Announcement

Collapse
No announcement yet.

FBI: researcher admitted to hacking plane in-flight, causing it to “climb”

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • FBI: researcher admitted to hacking plane in-flight, causing it to “climb”

    A SECURITY RESEARCHER kicked off a United Airlines flight last month after tweeting about security vulnerabilities in its system had previously taken control of an airplane and caused it to briefly fly sideways, according to an application for a search warrant filed by an FBI agent.

    Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states.

    “He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application (.pdf). “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.”
    http://www.wired.com/2015/05/feds-sa...ndeered-plane/
    AirDisaster.com Forum Member 2004-2008

    Originally posted by orangehuggy
    the most dangerous part of a flight is not the take off or landing anymore, its when a flight crew member goes to the toilet

  • #2
    frankly, this is incomprehensible, if true, and it does appear to have some truth to it.

    Comment


    • #3
      ...Total ass hat parlour talk and what I really really want to believe is that:

      I can see the aircraft's databases benefiting from being liberally networked. There's a never-ending stream of little tweaks to this detail and that detail with regard to the navigation routes...

      ...and I see almost a no-win scenario where you kind of need to be networked, and added problems if you are not networked, yet the network opens the door for hacking.

      ...so, you're sititng in seat 23A (or in China), and maybe you can hack in and change some some navigation fix or altitude gateways/whatever in the navigation database...

      Then the autopilot (which is running in autopilot mode linked to the navigation system) tells the plane "no, go here" and the pilots and ATC says "Oh shit!" (or they don't notice...who knows)

      BUT, THE AUTOPILOT CLICK CLACK PADDYWHACK (give a man a plane) BUTTON AND THE PROGRAMMING THAT WHEN YOU PULL BACK ON THE SIDE STICK, SOMETHING SELLS THE ELEVATORS TO GO UP, HAS NO WIRES OR SOFTWARE OR MEMORY THAT IS CONNECTED TO ANY OUTSIDE SOURCE WHATSOEVER...

      ...at least, this is what I want to believe...

      ..and I can comfortably live with it...

      ...assuming that the pilots have strong fundamental airmanship and a good handle on procedures and will monitor that the plane is flying where it is supposed to be flying.

      ...I hope that's how all this works.
      Les règles de l'aviation de base découragent de longues périodes de dur tirer vers le haut.

      Comment


      • #4
        It's either as 3WE says or it's this.... (Pardon the bad language)

        http://youtu.be/mP34OytNHfg
        If it 'ain't broken........ Don't try to mend it !

        Comment


        • #5
          This is going to be a heck of a thing *if* it turns out to be true.

          But is there any evidence of that other than the guy's claims?

          https://www.youtube.com/watch?v=pkYNBwCEeH4
          Be alert! America needs more lerts.

          Eric Law

          Comment


          • #6
            How exactly is the ENTERTAINMENT system linked to the flight management system? Is this in case a pilot is watching some streaming video when an emergency suddenly arises? I'm hoping that at least this was what the reporter got wrong. As comedians have said, "If my iPod can bring down a plane, why would terrorists need all those things that TSA is checking for?"

            Comment


            • #7
              Originally posted by EconomyClass View Post
              How exactly is the ENTERTAINMENT system linked to the flight management system? Is this in case a pilot is watching some streaming video when an emergency suddenly arises? I'm hoping that at least this was what the reporter got wrong. As comedians have said, "If my iPod can bring down a plane, why would terrorists need all those things that TSA is checking for?"
              The IFE shows you speed, altitude, distance, direction, maps....

              I doubt that they have a fully independent navigation system just for the IFE.

              Also, the IFE automatically reverts to PA when there is a manual or automated PA. For example, if you are watching The Simpson and the masks go down, the show will change to "put your masks". There should be no DIRECT link between that and any computer necessary for flight, but the automated message is triggered by the masks going down, the masks go down when the pressure altitude exceeds 14000ft, and that is measured by the Air Data Computer.

              Maybe someone found an unexpected and unintended path or backdoor from the IFE to the computers necessary for flight. But I still doubt it.

              --- Judge what is said by the merits of what is said, not by the credentials of who said it. ---
              --- Defend what you say with arguments, not by imposing your credentials ---

              Comment


              • #8
                Putting aside the whole 'bidirectional link between entertainment system and flight controls', I'm more intrigued by the claims that he 'overwrote code in the thrust management computer' and subsequently issued a climb command and made the plane 'fly sideways'. Is there some hidden 'rotate engines 90 degrees' option that until now noone has been aware of?

                Comment


                • #9
                  Originally posted by sjwk View Post
                  Putting aside the whole 'bidirectional link between entertainment system and flight controls', I'm more intrigued by the claims that he 'overwrote code in the thrust management computer' and subsequently issued a climb command and made the plane 'fly sideways'. Is there some hidden 'rotate engines 90 degrees' option that until now noone has been aware of?
                  No, but there is such a thing as asymmetric thrust.

                  --- Judge what is said by the merits of what is said, not by the credentials of who said it. ---
                  --- Defend what you say with arguments, not by imposing your credentials ---

                  Comment


                  • #10
                    Originally posted by Gabriel View Post
                    No, but there is such a thing as asymmetric thrust.
                    Which induces roll. I didn't read anything there about roll...

                    Comment


                    • #11
                      Originally posted by sjwk View Post
                      Putting aside the whole 'bidirectional link between entertainment system and flight controls', I'm more intrigued by the claims that he 'overwrote code in the thrust management computer' and subsequently issued a climb command and made the plane 'fly sideways'. Is there some hidden 'rotate engines 90 degrees' option that until now noone has been aware of?
                      ...and there is also the existence of newsmen who don't know what they are talking about !!
                      If it 'ain't broken........ Don't try to mend it !

                      Comment


                      • #12
                        Originally posted by brianw999 View Post
                        ...and there is also the existence of newsmen who don't know what they are talking about !!
                        As well as the other 1%...
                        Be alert! America needs more lerts.

                        Eric Law

                        Comment


                        • #13
                          Originally posted by Evan View Post
                          Which induces roll. I didn't read anything there about roll...
                          First it induces yaw. The roll may have been counteracted with ailerons by the pilot (human or otherwise).
                          Anyway, as I said, I don't believe the whole claims that this gentleman is reportedly doing.

                          --- Judge what is said by the merits of what is said, not by the credentials of who said it. ---
                          --- Defend what you say with arguments, not by imposing your credentials ---

                          Comment


                          • #14
                            Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states.

                            “He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application (.pdf). “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.”
                            Ok, let's shine some factual light on this.

                            It doesn't state what aircraft he was allegedly on, but the FBI pulled him off a 737NG. So... assuming that or the Airbus A320/30/40, he hacked into what exactly? Neither the Airbus nor the B737 has anything called a Thrust Management Computer. Thrust is controlled by the pilot or the autothrottle and the autothrottle is controlled either by the FMGC on the Airbus or the FMC on the Boeing. These are configured in part by the MCDU (Airbus) or CDU (Boeing) terminals in the cockpit which are datalinked to the ground and thus theoretically hackable (although most uplink data require manual accept/reject by the pilots). Beyond this, engines are controlled by either a FADEC unit on the Airbus or an EEC unit on the Boeing. These are downlinked beyond the cockpit to provide performance data to ACARS but not uplinked to receive requests for power beyond the thust levers/autothrottle.

                            The only thing that I can consider even remotely hackable is the MCDU (Airbus) or CDU (Boeing) interface, essentially creating a third virtual terminal in a pax seat. These units are used for navigation, predictive and performance data and interface with the FMGC (Airbus) or FMC (Boeing) to set automated flight control parameters and performance targets. However, MCDU inputs are based on navigation or performance targets for the entire aircraft and would not alter a single engine power setting as he describes. To do that he would have to gain network control of the FADEC/EEC unit for that engine. He doesn't say anything about doing this and I see no path to doing so.

                            Elsewhere he claims “We were within the fuel balancing system and the thrust control system. We watched the packets and data going across the network to see where it was going.” Fuel transfer is controlled in both aircraft via a discreet panel in the cockpit overhead and neither fuel transfer nor balance is AFAIK configurable via the MFDU / CDU interface.

                            So, in summation, he is claiming to be a highly researched avionics hacker perusing and altering specific systems yet his description of these systems seems ignorant and mythical. He does not mention FADEC, EEC, FMC, FMGS, MCDU or any actual system or subsystem hierachy that you would expect from someone with that level of knowledge. I think that sort of gives away his hand...

                            The newer aircraft, the B787, the A380 and now the A350 have keyboard terminals beyond the CDU's that may involve deeper systems networking and greater vulnerability. But I doubt this and I find nothing in his statements to support it.

                            Comment


                            • #15
                              I've read a couple articles on this one.

                              http://arstechnica.com/security/2015...ewall-in-2012/

                              I do not claim to be an expert on aircraft software systems, but if the main control bus is actually connected to the other systems and only protected by a firewall, it will be possible to traverse it. I know for sure, the automobile control bus' are notoriously easy to hack into. Once you get access to the control bus -- which is easy in a car -- you can just post commands as if you were a component fooling any other component into responding.

                              However, I think this quote is the best one to describe this fellow:
                              Nick DePetrillo

                              Either he lied about fxxking with live planes or actually fxxcked with live planes. Both are unacceptable for an infosec professional.
                              http://arstechnica.com/security/2015...g-it-to-climb/

                              When I was at a security conference last year, this fellow talked about hacking the cars. I didn't like the presentation much, and frankly I thought he spent far too much time trying to justify his work, but the things you could do to a car were interesting.

                              http://2014.video.sector.ca/video/110681946

                              Comment

                              Working...
                              X