.
Re: (Score:2)
people do insane things. all the time. if your argument depends upon how someone you don't know is perfectly sane and rational, your argument sucks
Ah-hah, that means the FBI must admit he has a perfect defense. If he did it, he was insane at the time.
The glove doesn't fit. You must acquit. Why would Chewbacca live on Endor?
Chewbacca lives on Endor because he is a closet paedophile; Ewoks can pass as prepubescent Wookies!
Re: (Score:2)
A legal insanity defense means that he was so out of touch with reality that he didn't know that what he was doing was wrong.
It does not actually have any relation to whether he was behaving in a reasonable manner.
Re:It's a PR campaign (Score:4, Insightful)
"No pilot would be so reckless as to crash a jumbo jet into a mountain." "No doctor would be so reckless as to implant an unpreserved long-dead black market donor organ into a patient"
You are silly
Re:It's a PR campaign (Score:4, Interesting)
Somewhere out there a true Scotsman is rolling over in his grave like a turbine.
and with the manual transmission of a pickup truck, some u-joints and a drive shaft we can couple him to a generator!
The fact that we will be making money off him at little cost to us and zero compensation to him should start 8 of the nearest (buried) true Scotsmen also spinning. At that point we hook them all up and via RPM modulation we can play "When Irish Eyes are Smiling"! This will cause all the remaining true Scotsman (dead and possibly living) to also spin like turbines and energy will flow from Great Britain like water. I have to go write some IPO stuff and maybe make a kickstarter page for start up capital...
Thanks!
/jk (cause there's always someone wanting to be offended in some way... no matter how utterly ridiculous a statement is, a literalist is waiting to pounce)
Re: (Score:2)
This is a magnificent idea.
The real problem is bad design (Score:2, Insightful)
This guy might be a giant dick who tried to crash a plane, and if that's the case we should hold him accountable like any other person who endangers others.
But isn't the real problem here that, if what the FBI describes is true (which I doubt), the FAA allowed -- and is still, today, allowing -- a plane to fly with a passenger entrainment system that can access flight controls? The power train CAN bus in my car has better isolation and security than that.
Can't be too safe (Score:5, Insightful)
Of course, if it were possible to take control of a plane like this, the government would immediately ground all those planes until the security flaw could be fixed, right? Funny, haven't heard that they've done that.
FBI probably left out the virtual simulation part (Score:5, Insightful)
Do not under any circumstance EVER talk to law enforcement. It's that simple stupid. I don't care if the cop threatens to tow your car and take your children. STFU. If they have something on you they will do it anyway and if they don't then they're trying to get you to say something for which they can arrest you. Nothing you say will ever help you in a court of law. Law enforcement are TRAINED TO LIE in order to get the responses they're after. "Sir- I'll need to ask you to step out of your car so I can search it". He's not ordering you to step out of your car. He's asking permission to search your car. If you comply he'll testify in court you gave permission for them to search your car. The exact phrasing will never be heard in court as the cop will just summarize it as "I asked for permission to search he responded yes". Had you STFU and only surrendered your name and address and if driving your ID, insurance, and registration you would never have ended up arrested. Yes- cops will "get angry" if you don't "cooperate". They will threaten to arrest you. However these are generally lies to get you to do what they want (allow a search, etc). If you don't "cooperate" they won't actually arrest you 99% of the time because they haven't got anything on you.
Re: (Score:2)
Yup, shut up. Nothing good can come from talking. I'm amazed to see how many prosecutions happen where if the person had just shut up they would have had no evidence.
rubbish (Score:4, Insightful)
As I professional pilot can I say that while I have no insight into what may or may not actually have happened on this flight, the write-up in the article is utter bollocks from a flight dynamics perspective. If the case really rests on such a flimsy explanation of what happened than the FBI need some above from somebody who knows anything whatsoever about aircraft and flight dynamics.
Re: (Score:3)
Re: (Score:2)
No, according to the article he had previously said he did it in a simulated environment. But now the FBI is claiming he's admitted to doing it on an actual plane.
And his most recent stance seems to be that: "he wouldn’t respond directly to questions about whether he had hacked that previous flight mentioned in the affidavit."
If he (still) didn't do it, he could just say he (still) didn't do it. "Out of context" sounds suspiciously like "yes I did, but..."
Re: (Score:2)
If he did the work on a "simulated system," he'd be able to describe it fully - where is this full In Flight Entertainment / Flight Control system, who has it, and where/how did he access it? My thought is only an aircraft manufacturer or perhaps an airline would have such, and it's pretty clear he doesn't have that kind of relationship with either.
How can this be? (Score:2)
Re: (Score:2, Interesting)
i would not put it past any bean counter for cost cutting
the entertainment and flight systems both use similar hardware
and entertainment system built 5 to 10 years ago for the usage bandwidth of FIVE to TEN YEARS ago will fail left and right with today's demand
so the entertainment system is a VERY soft target
once in ????????
Wasn't via WiFi; it might make historical sense (Score:2)
According to TFA, he didn't accomplish the hack via WiFi. The inflight entertainment screens have a wired connection, and he connected to them by plugging an ethernet cable into that system (supposedly accessible if you take the right cover off the right box under the seat).
I wouldn't have thought that this system is connected to vital systems, but TFA notes that the seat-back satellite phones are connected to this same system, which seems reasonable.
So, maybe it makes sense that everything is connected for
Re: (Score:2)
There's no way that entertainment/wifi/anything-accessible-to-a-passenger could in anyway be connected to those critical systems...is there?
There should be no tie between the control and entertainment networks. I would be surprised if there aren't regulations that forbid it. My guess is this simulated system was not like the real ones. It certainly isn't clear what really was done.
Re: (Score:3)
There's no way that entertainment/wifi/anything-accessible-to-a-passenger could in anyway be connected to those critical systems...is there?
There should be no tie between the control and entertainment networks. I would be surprised if there aren't regulations that forbid it. My guess is this simulated system was not like the real ones. It certainly isn't clear what really was done.
If there is no tie between the entertainment and nav systems, then it becomes difficult to explain the seatback display of the current flight information. At some point the data has to move from one system to the other. That takes a lot more than "no tie".
Re: (Score:2)
Re: (Score:2)
Good point. I would not assume that flight information is from the nav and control systems. But it could be, in which case they could use one-way data isolation devices to eliminate the possibility of anything on the entertainment system negatively impacting navigation controls. That would technically be a "tie", but not one that could be exploited.
Yes, they *could* have used some kind of special 'data diode' isolation device, but then the researcher probably wouldn't have been able to jump networks in the lab, or, as stated in TFA, "He told WIRED that he did access in-flight networks about 15 times during various flights but had not done anything beyond explore the networks and observe data traffic crossing them".
Car networks (CAN bus) have a similar weakness in that the infotainment systems have previously been breached, allowing attackers access to
Re: (Score:2)
Wasn't via WiFi; might make historical sense (Score:2)
(Replied to wrong comment above; reposting here.)
According to TFA, he didn't accomplish the hack via WiFi. The inflight entertainment screens have a wired connection, and he connected to them by plugging an ethernet cable into that system (supposedly accessible if you take the right cover off the right box under the seat).
I wouldn't have thought that this system is connected to vital systems, but TFA notes that the seat-back satellite phones are connected to this same system, which seems reasonable.
So, mayb
Re: (Score:3, Informative)
I work in the industry and have a decent understanding of these systems as I write software for them. In-flight entertainment systems ARE wired to critical systems but typically through buses that do not allow bidirection communication. in-flight entertainment systems require input from critical systems so they can know the city pair for route based content as well as other aircaft data for driving the moving map among other things. (altitude, heading, ground speed, lat, lon, etc, etc.) This data is typ
Lousy Reporting... (Score:2)
The Wired and other headlines at Drudge Report and other places are false. The "Feds" did not say he tampered with anything. They only say that he said that he did. There is no evidence that he did what he said he did.
It's ironic that he had just lost funding for his long-time project to try to prove that flight control systems could be tampered with . . .
whew (Score:2)
Whew, I feel safer already! I'm sure this will prevent anybody from doing anything bad to the flight computer, ever! /sarcasm
Excel (Score:5, Funny)
Did he use Excel to land the aircraft?
Re: (Score:2)
There was no crash, so no.
Re: (Score:2)
Nope, he created a GUI interface using Visual Basic. He tracked an IP address of the airport and could home in on the source to land.
Re: (Score:2)
Don't worry, the warrant is padded so hard it shouldn't give more than a hair injury.
Fumbling Bumbling Idiots (Score:3, Insightful)
It's sad when the FBI makes a statement and I automatically don't believe them.
I get it (Score:2)
Here's likely what happened (Score:3)
Completely out of context... (Score:2)
Never talk to LEAs without a lawyer and recording (Score:2)
LEAs are not rational actors. You will get fucked if you assume otherwise. Your hubris can and will be used against you.
On the other hand... (Score:2)
The FBI has a track record that makes the Keystone Cops look competent by comparison.
What if.... (Score:4, Insightful)
What if the protection on planes is so bad that a passenger can use the inflight entertainment system to gain virtual access to the controls of the plane?
Suppose you are a security researcher and find this out. What do you do? Tell boeing! They... do nothing. Tell the airline! They.... do nothing.
It all starts with a belief issue. You hack into the entertainment system, compromise the firewall and see plane-control messages flying around on the network you now have gained access to. This is enough for a sufficiently technical person to be convinced of having gotten too far for comfort. At that point you know you are only one step away from taking control of the airplane.
Tell anybody less technical about it and they will not be convinced that you'd be able to move the plane. For example, today with this news today someone already voiced: "he might only THINK he moved the plane" (... while in fact the pilots initiated that maneuver).
So... to prove to the world that there indeed is a dangerous situation, you need to actually make the plane move.
And this is where everybody gets their panties in a knot. Suddenly the guy who reports that the planes are not secure enough is the bad guy and needs to be thrown in jail.
Examples of people reporting security problems and being ignored include: On a saturday night two men walking their dogs notice that the bank has left a window open. A person can just climb into.. the bank! So monday morning they walk into the bank, tell them about it, bank says thank you and... nothing happens. Next weekend, window is again left open. So they tell the bank again. And again. After a few times, to prove the point, they decide to climb in, and photograph what access they have once inside the bank. They got into a lot of trouble for that. But since then, the window has been closed.
Personally I have reported security problems in computers without going that extra mile of "making the plane move". In one instance I've reported such a misconfiguration to over 100 system administrators. Two hours later, saturday afternoon, the first response: "Thanks, fixed". Come monday morning, one response: "we know, not a security issue, get lost.". And all others were "no response". A year later more than 50% of the computers where I reported the configuration error were still vulnerable.
With laws being written in such a way that the "white hats" (*) can be thrown in jail, we create an environment where the white hats are either ignored or thrown in jail. Before you know it, the "white hats" are too afraid to report anything and stop reporting real problems. In that situation, you only find out the problems when a bad guy ends up crashing a plane.
Boeing: invite the guy over to show you the problem. Once that hole has been closed, invite him over, pay his hotel an meals for a week while he hacks at a "fixed" plane on the ground at your facilities. Credit him for making aviation safer.
(Do this, before someone makes it stick that: "Boeing created this system with such bad security that it put passengers at risk.").
(*) the researchers that report the problems they find without causing real harm,
Re: (Score:2)
What do you do if you find a vulnerability in an aircraft? Unless you work for Boeing, if you don't want to go to jail, my advice would be to STFU. This is a case of no good deed will go unpunished.
Re: (Score:2)
Thats not what he did, instead he was bragging in public about he could he could hack a plane and alter engine control messages posting tweets such as "pass oxygen on" and he was getting on a plane again...If I were an fbi agent id pull him off the flight myself. Now after the fact cooler heads should have prevailed and im sure the FBI and Boeing ought to be willing to listen to him.. On the other hand If he had done what you had said I would be completely sympathetic.
Re: (Score:2)
USA today "FBI: Computer expert briefly made FBI investigation fly sideways"
FTFY