FBI: researcher admitted to hacking plane in-flight, causing it to “climb”

originally posted by: Zaphod58
a reply to: Phage

That wouldn't surprise me.

Certainly not as much as it would surprise me if it turns out that he actually did it. As you said, there would be ample evidence to charge him if he actually did what is claimed.

a reply to: Phage

The entire industry would be shocked, considering that the people that design the systems are some of them saying it can't be done.

originally posted by: Phage
a reply to: smurfy
Yes. And as such he would be very interested in government concerns about cybersecurity. It's likely he did see the report.

That makes it down to the Chicken and egg thing then, who came first with what. Roberts tweets on the plane were about the GAO findings, that much is clear, that he was in contact with the aircraft companies beforehand is more than likely, and on the same specific issue. That he had also met with the FBI previously on the same subject AKA the one he tweeted about on the plane...in a meeting that is, has not been denied, (never mind that they were waiting for him at the landing airport) even though they should have known (1) who he was, (2) the exact nature of what he was tweeting about.

So, in summary a responsible bunch of carrot pullers say something that another singular carrot puller already has said, can be done, or that the singular carrot puller says something that the responsible carrot pullers also say can be done, and gets arrested even though their research is not worth...a carrot. My thoughts? "Our father what art in heaven".

a reply to: smurfy
Or.

He was detained (I didn't see anything about arrest) because of his tweets, which were more or less equivalent to joking about a bomb.

While being interviewed he discussed the GAO audit with the FBI.

originally posted by: Phage
a reply to: smurfy

While being interviewed he discussed the GAO audit with the FBI.

That that would be after he was taken off the plane, not the previous meeting some months ago, the one as you know I was referring to.
As for arrest or detention coming off the plane, were the police there just to see if the FBI were behaving properly?

a reply to: smurfy

That that would be after he was taken off the plane, not the previous meeting some months ago, the one as you know I was referring to.

Actually, no. I did not know which you were referring to.

As for arrest or detention coming off the plane, were the police there just to see if the FBI were behaving properly?

What do police have to do with it?
Was he arrested?

originally posted by: Zaphod58
a reply to: Phage

The entire industry would be shocked, considering that the people that design the systems are some of them saying it can't be done.

Then you need to tell the FAA where they were wrong,

2008 FAA statement,

"The proposed architecture of the 787 is different from that of existing production (and retrofitted) airplanes. It allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane. Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems that provide flight critical functions. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities that could be caused by unauthorized access to aircraft data buses and servers. Therefore, special conditions are imposed to ensure that security, integrity, and availability of the aircraft systems and data networks are not compromised by certain [wired or wireless] electronic connections between airplane data buses and networks."

a reply to: smurfy

Considering that FAA agents are not designers of the systems, I'm going to listen to Boeing and the people that design the system and software before I listen to them.

Look at the electronics he had - a bluetooth adapter (the purple USB dongle with the small antennae). That's useful for getting stuff to and from a smartphone. The black thing with the white bit in the middle looks like a USB memory stick. The smaller black thing is another bluetooth dongle or a infra-red zapper that allows IR remote controls to be emulated and recorded. The black box with rounded corners looks like an Aukey nano-cell 3G/wi-fi pocket router. The smaller items are keyring USB sticks. The cable looks like RJ45 adapter. Some basic packet snooping using the cable would seem the easiest way to explore the inflight network. It's hard to believe that all the avionics are going to be on the same network as the flight entertainment system, but it looks like he just got the network names of devices.

I'll toss in the idea that if there is a piece of software that touches both networks then it opens the door. Hopefully the designers are correct.

From the Wired link

He obtained physical access to the networks through the Seat Electronic Box, or SEB. These are installed two to a row, on each side of the aisle under passenger seats, on certain planes. After removing the cover to the SEB by “wiggling and Squeezing the box,”

Roberts told agents he attached a Cat6 ethernet cable, with a modified connector, to the box and to his laptop and then used default IDs and passwords to gain access to the inflight entertainment system. Once on that network, he was able to gain access to other systems on the planes.

a reply to: roadgravel

I'm with one of the experts. I have a hard time believing that he did this as many times as they say he did, and not one passenger or crew member ever said "Hey, what do you think you're doing?"

originally posted by: Zaphod58
a reply to: roadgravel

I'm with one of the experts. I have a hard time believing that he did this as many times as they say he did, and not one passenger or crew member ever said "Hey, what do you think you're doing?"

Yep. Me too. It was stated some officials found the area components tampered with near his seat. I would certainly question someone opening covers on the plane.

Looks like the average passenger isn't very concerned about the terrorist angle on planes any more.

a reply to: roadgravel

Or he did it once, barely got access to anything, and it's being blown out of proportion like so many other things have been lately.

originally posted by: Zaphod58
a reply to: smurfy

Considering that FAA agents are not designers of the systems, I'm going to listen to Boeing and the people that design the system and software before I listen to them.

No you don't, if you want to fly, it's fly by FAA whatever way it comes down. BTW, built in vulnerability was found independently elsewhere a few years ago, and not just 2008.

Eventually, Roberts and his research partner determined that it would take a convoluted set of hacks to seriously subvert an avionics system, but they believed it could be done. He insisted to WIRED last month, however, that they did not “mess around with that except on simulation systems.” In simulations, for example, Roberts said they were able to turn the engine controls from cruise to climb, “which definitely had the desired effect on the system—the plane sped up and the nose of the airplane went up.”

Today he would not respond to questions about the new allegations from the FBI that he also messed with the systems during a real flight.

If the connections mentioned are true then that does suggest an opening.

a reply to: smurfy

I'm WELL aware of how the process works thanks. That doesn't change a few basic facts. Such as the FAA is deeply in bed with the airlines/manufacturers. They're not designers of the systems. Most of the FAA has no idea how they work, and have to go by what the manufacturers, or others say about them. For example, the original 787 battery system. Boeing certified it, told the FAA there was nothing to worry about with the batteries failing, and the FAA said, "Oh, ok" and certified the batteries.

It's not a vulnerability, it's a MAY allow. They've never once proven that it does, or there would be ADs out there mandating changes to the system, and the 787 wouldn't have been certified until it was corrected.

a reply to: roadgravel

In simulations. It's never been done on a real aircraft.

a reply to: Zaphod58

Could be. He is denying the tampering on the flight claiming the damage could be normal due to luggage, etc under the seats.

edit:

But one article has him admitting tampering with equipment on at least one flight. Hard to know what to believe.

New to the thread, but just had to comment once reading all of the posts.

More modern aircraft use an updated standard, ARINC 664 - except for Airbus planes that use a modified version dubbed AFDX. This retains the non-TCP/IP nature of the earlier standard and adds unidirectional data traffic control via paired cables and only ever accepts one sending system, although data can be sent to multiple endpoints.

The one exception to this is the Boeing 777, which uses a modified version of ARINC dubbed 629, which allows Boeing to use off-the-shelf network components in the aircraft. Boeing was also granted special leave to allow ARINC 629 to be linked into a standard IP network, but only for data outputs not inputs, and with no connections to the flight management or avionics systems.

Source: The A Register

Important here, is the "NON-TCP/IP nature of the protocol, which would necessitate a bridge required to allow IP based devices (pc,router etc) to connect, however , these are not AF/INET type socket connections, and there are no port listeners.
Hard to imagine hacking into something that you cannot cause a buffer overflow in, thus injecting code. I think it is more of a sensation causing hack dream than reality.