Slashdot Mirror
FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems
Salo2112 writes with a followup to a story from April in which a security researcher was pulled off a plane by FBI agents seemingly over a tweet referencing a security weakness in one of the plane's systems. At the time, the FBI insisted he had actually tampered with core systems on an earlier flight, and now we have details. The FBI's search warrant application (PDF) alleges that the researcher, Chris Roberts, not only hacked the in-flight entertainment system, but also accessed the Thrust Management Computer and issued a climb command. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system." Roberts says the FBI has presented his statements out of their proper context.
He already said that this paragraph is taken out of context and that he didn't do it (on a real plane). Basically, he's saying the FBI is lying. Shouldn't be too surprising considering how many times they've lied to the courts recently, but hopefully a jury pays attention to all that.
Peter predicted that you would "deliberately forget" creation 2000 years ago...
he didn't do it (on a real plane).
The "not on a real plane" bit comes from this paragraph of the article:
Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight.
That was then. This is now.
The FBI says he admitted to - briefly - taking control of a plane .He's saying they've got that "out of context". The only context I can think of that makes it okay is if it was with the full knowledge and backing of the airline.
systemd is Roko's Basilisk.
The police CAN and WILL use anything you say against you, NEVER EVER EVER for your benefit or for you. People do not realize that. They are trained to use various tactics to extract information out of you, The rooms are uncomfortable, they are small, they leave you alone for long periods of time, they make promises that you can leave soon if... etc.. Please people, never talk to police, you get ZERO benefit from it. Really, ZERO. If you said he hit me 20 times and I hit him back, They will only use the part where you said you hit the person, it might not ever be on an official record anywhere either. They very selectively cherry pick small bits and pieces from your sessions. There is no context at all. They are not interested in finding the actual person who committed a specific crime, they are interested in find a person.
We called it failure at OSI level 8.
Fortunately, it's still up to the FBI to prove they're not lying. Now, what an American jury is willing to accept as proof is anyone's guess.
I work in the industry and have a decent understanding of these systems as I write software for them. In-flight entertainment systems ARE wired to critical systems but typically through buses that do not allow bidirection communication. in-flight entertainment systems require input from critical systems so they can know the city pair for route based content as well as other aircaft data for driving the moving map among other things. (altitude, heading, ground speed, lat, lon, etc, etc.) This data is typically read over ARINC 429 buses which are multi-drop buses where there is one source and multiple consumers. Sources include LRUs such as the FMC (Flight Management Computer), IRS (Inertial Reference System), CMC (Central Maintenence Computer), ADC (Air Data Computer), and sometimes ACARS or CIDS which are somewhat different as they do support some bidirectional communication.
I could be wrong about the viability of being able to get to aircraft controls from the IFE system as I'm more an expert with the in-flight entertainment side than the aircraft side. (The expectation has always been that the aircraft is supposed to protect itself from the in-flight entertainment system.) Regardless, I don't believe it is true that it is possible to achieve what has been claimed.
Not quite air-gapped, bridged one way. Otherwise how do you think the flight page on the entertainment system gets its data form?
The aircraft has two networks. The inflight system is Ethernet based, traditional IP and everything. Inflight WiFi is usually a separate network from this, maybe, which leads to its own satellite transponder and antenna array on the aircraft.
The other network is the one all the avionics talk via. On modern aircraft, it's Ethernet-like. It's not quite ethernet, more slotted and with QoS guarantees and priorities. Basically it has real-time extensions added to it. They are not compatible with each other. It is NOT IP based at all, relying on proprietary protocols and addressing. There is a bridge device that allows data from the avionics network to be passed to the inflight network, but not the other way around. The bridge does not allow communications the other way because it lacks the ability to transmit on that network.
On older planes, the network isn't Ethernet based at all, it's a completely proprietary protocol, and again, the bridge is one-way because they lack the ability to transmit.
The easiest way for a passenger to take over the plane electronically is to get through the floor. The cabling for both networks usually runs close to each other.
...it's not about safety, it's about making people feel like they are safe.
I'd feel safer if security professionals vetted the system, and verified that it was safe from hacking. Precisely what the FBI is actively working to prevent.
I do like the phrase "other-worldly outlandish" to describe the situation. It beats "hogwash", which was my first reaction. This is just a search warrant application, though, and I wonder what the FBI agent's culpability is for making, let's say, "less than truthful" statements in order to obtain a search warrant.