In-Flight Airplane hacked - from the ground
Join Date: Apr 2008
Location: Up high
Posts: 555
Likes: 0
Received 0 Likes
on
0 Posts
Even if you download an acars flightplan, you still check it and both verify it before you activate it
The Iranian centrifuges where hacked even though they had no physically connection to the outside world. It was done by introducing the malware in a routine software update of one of the components. In the same way that the many computers in modern aircraft are routinely updated.
Putting that to the side both the database and the basic FMGC software is routinely updated, any one of those updates can introduce malicious code with expanded functionality.
In the same way that the many computers in modern aircraft are routinely updated.
Join Date: Dec 2001
Location: Leeds, UK
Posts: 281
Likes: 0
Received 0 Likes
on
0 Posts
there's still some suspicion that several of the many recent US Navy collisions in the Pacific were caused by hacks to the ships GPS/Navigation system by naughty State bodies...
G
G
Last edited by groundbum; 11th Jun 2018 at 18:50. Reason: typo
Join Date: May 2000
Location: Seattle
Posts: 3,195
Likes: 0
Received 0 Likes
on
0 Posts
I don't know where that "suspicion" comes from (other than unfounded rumor). If you read the preliminary reports, you'll find there is NO tie to any hacks, GPS or otherwise.
Join Date: Jun 2001
Location: Rockytop, Tennessee, USA
Posts: 5,898
Likes: 0
Received 1 Like
on
1 Post
http://s3.amazonaws.com/CHINFO/USS+F...on+Reports.pdf
Join Date: Jun 2001
Location: Rockytop, Tennessee, USA
Posts: 5,898
Likes: 0
Received 1 Like
on
1 Post
Excerpts from a recent article about airplane hacking in Business and Commercial Aviation:
Aircraft Avionics Hacking: Is It Possible? Connected Aerospace content from Aviation Week
...So now we introduce Chris Roberts, bad boy hacker, security researcher and one of the founders of One World Labs (now OWL Cybersecurity) in Denver. Brilliant and idiosyncratic, Roberts had been warning of cyber vulnerabilities on commercial aircraft for years, but few in the industry took him seriously. To make his point, in April 2015 aboard a United Airlines Boeing 737-800 en route from Chicago to Syracuse, New York, Roberts logged onto Twitter and sent a tweet from the cabin speculating whether he should hack into the IFE (inflight entertainment system) through the SEB (seat electronic box, one of which is generally mounted under the seats in each row on either side of the aisle of narrow-body jetliners) and then into the cockpit systems.
“Shall we start playing with EICAS messages?” he tweeted. “‘PASS OXYGEN ON’ Anyone?
” The smiley face was a nice touch, but the two FBI agents waiting for Roberts in the boarding lounge when the flight landed at Syracuse were not amused. (United cybersecurity personnel had seen the tweet and alerted the Bureau.) They took him into custody and confiscated his two laptop computers and several flash drives, which he admitted contained malware.
Under interrogation, Roberts said that despite his joking tweet, on the Chicago-Syracuse flight and a previous segment from Denver to Chicago, he had not hacked into either aircraft’s IFE. Nevertheless, in an inspection
of the SEB under the row where Roberts had been sitting on the Denver-Chicago segment, one of the FBI agents wrote in his affidavit request that the cover of the box appeared to have been tampered with. Roberts denied this, as well, claiming that the unit could have been damaged by previous passengers shoving carry-on baggage under the seats.
Come Fly (and Hack) With Me
This was not the first time that Roberts had been in the sights of the G-men. Earlier in 2015, other agents had visited him twice at One World Labs to discuss his research on aircraft hacking, which he and a colleague had been pursuing for years, even conducting simulated penetrations of avionics systems under laboratory conditions. In one of those meetings, Roberts admitted that he had hacked into aircraft systems on actual flights on multiple occasions, as well, just “to look around” but had not manipulated anything.
Then, amazingly, he went further, claiming that on one flight he had reached under the seat in front of him, jimmied the cover of an SEB, jacked in a modified Ethernet cable, and using his laptop, hacked into the IFE. From there, he again claimed, he had made his way to the higher-level aircraft control systems, where he had overwritten the code of the plane’s “thrust management computer.” That done, Roberts alleged, he had proceeded to increase the thrust of one of the plane’s engines, causing the aircraft to climb and “fly sideways,” presumably a yawing motion from asymmetric thrust. But the claimed IFE hacks and the alleged engine computer takeover remain unsubstantiated, which questions Roberts’ veracity.
Boeing and other airframe manufacturers are highly doubtful that Roberts could have pulled off these stunts, pointing out that IFEs are isolated from flight-critical control systems. (More on that later.) Consider, too, the constricting seat pitch on contemporary narrowbody jetliners, even in first class, and how difficult it would be to lean forward, find by hand the IFE box under the forward seat row, remove the screws securing the box lid, locate the proper port, etc. without being noticed by other passengers or a flight attendant.
Regardless, a demonstrated provocateur, his claims swing between irresponsibility and a cry for attention, both modes characteristic of that breed of hackers who are compelled to commit cyber mischief — sometimes dangerously — just to test their abilities and garner notoriety. On the other hand, Roberts and his research colleagues have pointed out the potential vulnerability of aviation cyber systems — not just on aircraft but the ground-based infrastructure, as well.
Meanwhile, the FBI is apparently building a case against Roberts based on his stated ability that he could hack into critical systems on board sophisticated aircraft and had developed the software to do it — plus the wiring diagrams of several contemporary airliners found on one of his laptops. One thing is for sure: When news of his salacious inflight tweet reached board members of One World Labs who had investments in the company, they withdrew their financial support causing its collapse, and Roberts subsequently abandoned the enterprise he helped found. In December 2015, former executives of the firm formed a holding company and purchased One World’s assets, subsequently repackaging the venture as a “dark net threat intelligence platform” under the name Owl Cybersecurity.
‘Crazy Different’ and Speaking ‘Off Script’ (Maybe)
Perhaps Robert Hickey also wanted to alert the aviation and security industries that commercial aircraft were vulnerable to hacking when he revealed in a keynote address during the CyberSat Summit in November 2017 at Tysons Corner, Virginia, that a team of experts had remotely hacked into a Boeing 757 sitting on the ground at Atlantic City. Moreover, the attempt had occurred under the auspices of none other than the Department of Homeland Security (DHS).
At the time, Hickey, a retired airline pilot who holds a doctorate in information technology, was aviation program manager in the Cyber Security Division of the DHS Science and Technology Directorate. He had been “detailed” there from the Office of the Director of National Intelligence.
The exercise was carried out in September 2016, Hickey said, as a “remote, non-cooperative, penetration” (i.e., not under laboratory conditions) with no one physically touching the aircraft. His team “stood off” from the legacy Boeing that the DHS had acquired, he claimed, and “using typical stuff that could get through security” was able to establish “a presence on the systems of the aircraft.”
While the details of the hacking test and the research that the S&T Directorate is conducting are classified, Hickey did say that the penetration was accomplished using “radio frequency communications,” adding that based on the RF configuration of most aircraft, “you can come to grips pretty quickly where we went” (again, presumably, into the cabin services equipment) [I thought it was probably a bogus clearance or flight plan uploaded through a non-secure protocol like ACARS or CPDLC - Airbubba].
Up to this point, the S&T Directorate’s research had primarily been focused on ground-based transportation infrastructure, e.g., air traffic control, but Hickey maintains that there’s another type of critical infrastructure, “and that’s critical infrastructure that’s in motion,” of which aviation represents one-third, the other two-thirds being surface (highway, railroad) and marine. But aviation exists in an environment of its own — far removed from the terrestrial one. Hence the need for the focused research apparently under way at the DHS.
While Hickey’s revelation made the rounds among the intelligence and security community (i.e., it was all over the web), nothing has been heard about the Boeing 757 test since his address at CyberSat. Furthermore, Hickey is no longer working in the S&T Directorate. One aviation industry observer BCA consulted speculated that “Hickey was off-script” when he spoke at the conference. BCA located Hickey at a Washington, D.C., consultancy and attempted to connect with him but had been unsuccessful at press time.
After contacting the DHS, however, we did receive the following statement from spokesman John Verrico in the S&T Directorate: “The Department of Homeland Security established and led a multi-agency team to assess the feasibility of a cyber-intrusion of a commercial aircraft. The Aircraft Cyber Initiative (ACI) project’s objective is to determine whether a cyberattack of commercial aircraft systems is possible and to offer mitigation recommendations for identified cyber vulnerabilities. Our focus was on older legacy aircraft where cybersecurity protections may not have been incorporated in their design.”
“Shall we start playing with EICAS messages?” he tweeted. “‘PASS OXYGEN ON’ Anyone?
” The smiley face was a nice touch, but the two FBI agents waiting for Roberts in the boarding lounge when the flight landed at Syracuse were not amused. (United cybersecurity personnel had seen the tweet and alerted the Bureau.) They took him into custody and confiscated his two laptop computers and several flash drives, which he admitted contained malware.Under interrogation, Roberts said that despite his joking tweet, on the Chicago-Syracuse flight and a previous segment from Denver to Chicago, he had not hacked into either aircraft’s IFE. Nevertheless, in an inspection
of the SEB under the row where Roberts had been sitting on the Denver-Chicago segment, one of the FBI agents wrote in his affidavit request that the cover of the box appeared to have been tampered with. Roberts denied this, as well, claiming that the unit could have been damaged by previous passengers shoving carry-on baggage under the seats.
Come Fly (and Hack) With Me
This was not the first time that Roberts had been in the sights of the G-men. Earlier in 2015, other agents had visited him twice at One World Labs to discuss his research on aircraft hacking, which he and a colleague had been pursuing for years, even conducting simulated penetrations of avionics systems under laboratory conditions. In one of those meetings, Roberts admitted that he had hacked into aircraft systems on actual flights on multiple occasions, as well, just “to look around” but had not manipulated anything.
Then, amazingly, he went further, claiming that on one flight he had reached under the seat in front of him, jimmied the cover of an SEB, jacked in a modified Ethernet cable, and using his laptop, hacked into the IFE. From there, he again claimed, he had made his way to the higher-level aircraft control systems, where he had overwritten the code of the plane’s “thrust management computer.” That done, Roberts alleged, he had proceeded to increase the thrust of one of the plane’s engines, causing the aircraft to climb and “fly sideways,” presumably a yawing motion from asymmetric thrust. But the claimed IFE hacks and the alleged engine computer takeover remain unsubstantiated, which questions Roberts’ veracity.
Boeing and other airframe manufacturers are highly doubtful that Roberts could have pulled off these stunts, pointing out that IFEs are isolated from flight-critical control systems. (More on that later.) Consider, too, the constricting seat pitch on contemporary narrowbody jetliners, even in first class, and how difficult it would be to lean forward, find by hand the IFE box under the forward seat row, remove the screws securing the box lid, locate the proper port, etc. without being noticed by other passengers or a flight attendant.
Regardless, a demonstrated provocateur, his claims swing between irresponsibility and a cry for attention, both modes characteristic of that breed of hackers who are compelled to commit cyber mischief — sometimes dangerously — just to test their abilities and garner notoriety. On the other hand, Roberts and his research colleagues have pointed out the potential vulnerability of aviation cyber systems — not just on aircraft but the ground-based infrastructure, as well.
Meanwhile, the FBI is apparently building a case against Roberts based on his stated ability that he could hack into critical systems on board sophisticated aircraft and had developed the software to do it — plus the wiring diagrams of several contemporary airliners found on one of his laptops. One thing is for sure: When news of his salacious inflight tweet reached board members of One World Labs who had investments in the company, they withdrew their financial support causing its collapse, and Roberts subsequently abandoned the enterprise he helped found. In December 2015, former executives of the firm formed a holding company and purchased One World’s assets, subsequently repackaging the venture as a “dark net threat intelligence platform” under the name Owl Cybersecurity.
‘Crazy Different’ and Speaking ‘Off Script’ (Maybe)
Perhaps Robert Hickey also wanted to alert the aviation and security industries that commercial aircraft were vulnerable to hacking when he revealed in a keynote address during the CyberSat Summit in November 2017 at Tysons Corner, Virginia, that a team of experts had remotely hacked into a Boeing 757 sitting on the ground at Atlantic City. Moreover, the attempt had occurred under the auspices of none other than the Department of Homeland Security (DHS).
At the time, Hickey, a retired airline pilot who holds a doctorate in information technology, was aviation program manager in the Cyber Security Division of the DHS Science and Technology Directorate. He had been “detailed” there from the Office of the Director of National Intelligence.
The exercise was carried out in September 2016, Hickey said, as a “remote, non-cooperative, penetration” (i.e., not under laboratory conditions) with no one physically touching the aircraft. His team “stood off” from the legacy Boeing that the DHS had acquired, he claimed, and “using typical stuff that could get through security” was able to establish “a presence on the systems of the aircraft.”
While the details of the hacking test and the research that the S&T Directorate is conducting are classified, Hickey did say that the penetration was accomplished using “radio frequency communications,” adding that based on the RF configuration of most aircraft, “you can come to grips pretty quickly where we went” (again, presumably, into the cabin services equipment) [I thought it was probably a bogus clearance or flight plan uploaded through a non-secure protocol like ACARS or CPDLC - Airbubba].
Up to this point, the S&T Directorate’s research had primarily been focused on ground-based transportation infrastructure, e.g., air traffic control, but Hickey maintains that there’s another type of critical infrastructure, “and that’s critical infrastructure that’s in motion,” of which aviation represents one-third, the other two-thirds being surface (highway, railroad) and marine. But aviation exists in an environment of its own — far removed from the terrestrial one. Hence the need for the focused research apparently under way at the DHS.
While Hickey’s revelation made the rounds among the intelligence and security community (i.e., it was all over the web), nothing has been heard about the Boeing 757 test since his address at CyberSat. Furthermore, Hickey is no longer working in the S&T Directorate. One aviation industry observer BCA consulted speculated that “Hickey was off-script” when he spoke at the conference. BCA located Hickey at a Washington, D.C., consultancy and attempted to connect with him but had been unsuccessful at press time.
After contacting the DHS, however, we did receive the following statement from spokesman John Verrico in the S&T Directorate: “The Department of Homeland Security established and led a multi-agency team to assess the feasibility of a cyber-intrusion of a commercial aircraft. The Aircraft Cyber Initiative (ACI) project’s objective is to determine whether a cyberattack of commercial aircraft systems is possible and to offer mitigation recommendations for identified cyber vulnerabilities. Our focus was on older legacy aircraft where cybersecurity protections may not have been incorporated in their design.”
“Shall we start playing with EICAS messages?” he tweeted. “‘PASS OXYGEN ON’ Anyone? ” The smiley face was a nice touch, but the two FBI agents waiting for Roberts in the boarding lounge when the flight landed at Syracuse were not amused. (United cybersecurity personnel had seen the tweet and alerted the Bureau.) They took him into custody and confiscated his two laptop computers and several flash drives, which he admitted contained malware.
” The smiley face was a nice touch, but the two FBI agents waiting for Roberts in the boarding lounge when the flight landed at Syracuse were not amused. (United cybersecurity personnel had seen the tweet and alerted the Bureau.) They took him into custody and confiscated his two laptop computers and several flash drives, which he admitted contained malware.
are they hacking a mechanical system - as are the engines on Rolls - and the PW2000 throttle position is hardwired between the flight deck and the FADEC with no other electrical connections - there is no entryway to hack. 757 flight and engine controls are not just hack resistant, they are hack proof.Now, perhaps some clever person could affect FMC instructions or nav aids, but no one is going to take control of a 737 or 757 in a manner that can't be immediately remedied by the flight crew.
I'd be a bit more worried if they were talking a FBW aircraft...
Join Date: May 2000
Location: Seattle
Posts: 3,195
Likes: 0
Received 0 Likes
on
0 Posts
I might take some of these claims of hacking aircraft more seriously if they weren't so laughably false. 737 doesn't even have EICAS... 757 flight controls are cable actuated - how the are they hacking a mechanical system - as are the engines on Rolls - and the PW2000 throttle position is hardwired between the flight deck and the FADEC with no other electrical connections - there is no entryway to hack. 757 flight and engine controls are not just hack resistant, they are hack proof.
Now, perhaps some clever person could affect FMC instructions or nav aids, but no one is going to take control of a 737 or 757 in a manner that can't be immediately remedied by the flight crew.
I'd be a bit more worried if they were talking a FBW aircraft...
are they hacking a mechanical system - as are the engines on Rolls - and the PW2000 throttle position is hardwired between the flight deck and the FADEC with no other electrical connections - there is no entryway to hack. 757 flight and engine controls are not just hack resistant, they are hack proof.Now, perhaps some clever person could affect FMC instructions or nav aids, but no one is going to take control of a 737 or 757 in a manner that can't be immediately remedied by the flight crew.
I'd be a bit more worried if they were talking a FBW aircraft...
Join Date: Jun 2001
Location: Rockytop, Tennessee, USA
Posts: 5,898
Likes: 0
Received 1 Like
on
1 Post
Those are fun. I got into trouble for playing with the Space Station s**t what was it seven, eight, nine years ... how many years ago was that? Crap. Eight, nine years ago we messed around with the Space Station. We adjusted the temperature on it. It was quite fun. We got yelled at by NASA. If they're going to leave open s**t that's not encrypted that's their own damn silly fault.
...We tried. The Curiosity Rover on Mars. The suggestion was to take that for a spin. We've actually started to investigate it.
The closest we've done is figure out exactly how they're communicating, how they're controlling it, and we might have one or two of the passwords for some of the software that we know are still in default mode. But the problem is actually getting into it without breaking more laws than we're used to breaking. No, I think NASA would probably really get pissed at me for that one.
...We tried. The Curiosity Rover on Mars. The suggestion was to take that for a spin. We've actually started to investigate it.
The closest we've done is figure out exactly how they're communicating, how they're controlling it, and we might have one or two of the passwords for some of the software that we know are still in default mode. But the problem is actually getting into it without breaking more laws than we're used to breaking. No, I think NASA would probably really get pissed at me for that one.
You're overlooking the fact that a good portion of flight time is under control of the autopilot and autothrottles, which are under the control of the FMS. IF someone could hack into the FMS or convince the pilots to execute a hacked ACARS or CPDLC clearance, he COULD effectively control the flight controls and throttles... HOWEVER, hacking into the FMS doesn't appear to be possible in the scenarios covered here...
Now, if someone shows they can take control of a FBW aircraft (highly unlikely given what I know about critical system isolation on Boeing aircraft), then I'll sit up and pay attention. What's been claimed so far doesn't pass the sniff test...
Join Date: Jun 2001
Location: Rockytop, Tennessee, USA
Posts: 5,898
Likes: 0
Received 1 Like
on
1 Post
From this evening's CBS Evening News:
WASHINGTON -- Cybersecurity experts working for the Department of Homeland Security (DHS) issued a sobering warning about the vulnerability of commercial airliners to hackers. The same group of experts hacked a Boeing 757, and now CBS News is learning more about the government's ongoing efforts to learn about the vulnerabilities.
In a presentation in January, researchers from the Pacific Northwest National Laboratory warned it is "a matter of time before a cybersecurity breach on an airline occurs," according to 119 pages of heavily redacted documents provided by DHS to CBS News. That assessment came after a DHS decision to launch "nose to tail" tests of a Boeing 757 for hacking weak spots.
The documents, which were first reported by the website Motherboard, show DHS planned to begin developing mitigation efforts to protect against cyberattacks in 2017.
Those tests came after a DHS team led by Dr. Robert Hickey took just two days to hack remotely into the plane while it was parked at a Federal Aviation Administration (FAA) facility at the Atlantic City Airport in September of 2016.
The DHS team gained access through the plane's radio frequency communications using "typical stuff" that could be brought through airport security. In response, DHS officials scheduled further hacking attempts on the plane, including efforts to access flight management, life support, autopilot, the plane's electrical and fuel systems as well as its engines.
"I think we've come to realize that cyberthreat is everywhere," said Ron Hosko, former assistant director of the FBI. "My fear is that our nation acts most directly when they're on the backside of a crisis. The crisis has occurred we lose a lot of lives and now we're prepared to put money into infrastructure."
By Kris Van Cleave CBS News June 12, 2018, 6:45 PM
DHS experts warn it's a "matter of time" before hackers hit commercial airliners
WASHINGTON -- Cybersecurity experts working for the Department of Homeland Security (DHS) issued a sobering warning about the vulnerability of commercial airliners to hackers. The same group of experts hacked a Boeing 757, and now CBS News is learning more about the government's ongoing efforts to learn about the vulnerabilities.
In a presentation in January, researchers from the Pacific Northwest National Laboratory warned it is "a matter of time before a cybersecurity breach on an airline occurs," according to 119 pages of heavily redacted documents provided by DHS to CBS News. That assessment came after a DHS decision to launch "nose to tail" tests of a Boeing 757 for hacking weak spots.
The documents, which were first reported by the website Motherboard, show DHS planned to begin developing mitigation efforts to protect against cyberattacks in 2017.
Those tests came after a DHS team led by Dr. Robert Hickey took just two days to hack remotely into the plane while it was parked at a Federal Aviation Administration (FAA) facility at the Atlantic City Airport in September of 2016.
The DHS team gained access through the plane's radio frequency communications using "typical stuff" that could be brought through airport security. In response, DHS officials scheduled further hacking attempts on the plane, including efforts to access flight management, life support, autopilot, the plane's electrical and fuel systems as well as its engines.
"I think we've come to realize that cyberthreat is everywhere," said Ron Hosko, former assistant director of the FBI. "My fear is that our nation acts most directly when they're on the backside of a crisis. The crisis has occurred we lose a lot of lives and now we're prepared to put money into infrastructure."
Join Date: Dec 2006
Location: Florida and wherever my laptop is
Posts: 1,350
Likes: 0
Received 0 Likes
on
0 Posts
The article linked in the OP's post makes it clear, for anyone who cares to read it, how the situation today differs from that four years ago when the story originally broke. What was then only a theoretical scenario can now, we're told, be demonstrated to be feasible.
Given that the article refers to a conference presentation that isn't due to be delivered until August, it's a little premature to dismiss it as yesterday's news/nonsense/clickbait. Let's hear what he has to say before passing judgement.
Black Hat USA 2018
Given that the article refers to a conference presentation that isn't due to be delivered until August, it's a little premature to dismiss it as yesterday's news/nonsense/clickbait. Let's hear what he has to say before passing judgement.
Black Hat USA 2018
Join Date: Feb 2012
Location: USA
Posts: 241
Likes: 0
Received 0 Likes
on
0 Posts
In a modern transport aircraft, one cannot really turn the automatics off -- even "flying manually" relies on a lot of computing. The engines simply cannot run without the FADEC and a whole lot of other computer stuff. As for the pilot's eyes and ears, yes, there may be a couple of steam gauges on the panel, but most of the information displayed to the pilots is processed by a large number of computers before appearing on the displays. As for heading off somewhere you don't want to go, it's entirely feasible for an attacker to have your instruments telling you that you are on course to your selected destination when in fact something entirely different is actually happening.