PPRuNe Forums - View Single Post - Hacker turns a/c
Thread: Hacker turns a/c
View Single Post
Old 18th May 2015, 19:04
  #70 (permalink)  
deptrai
 
Join Date: Nov 2009
Location: flying by night
Posts: 500
Likes: 0
Received 0 Likes on 0 Posts
If this guy Roberts is telling the truth
if I look at his tweet that started all this hysteria: "Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? "

https://twitter.com/sidragon1/status/588433855184375808

he's throwing around words like "Box-IFE-ICE-SATCOM". So let me speculate a bit here...If he uses a packet sniffer on the ethernet, TCP/IP IFE network he can see that word, probably the IFE server host name. "PASS OXYGEN ON": when oxygen masks deploy, then there will be a message to the IFE to trigger a shutdown of the IFE. It does not mean he can deploy oxygen masks, as some media misunderstood. No signs that he could "hack" anything, except that he is able to use an ethernet packet analyzer (edit: obviously he could be able to turn off the IFE if he spoofed that message). There is nothing dramatic here, what I see is someone who is more like a 12 year old kid who plays with computer networking for the first time and thinks he is a "hacker" now because he downloaded some analysis tools, and then goes on to create a big drama about his abilities, and loves the attention. The "PASS OXYGEN ON" is something he would not have seen in flight, so I also believe he just regurgitates innocent things he "simulated" in his ground based lab with parts scavenged from ebay.

There are other such "hackers" who claimed they found vulnerabilities in real avionics (not only IFE), like a Flight Management System, and it turned out they had experimented with a PC based simulation of a Flight Management System (which is used as a training tool for Pilots). But believing that they can find vulnerabilities by using a PC based simulation which simulates some functions, is more than naive, the certified, proprietary, embedded system, running on a particular RTOS is coded very differently from a PC based learning tool...

and as you said Nialler, no professional would ever try to create publicity in this way United Airlines, which understandably banned him after he made a lot of people worried for no reason, even has a formal program to reward researchers who find bugs/vulnerabilities, if he was smart, he would have just submitted his findings there, if there was anything at all.

for those who believe this "hacker" is a threat to aircraft, here some more reading:

http://www.forbes.com/sites/thomasbr...ms-fallacious/

http://www.runwaygirlnetwork.com/201...in-fbi-report/
Last edited by deptrai; 18th May 2015 at 20:26.
deptrai is offline  
Reply