Commercial airline flight control hacked by passenger

eggtimer rocketry
the model rocket show
Onebadhawk
Wildman Rocketry
The Rocketry Forum

Help Support The Rocketry Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Winston

Winston

Lorenzo von Matterhorn
Joined
Jan 31, 2009
Messages
9,560
Reaction score
1,748
Oh, wonderful... Our infrastructure is already supposedly highly vulnerable, now we can add commercial aircraft. Then, self-driving cargo trucks will hit the roads soon, eventually followed by self-driving cars, all juicy targets for scum wanting to spread chaos.

https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/

05/15/15

Excerpt:

A SECURITY RESEARCHER kicked off a United Airlines flight last month after tweeting about security vulnerabilities in its system had previously taken control of an airplane and caused it to briefly fly sideways, according to an application for a search warrant filed by an FBI agent.

Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states.

“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application (.pdf). “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.”

Then, there are these additional factors to consider:

The Ethics of Autonomous Cars
Sometimes good judgment can compel us to act illegally. Should a self-driving vehicle get to make that same decision?

https://www.theatlantic.com/technology/archive/2013/10/the-ethics-of-autonomous-cars/280360/

The example they give:

"If a small tree branch pokes out onto a highway and there’s no incoming traffic, we’d simply drift a little into the opposite lane and drive around it. But an automated car might come to a full stop, as it dutifully observes traffic laws that prohibit crossing a double-yellow line. This unexpected move would avoid bumping the object in front, but then cause a crash with the human drivers behind it."

They hint at another example by explaining the "Trolley Problem" ethical conundrum, but let me relate it to your self-driving car with an example I read somewhere else on-line: a large truck rounding a blind curve is in your lane; your only way to avoid a head-on collision is to go off the road and into a group of cyclists; the computer instantly calculates the potential casualties and decides to sacrifice (and likely kill) you.

Then, there's this factor for the much more near-term self-driving cargo trucks, not even related to them being hacked and turned into deadly "road warriors":

Self-Driving Trucks Are Going to Hit Us Like a Human-Driven Truck
The imminent need for basic income in recognition of our machine-driven future

Excerpt:

It should be clear at a glance just how dependent the American economy is on truck drivers. According to the American Trucker Association, there are 3.5 million professional truck drivers in the US...
 
Car control hack:

[video=youtube;7E1WsdODxu0]https://www.youtube.com/watch?v=7E1WsdODxu0[/video]

But don't be concerned, move along, nothing to see here:

Congress, '60 Minutes' Exaggerate Threat Of Car Hacking

https://www.forbes.com/sites/dougnewcomb/2015/02/09/60-minutes-joins-car-hacking-hype/

Mostly true when it comes to controlling the actual driving related functions of a vehicle. However:

With $15 in Radio Shack parts, 14-year-old hacks a car

https://www.computerworld.com/artic...adio-shack-parts-14-year-old-hacks-a-car.html

Excerpt:

With just a little soldering and assembly, the 14-year-old built a device to wirelessly communicate with a vehicle's controller area network (CAN) and remotely control non-safety related equipment such as headlights, window wipers and the horn. He was also able to unlock the car and engage the vehicle's remote start feature.
 
That guy Roberts who claims (maybe - it's not clear in that Wired article) to have hacked the thrust management system on a plane (unspecified what type of plane) also is now infamous for his tweet “Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM,? Shall we start playing with EICAS messages? ‘PASS OXYGEN ON’ Anyone?”

He's not the expert he thinks he is if this is his level of understanding. No 737 even HAS an EICAS (engine indicating and crew alerting system) - even current builds or the upcoming MAX models.
 
There are so many issues with the report.

1) Planes (or at least commercial jets) cannot "fly sideways" - sensationalism headline.
2) Later in the article it just states he commanded the engine to climb. You can increase the speed/thrust but you can't command an engine to climb.
Although I do have to concede that increasing the thrust on only one side could cause a slight yaw movement. Although the autopilot system should compensate for that.
3) The IFE system has no direct connection to the thrust management system, so how would he be able to use it to over-write its code?
4) All of the critical aircraft systems, such as the thrust management system, have multiple interlocks that prevent code changes unless various conditions are met. These typical include setting of mechanical switches (can't hack a physical switch) plus various other interlocks (such as 0 airspeed, weight on wheel signals)

Basically, that plane has to be on the ground, not moving, and the unit has to be in a special mode to allow a software update

According to the article, he claimed he had the ability to overwrite the code. The hacker also made the claim he did so, but there is nothing in the article from the airline or anyone else that stated the plane actually was controlled.

I think the FBI was responding to a perceived threat, just as if someone tweeted that they had a gun or bomb on the plane.
But I don't believe there is any fact behind the threat.

Meanwhile, all this article does is stir up a panic (or at least a concern) about an event that can't happen.
 
Security advocates/activists have for years been proclaiming the oncoming disaster that is being called the Internet Of Things.

Heard of hacking LED lightbulbs yet? Hackers penetrate your home network through so-called smart LED bulbs. Your Smart TV actually listens to anything you say and sends it out over the internet where it may be distributed to third parties.

Remember the old joke about whether the phone stops "listening" when you hang it up? Turns out we need to worry about our TV's.
 
I have issues with the aircraft side of the article too...most of which have already been covered by previous posters.

However, the IoT vulnerabilities are significantly more concerning. In the rush to get on the ground floor, companies getting into IoT are glossing over security.

FC
 
les said:
There are so many issues with the report.

<snip>

3) The IFE system has no direct connection to the thrust management system, so how would he be able to use it to over-write its code?
4) All of the critical aircraft systems, such as the thrust management system, have multiple interlocks that prevent code changes unless various conditions are met. These typical include setting of mechanical switches (can't hack a physical switch) plus various other interlocks (such as 0 airspeed, weight on wheel signals)

Basically, that plane has to be on the ground, not moving, and the unit has to be in a special mode to allow a software update

According to the article, he claimed he had the ability to overwrite the code. The hacker also made the claim he did so, but there is nothing in the article from the airline or anyone else that stated the plane actually was controlled.

I think the FBI was responding to a perceived threat, just as if someone tweeted that they had a gun or bomb on the plane.
But I don't believe there is any fact behind the threat.

Meanwhile, all this article does is stir up a panic (or at least a concern) about an event that can't happen.
Click to expand...

Indeed. I thought about adding some of this detail...thanks, Les. I can't think of how any STC'd or installed-in-production IFE system can even be connected to systems such as thrust management or even a messaging system like EICAS (on most all other airliners besides 737s).

The whole thing is sensationalism fed by someone who is a publicity hound....or so it seems to me.


....now the internet of things and ways into our lives via "smart TVs" and LED lights on your wireless network....and how that might be a pathway into our home networks. That, at least, is more plausible than hacking the FADEC of an airliner's engines.


-----ah - looks like FastCargo and I were writing at the same time.
 
I agree there is an overall risk with the Internet of Things that hackers can create issues. Companies do need to do more to provide security

But I am also concerned about what is reality and what is sensationalism.

The article about hacking aircraft systems (at least critical systems) is bogus as previously discussed.
The few articles about hacking the non-essential systems in a car are disturbing but appear real

But how real are the articles about people getting their pacemakers hacked? Real or sensationalism?

The article about the plane shows how it becomes difficult to know what to believe.
Meanwhile, that article will probably travel around the internet until it become "gospel"
 
les said:
I think the FBI was responding to a perceived threat, just as if someone tweeted that they had a gun or bomb on the plane. But I don't believe there is any fact behind the threat.

Meanwhile, all this article does is stir up a panic (or at least a concern) about an event that can't happen.
Click to expand...
On items 1 & 2, I think "crab" should be used as the result of any asymmetrical power result and airspeed rather than climb for any symmetrical increase in thrust. I certainly hope you're right with that last sentence.
 
les said:
I agree there is an overall risk with the Internet of Things that hackers can create issues. Companies do need to do more to provide security
Click to expand...
Trouble is, too little attention is apparently paid as the car hacking by that kid shows. Then, even if there is much attention paid, how many Windows, Flash, and Java security updates have you installed over the years? As one of the links above points out, many hackable things haven't been hacked simply because the economic motive which drives most hacking isn't present.

But how real are the articles about people getting their pacemakers hacked? Real or sensationalism?
Click to expand...
I believe in that case the case was made that there was too little security involved in the updating of their firmware, providing a potential for deadly hacking, not an actual instance of it.

Here's a study of car vulnerabilities from 2011:

https://web.archive.org/web/20130808195909/https://www.autosec.org/pubs/cars-usenixsec2011.pdf

See Table 1 for a short summary of their findings.
 
Here's another claim from 2013 disproved because, just as was most discussed in the lead article about the recent hacking claim, results were obtained on a PC simulation, not flight hardware:

Researcher Says He's Found Hackable Flaws In Airplanes' Navigation Systems (Update: The FAA Disagrees)

https://www.forbes.com/sites/andygr...ckable-flaws-in-airplanes-navigation-systems/

The FAA: &#8220;The FAA is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer. The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware. The described technique cannot engage or control the aircraft&#8217;s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain &#8220;full control of an aircraft&#8221; as the technology consultant has claimed.&#8221;
 
April 2015 GAO report:

https://www.gao.gov/assets/670/669627.pdf

Intro:

Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems. As part of the aircraft certification process, FAA’s Office of Safety (AVS) currently certifies new interconnected systems through rules for specific aircraft and has started reviewing rules for certifying the cybersecurity of all new aircraft systems.

PDF page 22:

According to FAA and experts we interviewed, modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorized individuals might access and compromise aircraft avionics systems. Aircraft information systems consist of avionics systems used for flight and in-flight entertainment (see fig. 4 below). Historically, aircraft in flight and their avionics systems used for flight guidance and control functioned as isolated and self-contained units, which protected their avionics systems
from remote attack. However, according to FAA and experts we spoke to, IP networking may allow an attacker to gain remote access to avionics systems and compromise them—as shown in figure 4 (below). Firewalls protect avionics systems located in the cockpit from intrusion by cabinsystem users, such as passengers who use in-flight entertainment services onboard. Four cybersecurity experts with whom we spoke discussed firewall vulnerabilities, and all four said that because firewalls are software components, they could be hacked like any other software and circumvented. The experts said that if the cabin systems connect to the cockpit avionics systems (e.g., share the same physical wiring harness or router) and use the same networking platform, in this case IP, a user could subvert the firewall and access the cockpit avionics system from the cabin. An FAA official said that additional security controls implemented onboard could strengthen the system.
 
The search warrant affidavit:

https://aptn.ca/news/wp-content/uploads/sites/4/2015/05/warrant-for-Roberts-electronics.pdf

What he claimed to do, without media misinterpretation, starts on page 12 of the PDF. No airline would ever publicly admit that their system had been hacked if indeed any ever have been by this guy for the same reasons you don't hear banks admitting they've been hacked until it's somehow otherwise exposed.

Wanna' read how many things are hacked that you never hear about? Read this site:

https://krebsonsecurity.com/

and his book from late 2014:

Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door

https://www.amazon.com/dp/1492603236/?tag=skimlinks_replacement-20

EDIT: And, frankly, from what I've read of the ridiculous vulnerability of our national infrastructure, the only thing that has prevented a catastrophe due to that is the fact that such an event would be an act of war and once it was traced back to a nation-state (as it would be whether correct or not) they would experience some "very bad days" from our response.
 
Last edited by a moderator:
o1d_dude said:
Security advocates/activists have for years been proclaiming the oncoming disaster that is being called the Internet Of Things.

Heard of hacking LED lightbulbs yet? Hackers penetrate your home network through so-called smart LED bulbs. Your Smart TV actually listens to anything you say and sends it out over the internet where it may be distributed to third parties.

Remember the old joke about whether the phone stops "listening" when you hang it up? Turns out we need to worry about our TV's.
Click to expand...

Time to put a network sniffer on the television and see what is up. Figure out what port and such it is using and block it.
 
The company I work for makes flight and engine control systems for both military and commercial aircraft.

Our marketing makes the claim "every second a plane takes off with one of our flight critical systems on board."

Again, there are interlocks that prevent writing to the systems, include some physical switch settings. The write function will not work unless the interlocks are happy....
I can't speak for other companies, but I know our customers have always had a concern about the possibility of writes occurring to the software while in flight.

And the autopilot function can always be overridden so the pilot can always control the aircraft
 
Last edited:
les said:
The company I work for makes flight and engine control systems for both military and commercial aircraft.

Our marketing makes the claim "every second a plane takes off with one of our flight critical systems on board."

Again, there are interlocks that prevent writing to the systems, include some physical switch settings. The write function will not work unless the interlocks are happy....
I can't speak for other companies, but I know our customers have always had a concern about the possibility of writes occurring to the software while in flight.

And the autopilot function can always be overridden so the pilot can always control the aircraft
Click to expand...
Ever watch this absolutely outstanding series on the Smithsonian Channel?:

AIR DISASTERS

https://www.smithsonianchannel.com/shows/air-disasters/802

It's amazing to me and very scary how confusion in the cockpit due to nonsensical disagreements in cockpit indicators and instrument readings can lead to disasters.

I really hope this guy who claims to have done what he did is full of it and only trying to draw attention to the potential weaknesses I quoted from that April 2015 GOA ATC cyber-security study. The only persons who are complacent about cyber-security are those who simply don't know what's out there. Our computer-controlled world is, very unfortunately, insanely vulnerable.
 
You are sitting in a plane and the guy next to you busts open an electronic box and hooks it to his lap top.
I think I might ring for the flight attendants.

M
 
Thank you for that Forbes link. It squares up with how I know we do things at Boeing, and how I expect our "friends" in Toulouse over at Brand A do it as well. And we are very aware of these concerns as we do bring more "connectivity" to our products.

To even suggest that an IFE system could talk to an EICAS - on airplanes that have one - tells me the so-called security researcher needs to do more research before he opens his mouth (or "tweets") again. And then we have all this piling on and repeating.
 

Similar threads

Winston
Self driving vehicles and infrastructure vulnerability
2 3
Replies
75
Views
6K
Winston
Winston
Winston
Radar/laser detectors and origin of the first popular one
Replies
1
Views
1K
Winston
Winston
Winston
China hack stole 614 GB of highly sensitive data on submarine warfare
Replies
5
Views
1K
Frederocket
Frederocket
CzTeacherMan
Descriptive Essay...
Replies
11
Views
2K
Bat-mite
Bat-mite
bobbyb
Hangar 11 opens up a new location
Replies
1
Views
561
Thompsonje
Thompsonje

Latest posts

Back
Top