FBI: researcher admitted to hacking plane in-flight, causing it to “climb”

a reply to: smurfy

So okay, GAO are a bunch of carrot pullers, who know nothing except talk, however they can point out that some areas that should now be covered, are not, and there is no word of it as yet.

Apparently you missed the FAA response in Appendix II. The FAA concurs with some points and has plans to address them. There are also ongoing programs (which the GAO was apparently unaware of) to address cybersecurity threats to the NextGen system

a reply to: beercan

His computer is the ethernet, the aircraft is the other. He would then have access to aircraft data.

a reply to: roadgravel

The problem with trying to hack an aircraft is that, even if you could get control and try to do something, the most the flight crew has to do is stand up, walk to the back of the cockpit, and pull a circuit breaker, and they're back in control.

a reply to: roadgravel

I was under the impression that the IFE system was ethernet based, and that the IFE was being used to gain access to the Control System of the aircraft running on ARINC 429.

If he for some reason used an Ethernet to ARINC 429 it would mean he had physical access to that network.
Which would be some scary stuff indeed.

a reply to: Zaphod58

Yeah, I don't see it as a way to really fully control the plane. More like a DOS attack maybe. I don't see planes falling out of the sky any time soon.

Reminds me of this old video from before 911 in 2001 showing a remoted controlled aircraft aimed for the WTC for the reason of starting a war.

a reply to: roadgravel

Who is Ars Technica or ABPT? I never heard of either of them. I don't consider either of these sites valid sources. Therefore, I think the article is BS.

Consider the source.

a reply to: Phage

lets not forget about existing technologies.

Defense Advanced Projects Agency (DARPA)
www.arpa.mil...

on a project designed to facilitate the remote recovery of hijacked American
aircraft. Brilliant both in concept and operation, “Home Run” [not its real
code name] allowed specialist ground controllers to listen in to cockpit
conversations on the target aircraft, then take absolute control of its
computerized flight control system by remote means.

I wonder what impact along these lines this change is going to create.

Avionics Full-Duplex Switched Ethernet (AFDX) is a data network, patented by international aircraft manufacturer Airbus, for safety-critical applications that utilizes dedicated bandwidth while providing deterministic quality of service (QoS). AFDX is based on Ethernet technology using commercial off-the-shelf (COTS) components. AFDX is a specific implementation of ARINC Specification 664 Part 7, a profiled version of an IEEE 802.3 network per parts 1 & 2, which defines how commercial off-the-shelf networking components will be used for future generation Aircraft Data Networks (ADN)
...
The AFDX bus is used in Airbus A380, Boeing 787, Airbus A400M, Airbus A350, Sukhoi Superjet 100, ATR 42 & ATR 72 (-600), AgustaWestland AW101, Irkut MS-21, Bombardier Global Express, Bombardier CSeries, Comac ARJ21, AgustaWestland AW149

Link

Boeing and industry experts had this to say:

But when reading the FBI search warrant application for Roberts, it’s important to consider that IFE systems on commercial airplanes “are isolated from flight and navigation systems”, Boeing said in a statement after myriad news titles reported the FBI claims as fact.

“While these systems receive position data and have communication links, the design isolates them from the other systems on airplanes performing critical and essential functions.”

IFE is typically certified to Design Assurance Level (DAL) E under the FAA’s DO-178B software guidance for airborne systems. Level E is the least stringent level of rigor put into design, verification and testing, as a fault is expected to have no effect on the safe operation of the aircraft. By contrast, radios are certified as Level D and avionics are Level C.

There are ARINC 429 connections to IFE systems (for mission data) “that are not segmented as diligently as with ARINC 664 Ethernet domains. It would take software manipulations to control the 429 interfaces from a compromised Ethernet connection. Regardless, the IFE ARINC 429 interfaces are not capable of changing automatic flight control modes,” notes industry expert Peter Lemme, who chairs the AEEC subcommittee that builds standards for Ku and Ka satcom systems.

“The claim that the Thrust Management System mode was changed without a command from the pilot through the mode control panel, or while coupled to the Flight Management System is inconceivable,” he adds.

In a post 9/11 world, the further claim that Roberts tried to hack IFE systems multiple times by direct physical interface also seems fantastical, says IFE industry consultant Michael Planey. “We have seen multiple instances of passengers being restrained by fellow passengers or flights diverted because a passenger is behaving abnormally. I find it nearly impossible to believe Roberts could have done this type of an act over a dozen times and never had a flight crew or fellow passenger notice – that part stretches the imagination. Furthermore, in the event that what he claims about monkeying with the Thrust Management System occurred, that would have been noted by the flight crew; they would have noticed the aircraft was moving not by command from the cockpit. There would have been many ways in engine monitoring and flight control management systems to detect this sort of event, and I would have expected the pilots would have written it up and there would have been an investigation. So I don’t believe what he says to be true.”

Lemme adds, “Thrust Management has always relied on the pilot as an active monitor for failure, and the pilot has complete authority to override any failure mode."

www.runwaygirlnetwork.com...

originally posted by: ChiefD
a reply to: roadgravel

Who is Ars Technica or ABPT? I never heard of either of them. I don't consider either of these sites valid sources. Therefore, I think the article is BS.

Consider the source.

Their article is based on info from Wired and the FBI documents.

originally posted by: Phage
Actually, it makes me think that our hacker read that article and rather than actually doing anything, talked to the FBI about what the report said about potential vulnerabilities.

I had thought that too, but the guy does go back a bit, and he is a security hacker it seems and took part in the mcafee I think it was, internet shorts about internet security, H*Commerce: The Business of Hacking You,
The video is the whole bundle, (i think)

a reply to: smurfy
Yes. And as such he would be very interested in government concerns about cybersecurity. It's likely he did see the report.

a reply to: roadgravel

From a security perspective, not very much.

The benefit of AFDX will be to cut the amount of cables needed for different system to communicate throughout the craft.
As going from a point-to-point cabling infrastructure between system to a shared switched infrastructure.

When doing so bandwidth allocation and traffic separation become key points.
This is where QoS and Virtual Links are used.
I suppose the virtual link is going to prevent sniffing and man-in-the-middle attacks by actually routing the frames instead of flooding them as in traditional ethernet.

My 2 cents, AFDX is new to me.

He does seem to be stating he used the In Flight Entertainment network.

a reply to: roadgravel

There's no "seem to" he IS stating that he use the IFE network. But the IFE network doesn't get you anywhere, because it doesn't connect to anything that can control the aircraft.

originally posted by: Zaphod58
a reply to: roadgravel

There's no "seem to" he IS stating that he use the IFE network. But the IFE network doesn't get you anywhere, because it doesn't connect to anything that can control the aircraft.

i am looking at quotes published said to be from him. I personally haven't spoken with him.

Except possibly the newer aircraft, the only point those networks might share anything is in the satcom equipment?

a reply to: roadgravel

Even newer aircraft, the points of data that they share are extremely limited. Communications, and a few other data points, such as position are shared, but none of the aircraft control systems.

a reply to: Zaphod58

There's no "seem to" he IS stating that he use the IFE network.

It's interesting that that route is specifically mentioned in the DOA audit. Makes me think that his comments about the paragraph being taken out of context has to do with him discussing the audit during his interview.

a reply to: Phage

That wouldn't surprise me.