Hacker 'made plane climb' after taking control thru the in-flight ent sys

djsim101

This makes a interesting read.


http://www.telegraph.co.uk/news/worldnews/northamerica/usa/11611058/Cybersecurity-researcher-made-plane-climb-after-hacking-in-flight-entertainment-system.html


I cannot see how this could be achievable, from an IT side of things, I would have thought these systems would be totally separate \ independent. This is like a scene from a movie :-0)

galljga1

I am predicting meltdown on the conspiracy forum.

djsim101

I know right.... Scary if it true though. Everybody on a plane with a laptop could be suspicious..

AndyBoBandy

I say BS.

Planes are highly computerised nowadays, but to do something like this? no chance??

it's a fear ploy, or a reason to further inspect your private electronic equipment prior to taking a flight.

Myrddin

From the article:

It remains unclear if Mr Roberts, a well-known face in the hacking world, really did manage to move the plane or simply believed that he had

Sensationalist clickbait for now...

weisses

http://www.gao.gov/assets/670/669627.pdf

Discussed in the CT forum earlier

Modern aircraft are increasingly connected to the Internet. This
interconnectedness can potentially provide unauthorized remote access
to aircraft avionics systems. As part of the aircraft certification process,
FAA’s Office of Safety (AVS) currently certifies new interconnected
systems through rules for specific aircraft and has started reviewing rules
for certifying the cybersecurity of all new aircraft systems.

Try to keep up lads

djsim101

Thanks for that weisses, some light reading during work.

sjb25

Yeah.....

weisses

djsim101 wrote: »

Thanks for that weisses, some light reading during work.

Nice material to go through during breaks/meetings etc

Wanderer78

strange how this story wasnt picked up by other reputable news organisations

martinsvi

I don't know if this guy's an ultimate troll or just PR'ing his company but it doesn't look like anyone in the industry is taking him seriously.. and probably rightly so - I can loose a certificate of airworthiness for a bloody cessna if I connect an unapproved sat nav in an unapproved way yet this guy is telling me there are airliners flying around with engine controls hooked up to a dvd player for no reason? give me a break.. what's next - a hack that allows controlling ailerons when flushing a toilet?

AndyBoBandy

martinsvi wrote: »

a hack that allows controlling ailerons when flushing a toilet?

That should be the new X-Prize..

If they could do that, they deserve control of the plane!!

weisses

All communication is gonna be IP based

The experts said that if the cabin systems connect to
the cockpit avionics systems (e.g., share the same physical wiring
harness or router) and use the same networking platform, in this case IP,
a user could subvert the firewall and access the cockpit avionics system
from the cabin. An FAA official said that additional security controls
implemented onboard could strengthen the system

martinsvi

weisses wrote: »

All communication is gonna be IP based

The experts said that if the cabin systems connect to
the cockpit avionics systems (e.g., share the same physical wiring
harness or router) and use the same networking platform, in this case IP,
a user could subvert the firewall and access the cockpit avionics system
from the cabin. An FAA official said that additional security controls
implemented onboard could strengthen the system

but DO they share they same wiring? that's the thing, FAA's 14 CFR 25.1309 implies it shall not!

weisses

martinsvi wrote: »

but DO they share they same wiring? that's the thing, FAA's 14 CFR 25.1309 implies it shall not!

I am just quoting from the report (from page 18 )

FAA’s Office of Safety began developing a larger airworthiness rule
covering avionics cybersecurity in 2013 but determined more research
was necessary before rulemaking could begin and halted the process. In
December 2014, FAA tasked its Aviation Rulemaking Advisory
Committee (ARAC) with submitting a report within 14 months of the
March 2015 kickoff meeting that provides recommendations on
rulemaking and policy, and guidance on best practices for information
security protection for aircraft, including both certification of avionics
software and hardware, and continued airworthiness. FAA states that
without updates to regulations, policy, and guidance to address aircraft
system information security/protection (ASISP), aircraft vulnerabilities
may not be identified and mitigated in a timely manner, thus increasing
exposure times to security threats. According to the ARAC task
assignment, the report should provide recommendations by early 2016 on
whether ASISP-related rulemaking, policy, and/or guidance on leading
practices are needed, and the rationale behind such recommendations. If
policy or guidance, or both, are needed, among other things, the report
should specify which aircraft and airworthiness standards would be
affected

IRLConor

martinsvi wrote: »

but DO they share they same wiring? that's the thing, FAA's 14 CFR 25.1309 implies it shall not!

A350, A380 and B787 and some other modern aircraft have shared wiring. Have a look at the various discussions online around AFDX/ARINC 664. It's a variant of ethernet tweaked for avionics use.

I haven't seen any plausible reports of exploits of those systems but I'm personally not particularly happy about the lack of an air gap between passenger-accessible networks and aircraft control systems.

martinsvi

IRLConor wrote: »

A350, A380 and B787 and some other modern aircraft have shared wiring. Have a look at the various discussions online around AFDX/ARINC 664. It's a variant of ethernet tweaked for avionics use.

but that's not hooked together with IFE, is it? these guys say it isn't - https://www.defcon.org/images/defcon-22/dc-22-presentations/Polstra/DEFCON-22-Phil-Polstra-Cyber-hijacking-Airplanes-Truth-or-Fiction-Updated.pdf

IRLConor

martinsvi wrote: »

but that's not hooked together with IFE, is it?

It's not 100% clear, to be honest. Some sources say yes, some say no.

The FAA expressed concerns about the level of separation during the development and certification of the 787. Some of it is described in some of the paperwork in part of the certification process: http://cryptome.info/faa010208.htm

"It allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane."

That would imply that there is at least some level of connectivity between what they call the "Aircraft Control Domain" and the "Passenger Information and Entertainment Domain".

martinsvi

IRLConor wrote: »

That would imply that there is at least some level of connectivity between what they call the "Aircraft Control Domain" and the "Passenger Information and Entertainment Domain".

maybe it's just to feed data regarding plane's altitude, heading and speed, just so pax could see that in their flight progress maps? anyway, lets keep in mind that the "hacker" in question was aboard b738, a plane that would use far more robust and insulated networks

durandal01

Here's an interesting article saying that the claims are not all his and that some of them originated from a sexed up FBI search warrant.
https://grahamcluley.com/2015/05/security-researcher-hijacked-plane/

DUBLINHITMAN

https://youtu.be/N2mOSi-IXlE

Maybe bs but I'd like to hear your thoughts on the possibilities of this happening.
If needed to move topic as I know it's on the line of conspiracy but I'd just like to know from any airline pilots or aircraft engineers as to the possibilities

b757

http://www.boards.ie/vbulletin/showthread.php?t=2057431931

IRLConor

martinsvi wrote: »

maybe it's just to feed data regarding plane's altitude, heading and speed, just so pax could see that in their flight progress maps? anyway, lets keep in mind that the "hacker" in question was aboard b738, a plane that would use far more robust and insulated networks

Yeah, I don't believe his story at all. As I said, I haven't seen any plausible reports of exploits of those systems.

I'd still be much happier if they air-gapped it.

weisses

IRLConor wrote: »

Yeah, I don't believe his story at all. As I said, I haven't seen any plausible reports of exploits of those systems.

I'd still be much happier if they air-gapped it.

pax are connected to the Internet ...that would be the biggest concern regarding cyber security on board ... Everything is hack able

Galway K9

The flight computer system is on a wired system not a wireless. He couldn't have accessed it.

martinsvi

weisses wrote: »

pax are connected to the Internet ...that would be the biggest concern regarding cyber security on board ... Everything is hack able

so? I'm connected to the internet right now, how is that a concern for thousands of planes airborne right now that don't have a single avionics endpoint connected to the internet?

mikom

djsim101 wrote: »

Hacker 'made plane climb' after taking control thru the in-flight ent syst

http://i.ytimg.com/vi/ZaCzGqTXa70/hqdefault.jpg

smurfjed

As others pointed in another thread, he stated that he accessed the EICAS messages on a B737, people familiar with that aircraft say that it doesn't have an EICAS!

smurfjed

The aviation giant announced a new "bug bounty program" that will reward hackers who find vulnerabilities in its system. Depending on the severity, tech-savvy bounty hunters will be rewarded with 50,000, 250,000 or 1 million MileagePlus reward miles.

The concept isn't a new one: Facebook, Google and other tech giants have long offered similar finder's fees, usually in cash. But the United deal is a first for the airline industry, The Daily Dot reported.

Any bug must be a new discovery, according to the program. The finder of the flaws can't live in a country sanctioned by the U.S. government, or be the creator the bugs themselves.

Interesting concept, but how are they expected to test? I would be extremely weary of sanctioning passengers to connect to the aircraft by ethernet.

weisses

martinsvi wrote: »

so? I'm connected to the internet right now, how is that a concern for thousands of planes airborne right now that don't have a single avionics endpoint connected to the internet?

Just read the paper from page 18 and you know what they mean

martinsvi

weisses wrote: »

Just read the paper from page 18 and you know what they mean

I understand your whole point is based on a premise that avionics are vulnerable IF they are hooked together with the IFE in one Ethernet.. and you are right! However closer look at available diagrams show that they are either not connected (e.g. ARINC 429), or as it is in the case of ARINC 664 (some b777 and later wide-bodies) we have a bit of a mixed information, but we know that either way some security is in place anyway

to use an analogy from more down to earth side of things - i'm sure we would find publications stating that your online banking credentials are not secure if the bank is not using https/SSL.. and that would be correct, however the site IS using the https/SSL, so what's with all the noise?

Reoil

This guy isn't an idiot. He is an experienced hacker with no reason to make false claims.
While I find it difficult to link the on-board wifi to the plane's wired controls, I'll not make any judgements until I know all the facts.

weisses

martinsvi wrote: »

to use an analogy from more down to earth side of things - i'm sure we would find publications stating that your online banking credentials are not secure if the bank is not using https/SSL.. and that would be correct, however the site IS using the https/SSL, so what's with all the noise?

Point is ..Hackers are always one or two steps ahead of security ... How many people in the world are getting their bank account hacked one way or the other ?
example http://www.irishtimes.com/news/crime-and-law/ryanair-falls-victim-to-4-6m-hacking-scam-via-chinese-bank-1.2192444

Planes are getting more and more connected to the Internet and that creates a possible problem regarding cyber security

SpaceTime

Is he sure that he didn't just effect the passenger IFE maps or something?

The logical way of doing things on an aircraft would be some kind of isolated network that has no connectors or protocols common with Ethernet.

Why would an aircraft be running IP networks for avionics? Sounds really, really stupid if true.

Cars should also be careful to avoid putting essential systems on IP that could be hacked.

Amalgam

Some of the 'entertainment systems/consoles' are very shoddy, hanging around forums dealing with harmless stuff like arcade emulation, people who don't call themselves hackers have had access to the wider plane network in a very easy, lazy, haphazard manner.

I'll try and root out a link, concerns one particular British airline.

SpaceTime

One would hope that Boeing and Airbus and the various regulatory bodies in Europe, the U.S. And elsewhere are aware of risks ...

Tea 1000

martinsvi wrote: »

maybe it's just to feed data regarding plane's altitude, heading and speed, just so pax could see that in their flight progress maps? anyway, lets keep in mind that the "hacker" in question was aboard b738, a plane that would use far more robust and insulated networks

The only proper way to implement a secure solution is to have the aircraft systems completely seperate from the passenger entertainment systems. Even if they want altitude, heading and speed to be relayed, there are ways to do this without linking the two. You might have to be a bit abstract in providing the solution, but there are ways. Whether they're done or not is another story.

SpaceTime wrote: »

One would hope that Boeing and Airbus and the various regulatory bodies in Europe, the U.S. And elsewhere are aware of risks ...

Yep, people hope that all the time.

AndyBoBandy

Tea 1000 wrote: »

The only proper way to implement a secure solution is to have the aircraft systems completely seperate from the passenger entertainment systems. Even if they want altitude, heading and speed to be relayed, there are ways to do this without linking the two. You might have to be a bit abstract in providing the solution, but there are ways.

This I would imagine would be extremely easy to implement,
there are iPhone apps nowadays that provide all this info, so all you'd need would be a stand alone GPS (one linked only to the pax entertainment system) providing this information to the pax displays, completely separate to the flight/control computers.
I would hazard a guess that this is already the case.

SpaceTime

The aircraft systems simply shouldn't be connected (physically or by radio) to ANY public IP system or publically accessible systems like onboard IFE, passenger information systems or WiFi etc in anyway whatsoever.

All connectors and protocols should also be proprietary too and not easily accessed from standard consumer IT equipment. You do not need to be using things like RJ45 ethernet connectors that could be connected to easily

I mean, this is basic stuff!

If you open the avionics to potentially being accessed from the internet, you might as well just forget about all the airport security too. It would be a total joke.

I mean would an airline buy its aviation fuel at the local petrol station and get its engine parts on eBay? This is kind of how fundamental this is!

Tea 1000

AndyBoBandy wrote: »

This I would imagine would be extremely easy to implement,
there are iPhone apps nowadays that provide all this info, so all you'd need would be a stand alone GPS (one linked only to the pax entertainment system) providing this information to the pax displays, completely separate to the flight/control computers.
I would hazard a guess that this is already the case.

According to some of the guys in the industry on here, they are always reluctant to put any new devices into aircraft which might interfere with existing systems, no matter how harmless they might seem.
But that would be the obvious solution. There are other ways too.

marketty

Nothing has never happened as much as this never happened

martinsvi

weisses wrote: »

Planes are getting more and more connected to the Internet and that creates a possible problem regarding cyber security

Tea 1000 wrote: »

The only proper way to implement a secure solution is to have the aircraft systems completely seperate from the passenger entertainment systems.

I think you guys are blatantly ignoring the fact that there is no evidence that the two systems are even connected. Again, please read the presentation I linked earlier, if you have any evidence that avionics and IFE's ARE connected, please share, I would be more than happy to learn about it

Tea 1000

martinsvi wrote: »

I think you guys are blatantly ignoring the fact that there is no evidence that the two systems are even connected. Again, please read the presentation I linked earlier, if you have any evidence that avionics and IFE's ARE connected, please share, I would be more than happy to learn about it

From your own post, "mixed information" on some newer wide-bodies. That's enough to suggest there might be something. Assuming there is security is one thing, assuming no one can get past that security is another.
It might be hack proof, but nothing beats total seperation.

martinsvi

Tea 1000 wrote: »

From your own post, "mixed information" on some newer wide-bodies. That's enough to suggest there might be something. Assuming there is security is one thing, assuming no one can get past that security is another.
It might be hack proof, but nothing beats total seperation.

I completely agree with you, all I'm trying to say is, that according to information I've found and shared, it is and by law - it must- be separated. So really there is no issue, or there shouldn't be, if the IFE installers have done their job properly.

Would you not think that airlines have already acted on this potential threat and done their audits? Wasn't this the whole point for the "hacker" to create the threat and then go in and audit it with his company? Too bad it backfired and investors, reportedly, pulled out. Obviously they know what their doing and probably realized that airlines will not catch the bait

Paddez

weisses wrote: »

All communication is gonna be IP based

Not necessarily.
IP is just one particular network protocol. Would be relatively straightforward to come up with a proprietary one for use on a closed system like an Aircraft.

lord lucan

Excellent little summation from the guys at NYC Aviation who are usually pretty good at cutting through the BS.

http://www.nycaviation.com/2015/05/anatomy-story-airliner-hacking-claim-bull/

AndyBoBandy

lord lucan wrote: »

Excellent little summation from the guys at NYC Aviation who are usually pretty good at cutting through the BS.

http://www.nycaviation.com/2015/05/anatomy-story-airliner-hacking-claim-bull/

Simply put to explain how much of a nothing this whole story is

Sofiztikated

Lads, are you sure this isn't what is being talked about? http://www.imdb.com/title/tt4228374/?ref_=ttep_ep9

jmayo

Paddez wrote: »

Not necessarily.
IP is just one particular network protocol. Would be relatively straightforward to come up with a proprietary one for use on a closed system like an Aircraft.

I think the fact that the biggest proponent here of this story's veracity states that "all communication is gonna be IP based" says a lot.

weisses

jmayo wrote: »

I think the fact that the biggest proponent here of this story's veracity states that "all communication is gonna be IP based" says a lot.

Yeah was confused with Internet being ip based... But by all means keep ignoring the valid concerns raised

OzCam

Some more information is beginning to emerge...

Violet Blue on ZDnet:

An unapologetic history of plane hacking: Beyond the hype and hysteria

Summary:OPINION. Controversy over a security researcher's alleged hacking into a plane's engine mid-flight raises serious questions as to why years of public research on airline hacking has gone ignored.

Lots of links in that story for further reading. http://www.zdnet.com/article/a-practical-history-of-plane-hacking-beyond-the-hype-and-hysteria/


Some useful info in this story via IFLScience:

It was once believed that the cockpit network that allows the pilot to control the plane was fully insulated and separate from the passenger network running the in-flight entertainment system. This should make it impossible for a hacker in a passenger seat to interfere with the course of the flight.
But the unfolding story of this hacker’s achievement, which has prompted further investigation by authorities and rebuttals from plane manufacturers, means that this assumption needs to be revisited.

Unfortunately this particular article goes off the rails in the last third: There isn't enough bandwidth in the world to do realtime monitoring of commercial airlines. The DOS idea is pretty scary though.

http://www.iflscience.com/technology/how-hacker-could-hijack-plane-their-seat


And a blog from Bruce Schneier from a few days ago, with some more links:

The real issue is that the avionics and the entertainment system are on the same network. That's an even stupider thing to do. Also last month, I wrote about the risks of hacking airplanes, and said that I wasn't all that worried about it. Now I'm more worried.

https://www.schneier.com/blog/archives/2015/05/more_on_chris_r.html

If Schneier says we need to worry about this, then we need to worry.

There isn't a firewall built yet that someone, somewhere couldn't breach eventually. Attacks always get better.