deptrai

swh - Arinc 629 is B777 (and A330/340)? and yes it's linked to a standard TCP/IP network (this is where the "hacker" is), but it's one way communication.

which is why all stories about "hacking" of aircraft so far have been fictitious. Each path on the gateway must be programmed.

My summary of a/c hacking stories so far is this: There is a wire from the headphone socket on seat 29C which is connected to [insert something here] which again is connected to a wire via [insert box here], and through various other devices, I have now, very ingeniously, traced physical wires/"connections" from the headphone socket to the FMS. They're physically connected, it must mean something can be hacked, because it's computers! Yet if I plug my [insert evil hacking tool here] into the headphone socket I have no control over the FMS, despite the "physical connection".

TheChitterneFlyer

Good post deptrai. Let's hope your post puts an end to the drivel that's being posted within this thread.

DaveReidUK

That would be entirely consistent with Roberts' statement that, despite his provocative Tweets, he had made no attempt to access the SEB on the flight in question.

Not sure what that does or doesn't prove.

Nialler

As a security consultant, part of my job involves ethical hacking and supervised penetration attacks on client sites. I've only ever done this in financial institutions; I've never tried to hack a plane, and, to be honest, my hardware and software experience aren't up to that task. I often need the assistance of a hacker of systems at the desktop layer in order to then penetrate the underlying systems.

A couple of observations:

Professional hacking is, of course, done in a very heavily supervised manner, with every step documented for subsequent analysis and mitigation.

Professional hackers never ever attempt to hack systems without invitation and without an appropriate contract in place.

Professional hackers never disclose their findings to anyone other than the client. Any findings are the sole property of the client. To successfully penetrate a system and to broadcast the fact would directly compromise the client's security - and our job is in the opposite direction.

There are a lot of idiots out there making wild claims in an effort to gain some notoriety. There are also dedicated professionals who quietly and without fanfare are paid to expose vulnerabilities in order that these can be eliminated.

I doubt that he has hacked a plane's systems. I wouldn't be certain that it can't be done, though.

Dagegen

Hacking an aircraft may be possible by a disgruntled LRU manufacturer employee, or a government.

The 'hacker' will have been able to read items such as the ARINC data provided for moving map / flight info features from a secondary bus. It's not that hard to read - a little bit harder than 'hacking' someone's Facebook page (when they leave it open...).

As mentioned, currently, IFE systems are fed by secondary busses, connected on a 'read only' basis.

If you have any understanding of typical aircraft architecture, you will understand why claims to have "taken control" of an aircraft are extremely improbable.

Additionally, if you understand the ARINC standards (there will be very, very few people on this board that have the knowledge I'm alluding to - it's detailed system design level depth of knowledge), and the aircraft systems logic, you'll find the claims even more improbable.

There are not many aircraft types with integrated networks. These have special conditions relating to security attached to them.

Capot

So-called "experts" may scoff, but i know what I know, and one of the things i know is that using my iPad I can turn the chemtrail dispenser on whenever the aircraft I'm in is over France. It annoys the hell out of them.

Hullo, here we are in JB....there's a surprise.

Chu Chu

I guess this is obvious, but hacking into the IFE would violate the criminal statute, whether it's connected to anything else or not.

DaveReidUK

Not only obvious, but already stated.

See the post with the link to the FBI search warrant application, which quotes the relevant statutes.

deptrai

I was waiting for the chemtrail connection, Capot

Nialler

In all of this there also needs to be clarification on what constitutes a hack.

I am subscribed to a lot of sources on hacking as part of my job, and it really is telling how many people show a failed logon attempt to a banking system as evidence of a "hack". No. What is happening there is that the system is protecting itself as designed.

I was once booked to speak on mainframe security at a conference and decided to research the other speakers. Two of them had speeches on the subject of mainframe vulnerabilities on YouTube. Their perception was laughable. On reflection, I decided not to speak. To do so would have involved rebutting their naive assumptions and thereby drive them into efforts which were potentially more fruitful than the culs de sac they were describing.

Hacking an aircraft would probably suggest one the following aims:

Claiming complete control of the aircraft systems;
Inputting false data to those systems;
Completely disabling those systems.

A more benign aim would be merely to eavesdrop on what was happening on the systems.

I would imagine that the software engineers have incorporated penetration testing in the development cycle and continue to do so as they enhance their systems.

In the meantime, those systems have a very effective backstop in that the systems are very real-time and any anomalies should be noticed and over-ridden by the people at the front end of the machine.

Regarding the guy mentioned in this thread, if he had any ethics as a hacker he has a very simple avenue open to him if he found a vulnerability and if he warned the airlines and if his warnings were ignored.

His option is to demonstrate it to officials from any flight regulatory authority that will listen to him. It doesn't need to be his own domestic authority. Record the outcome and use registered post to keep the whole thing a matter of record. Give them 6 months to have the issue addressed, with a subsequent paid PenTest to verify that the opening is now closed with immediate revelation to the Press if the systems are still proven to be vulnerable.

In the meantime utter confidentiality is maintained out of a healthy respect for self-survival. Hell, if I found that I could hack aircraft systems the last thing I'd do is go public. I wouldn't fancy being forced to spill the details while looking down the barrel of a terrorist's Uzi, or, worse, being forced to prove my technique on a real flight while my family cower and whimper under the cover of same Uzi.

tl;dr version: I'd guess that the systems have possible weaknesses but I'm sure that stringent penetration testing is ongoing. Aircrafts have pilots who should be able to override any system anomalies. Any hacker who would advertise a claimed hack of these systems is an idiot who is putting his life and that of others at risk.

vapilot2004

Our guys in engineering say this is highly unlikely - Flight Certified is a phrase with at least a little meaning and proof of concept behind it. What's more, Mr. Roberts fails to follow ethical hacking guidelines as a "white hat" gent. Seems to many that in matters commercial aviation computer security, he is a publicity seeking hound and nothing more.

Nialler

That is one of the legal issues which is foremost when people pay me to hack their systems. For the purposes of the exercise my access to their systems is considered to be authorised by them, but there are obvious and severe curtailments on what I can do when I break through. Once I get in, the design of the system architecture will normally reveal just what I can or can not do without my having to actually transfer funds from the client to my numbered Swiss account.

On occasion once a penetration has been made and I've reported it I'll then be given a legitimate logon to a test system where I can really do some destructive stuff in a quarantined environment.

I'm not sure how layered or embedded aircraft systems are, but in the world of commercial systems the application layer is often riddled with holes. I'd imagine that on an aircraft the systems are very embedded.

Sorry about going on about this at such length, but these celebrity hackers tick me off no end. Those that go public in an effort to show how clever they are are no better than those thugs who mark the backs of people at ATMs in order to allow confederates to mug them down the street.

An illustration suffices: an unnamed client had an exposure which I discovered in an application which allowed userids with a certain level of access (the IDs were defined within the application and were easy to identify and clone) to move massive amounts of money to be transferred. I'm speaking massive amounts. A couple of userids could be created for the purpose of moving the money and then deleted. There was no audit trail showing who had created and deleted the IDs. The only control was that an ID had initiated the transaction and another had authorised it. The police would have issued an APB for a Mr Mickey Mouse and his partner-in-crime Ms Minnie Mouse.

When I demonstrated this in their test environment there were pale faces around the room. A couple of hours later I was presented with a very binding NDA and told that I was to be escorted off the premises until such time as the problem was remediated. Until then I would be on my full daily rate, forfeited if I made any attempt to log on again and with the most severe financial penalties if they suspected that I had leaked the information. I was perfectly happy with this arrangement and have worked for them many times since.

Chuffer Chadley

Anyone else see this titbit?

FBI: Security researcher claimed to hack, control plane in flight

Seems a little far-fetched. Never seen an Ethernet port on the IFE kit on my type, maybe some latest-gen experts would care to comment?

SAMPUBLIUS

AND the Warrant at

http://aptn.ca/news/wp-content/uploa...lectronics.pdf

Case 5:15-mj-00154-ATB Document 1 Filed 04/17/15 Page 1 of 22

and also

Hacker told F.B.I. he made plane fly sideways after cracking entertainment system | APTN National NewsAPTN National News

and 1) he did hack the IFE in flight

2) That is a big NO NO

3) He claims no hack to change controls in flight but on a virtual simulator

4) His company got clobbered as a result

5) Even the GAO issued a warning

IMHO anyone who tells you their system cannot be hacked is living in a fools paradise. The question is how much damage/control can be done.

IMHO Absolute physical separation ( air gap ) AND EMP protection of critical systems is a must.

And for the non believers- even a fiber optics system/cable can be tapped/hacked. This was known over 20 years ago. AS was reading the output/screens of CRT display remotely via cheap electronic receivers. While CRTs have essentially disappeared and current screens **may** not be read remotely with no physical- video link- anyone care to bet ??

swh

Yes it is 777/A330/A340. It is not Ethernet, it is not simplex, it is time division multiplex (multiple source, multiple sink), with a limit of 128 devices per bus. Inductive coupling is also used by design.

He is talking about connecting his PC to the IFE network by cable.

The boxes under the seats are essentially disk-less single board computers running windows or linux connected to a windows/linux server. They boot off the server with bootp or similar. The kernel versions I have seen boot are very old.

Lots of these under seat boxes are available, even complete IFE racks. Many of these early generation IFE systems and seats have already been scrapped by airlines, and anyone can buy a seat, IFE rack, or even a full fuselage from a scrapper for the right price.

DaveReidUK

The going rate for a used 747 SEB (Rockwell Collins) on Ebay is around US$35.

Nialler

He hacked the plane in flight? Are you sure? What was the extent of that "hack"? What capabilities did it give him?

Let me be very explicit about this: I am deeply involved as a professional IT consultant in the area of system security. If I penetrate a system my job is to push my chair back from by desk and not to touch the keyboard under any circumstances. I will reach for the phone and tell my client that I am in and will tell them under which ID I have gained access. They in turn will kill my access.

If I were to gain access - whether through deliberate or accidental means - to a plane's system (and I'm speaking of someone who is paid to hack on occasion) I would immediately recoil in horror and hand my unpowered laptop to the cabin crew with a full account passed to the captain.

It's that simple.

There would be no guarantee that an inadvertent keystroke might confound the systems.

I also would not need to be told that the carrier is no longer prepared to have me as a passenger; I would simply not wish to fly with that airline or on that type ever again.

I'm a reasonably proficient hacker, but there are some better than I am out there, and they tend to be of the bragadaccio mindset which says "Now that I'm in the system, let's see what I can do. The guys will be really p1ssed when they see this at the next convention *alt-PrntScr*.

No system is perfect; that's why I have made a reasonably lucrative career analysing these imperfections. However, It is my job to reveal these issues to the client and their auditors and not to a hacking community who are all too happy to exploit these imperfections.

There's another issue. I'd like to know how a pilot would react if a passenger on his flight reported that he or she had got into the flight systems. Voluntary admission accompanied by a willingness to remain under restraints and separated from the device used to get in to the systems. Would the captain deem this to be a compromise to the plane's safety and land at the nearest?

It's a genuine question; I have no idea what the protocols would be. Other applications such as banking are less immediate and have the luxury of mitigating the threat while taking steps to eliminate it. At 35k feet the same luxury isn't available. Would vulnerability to the flight control systems be considered in the same way as a hull breach or an engine loss?

thcrozier

From 2013:

https://www.federalregister.gov/arti...nic-system#h-9

SAMPUBLIUS

PUUUHHLESE read the FBI warrant request posted several times

http://aptn.ca/news/wp-content/uploa...lectronics.pdf

granted these are allegations- but he ( hacker ) was specific about the In flight entertainment systems ( IFE). The ongoing argument is that such could not impact flight/cockpit controls. Even so hacking the IFE is a federal crime.

One could ask - then why- since he admitted it - isn't he in Jail now ?

deptrai

his conversations with the FBI lasted for hours, and he later claimed the statements in the warrant were taken out of context. Years ago he built a small "lab" with some IFE parts bought off ebay etc which he then "hacked". As far as I understand the "hacking" of his lab setup (not an aircraft) was limited to some eavesdropping. My guess is his recent references to IFE hacking referred to his lab setup on the ground, and he didnt touch anything on the flight in question. The FBI warrant is probably useless to understand what happened, it was written only to provide a reason for searching his electronics, not for anything else. For some reason he made a stupid "joke" on twitter about his hacking, the equivalent of the equally stupid "I have a bomb". This alone suggests to me he is a nutcase. That's all there is to see here.