On Tuesday, researchers published findings that, for the first time, break TTE's [Time-Triggered Ethernet] isolation guarantees. The result is PCspooF, an attack that allows a single non-critical device connected to a single plane to disrupt synchronization and communication between TTE devices on all planes. The attack works by exploiting a vulnerability in the TTE protocol. The work was completed by researchers at the University of Michigan, the University of Pennsylvania, and NASA's Johnson Space Center.
"Our evaluation shows that successful attacks are possible in seconds and that each successful attack can cause TTE devices to lose synchronization for up to a second and drop tens of TT messages—both of which can result in the failure of critical systems like aircraft or automobiles," the researchers wrote. "We also show that, in a simulated spaceflight mission, PCspooF causes uncontrolled maneuvers that threaten safety and mission success."
PCspooF can be built onto as little as a 2.5 cm×2.5 cm area of a single-layer printed circuit board and requires minimal power and network bandwidth, which allows a malicious device to blend in with all the other best-effort devices connected to the network. The researchers privately reported their findings to NASA and other big stakeholders in TTE. In an email, a NASA representative wrote, "NASA teams are aware of the findings from research on TTE and have taken proactive measures to ensure potential risks to spacecraft are appropriately mitigated."
The article goes into detail on what TTE is and how it's used in spacecraft.