from the so-now-that-it-is-authorised-by-the-FAA-it-will-be-banned-by-the-TSA dept.
Cyber security researcher Ruben Santamarta claims to have figured out how to hack the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems, to be presented on Thursday at a Black Hat conference.
From the Fine Article:
In theory, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft's navigation and safety systems, Santamarta said.
He acknowledged that his hacks have only been tested in controlled environments, such as IOActive's Madrid laboratory, and they might be difficult to replicate in the real world. Santamarta said he decided to go public to encourage manufacturers to fix what he saw as risky security flaws.
Representatives for Cobham, Harris, Hughes and Iridium said they had reviewed Santamarta's research and confirmed some of his findings, but downplayed the risks.
The actual danger of such vulnerabilities seems unclear until Santamarta releases technical details at the conference (how it compares to, say, someone bringing a bomb in a water bottle is left as an exercise for the reader).
Related Stories
A story we covered here on SN reported that researchers claimed to have found ways to hack aircraft in flight using nothing more than the on-board cabin WIFI to access flight telemetry systems. This claim has been pretty much shot down (oops, too soon?).
El Reg reports that two seasoned pilots, one of whom is a published hacking expert, have been puncturing some of the myths about aircraft hacking at Defcon 22.
Dr. Phil Polstra, professor of digital forensics at Bloomberg University (and a qualified commercial pilot and flight instructor) and "Captain Polly," professor of aviation at the University of Dubuque, explained that there are some very simple reasons why aircraft can't be digitally hijacked.
Firstly, no commercial airliner's avionics systems can be accessed from from either the entertainment system or in-flight Wi-Fi. Avionics systems are also never wireless, but always wired, and don't even use standard TCP/IP to communicate.
There are essentially 4 standards employed in aircraft data handling, all derived from ethernet, but dramatically different. ARINC 429 is used in older aircraft, while modern aircraft use an updated standard, ARINC 664. Airbus uses a modified 664 called AFDX, and the Boeing 777 uses a refinement of ARINC 429 dubbed 629.
None of these accept input from cabin wifi, although 629 can use standard ethernet for some one-way outbound connections. All the newer standards use full duplex hard-wired systems, as well as tokens, to prevent collisions.
(Score: 1, Insightful) by Anonymous Coward on Wednesday August 06 2014, @12:20AM
Boeing et al engineers would be absolutely stupid to have some physical link between these systems.
This just in, the US Navy announces when Ohio class subs are at port they now offer free wifi - you're only an 802.1q frame away from the scada controls for the core, but hey! It's safe enough, right! No no no. Nobody would engineer such drivel.
(Score: 2) by Rune of Doom on Wednesday August 06 2014, @12:54AM
When I used to play cyberpunk role-playing games back in the early-90s, we'd sit around the table and joke about how it was a silly game conceit to think that anyone would ever connect any vital, valuable, or otherwise-important systems to the publicly-accessible 'Net.
(Score: 2) by kaszz on Wednesday August 06 2014, @12:56AM
Einsteins was right. Don't underestimate human stupidity.
I suspect this researcher is right. Guess we have to aggressively cross-examine any airline operator.
(Score: 3, Interesting) by cafebabe on Wednesday August 06 2014, @06:34AM
AFDX [wikipedia.org] + Packet In Packet attack [blogspot.co.uk] + passenger WiFi + smartphone malware which can trigger at 20,000 feet [stackoverflow.com] + no response from airlines or manufacturers = I avoid airline travel.
1702845791×2
(Score: 3, Interesting) by frojack on Wednesday August 06 2014, @01:22AM
You have to wonder why a serious researcher couldn't convince an airline to let him try his exploits in an actual aircraft on the ground. You'd think they would want to know! You'd think they would be knocking on Airbus and Boeing doors demanding fixes.
I suppose its possible he's actually found something by just looking at aircraft systems schematics.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday August 06 2014, @06:20AM
The answer is the same as always: costs. I.e. sure they could allow a dude to poke around and sure they would require him to write a NDA so painful that he wouldn't get any sleep for a month after signing it. And we'll be none the wiser.
This is why all commercial software is total crap. Once you have a barely working alpha prototype, the marketing dept has already sold it for hundred customers...
You never hear of a bank having criminals siphoning the money off accounts, all you see unexplained increases in the service fees. These guys doubt if the universe is there when they blink.
https://en.wikipedia.org/wiki/Ostrich_effect [wikipedia.org]
(Score: 3, Insightful) by VLM on Wednesday August 06 2014, @12:50PM
More likely his "difficult to replicate in the real world." might require a substantial amount of mechanical access to the plane to literally rewire the plane. And I'm guessing he doesn't have a A+P cert and they're not willing to detail one or two A+P to follow him around and both disassemble parts of the plane to give him access and reassemble it later.
I wonder about certification, if you do something "dumb" to something aerospace rated then you can't use it anymore. If you insist on using a mil-cert turbine blade as a letter opener or fly swatter, or maybe clean a fish with it, you're not allowed to mount it in a plane engine anymore. If you let some idiot off the streets F with your engine computer randomly connecting and disconnecting non-engineering approved gear to it and doing non-standard things to it while its operating, for safeties sake you've got to rip that out and throw it away and replace it before the next flight. What if J. Random Goofball's wifi bridge ethernet port somehow applies 120 volts to the "sorta-ethernet" port of the engine controller impairing it and then it finally totally fails an hour into its next ocean crossing flight. Yeah that would kinda suck. Even worse, did he F up just the engine computer, or in the process of Fing around did he exceed some software limit jamming a fuel injector permanently open or closed in the engine itself, probably unintentionally, so you really need to replace the engines and engine computer. Its quite a mess.
Probably, if the FAA has a "test to destruction" program early in the model history, they could fully instrument the test to destruction model and then let hackers screw it up, because the test to destruction model will never leave the ground with paying civilian passengers. But its a little late now, and a little expensive as a PR stunt, and the planes in the boneyard right now aren't tech enough to be interesting or they're in the boneyard specifically to harvest aerospace rated parts that haven't been F-ed with so its still expensive.
A lot of it is attention whoring. I can do the same thing. Across the street (ish) they're building a bank. Did you know that a leet hacker like myself using standard COTS construction tools, the same tools that build a bank, can hack into a bank and steal all the cash? For a 'leet construction hacker like myself, I could repurpose an innocent tool like a concrete saw into opening the wall of a vault completely bypassing their firewall-door. Most morons off the street don't know construction tools at the level of a 'leet construction hacker like myself. I'd love to try my ideas about how to use cheap, widely available tools to break into a bank, but they're involved in a multi-national conspiracy between the major media and the banks to keep this secret quiet because if the truth came out no one would trust banks. So make sure to come to my talk where I spout off some wild theories about how one specific model of cutting torch might cut one specific kind of steel, or maybe not, even if most banks or no banks at all use that kind of steel, or the general concept that demolition equipment makes holes, and using a hole, you can rob a bank. All bow to my leetness!
A lot of aerospace grade stuff is delicate, but then again a lot is pretty tough because some poor 3rd world bastard at a 3rd world airline without the proper certs (although on paper I'm sure the proper bribes were paid to keep the paperwork up) and no manuals which he can't read in his language anyway is going to have to fix this sooner or later after a 18 hour day with no breaks. So if a non-A+P guy masquerading as a real certified A+P mechanic who can't even read the manuals and is half asleep can't accidentally bring down a plane, then its likely to require more than the "usual" A+P level of fooling around. Like physically desoldering and replacing components on PCB boards to bypass safety stuff, perhaps. Or soldering in the components on a PCB to enable the in circuit programmer to work and then reverse engineering the code and then rewriting critical parts and then uploading a modified firmware and then finally getting to take advantage of it. At least doing a lot of "WTF" like running an ethernet cable thru holes drilled in bulkheads or leaving it lie in the aisle all the way from the wifi base station and its ethernet switch to the avionics bay near the cockpit... Um yeah good luck installing that on a potty break.
I bet as a guy with embedded experience and machining experience and general engineering knowhow I could really F with a plane given maybe 50 to 1000 continuous hours of total access on the ground with an infinitely large toolbox of my choosing and an infinitely large collection of scaffolding of my choice and no interruption by anyone and no environmental issues (like I'm not crawling inside an engine with an o-scope and a protocol analyzer during a thunderstorm, etc). The "strand me on Gilligans Island with the target", threat model. That's not a serious threat because how in the world could that possibly happen? Its too ridiculous even for hollywood plots. Even an inside job with a guy who already knows exactly what to do is likely not feasible.
(Score: 2) by frojack on Thursday August 07 2014, @12:26AM
Ok, big wall of text there, not sure where its all going....
But if he has to re-wire the airplane in order to get from Passenger Cabin Wifi to flight controls or to read the compass then that alone would prove his theory bogus.
Case Closed.
No, you are mistaken. I've always had this sig.