FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems

← Back to Stories (view on slashdot.org)

FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems

Posted by Soulskill on Saturday May 16, 2015 @09:54AM from the feel-free-to-not-do-that dept.

Salo2112 writes with a followup to a story from April in which a security researcher was pulled off a plane by FBI agents seemingly over a tweet referencing a security weakness in one of the plane's systems. At the time, the FBI insisted he had actually tampered with core systems on an earlier flight, and now we have details. The FBI's search warrant application (PDF) alleges that the researcher, Chris Roberts, not only hacked the in-flight entertainment system, but also accessed the Thrust Management Computer and issued a climb command. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system." Roberts says the FBI has presented his statements out of their proper context.

50 of 190 comments (clear)

Min score:

Reason:

Sort:

call me skeptical by ganjadude · 2015-05-16 10:05 · Score: 5, Insightful

Somehow I doubt this actually happened. While I can believe that in theory it might be possible. I just dont see this guy, a security researcher from what I understand has a great reputation would have done this.

More likely the government is trying to save face right now. and since the TSA cant seem to catch any real terrorists, might as well make an example out of someone instead.

--
have you seen my sig? there are many others like it but none that are the same
1. Re:call me skeptical by PRMan · 2015-05-16 10:21 · Score: 5, Informative
  
  He already said that this paragraph is taken out of context and that he didn't do it (on a real plane). Basically, he's saying the FBI is lying. Shouldn't be too surprising considering how many times they've lied to the courts recently, but hopefully a jury pays attention to all that.
  
  --
  Peter predicted that you would "deliberately forget" creation 2000 years ago...
2. Re:call me skeptical by sjames · 2015-05-16 10:41 · Score: 5, Insightful
  
  Surely if he ACTUALLY did any such thing the FAA would have issued a notice requiring aircraft WiFi (at least in that model plane)to be disabled. It seems like we have an id10t at the FBI who wants to notch his belt and hasn't considered the wider implications of his allegations.
  Consider if the FBI should prevail in court. Suddenly the FAA comes under fire and has to publicly denounce the verdict and the FBI to save itself. The flip side is that the FAA gets proactive and testifies that it can't happen and the FBI gets to sit in the hot seat.
3. Re:call me skeptical by rahvin112 · 2015-05-16 10:56 · Score: 4, Insightful
  
  The FBI is notorious for taking statements out of context and using them against you, including charging you with lying when your out of context statement isn't correct. You should NEVER talk to the FBI without a lawyer and without a recording device running that records the entire conversation. The ironic thing is the FBI will actually refuse to interview you with a recording device running because they then can't use out of context statements against you.
  Never ever talk to the FBI unless it's in YOUR lawyers office with a recording device running. There are plenty of videos on youtube that explain how the FBI uses these conversations against people and why you should never talk to them.
4. Re:call me skeptical by wonkey_monkey · 2015-05-16 11:12 · Score: 3, Informative
  
  he didn't do it (on a real plane).
  The "not on a real plane" bit comes from this paragraph of the article:
  
  Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight.
  That was then. This is now.
  The FBI says he admitted to - briefly - taking control of a plane .He's saying they've got that "out of context". The only context I can think of that makes it okay is if it was with the full knowledge and backing of the airline.
  
  --
  systemd is Roko's Basilisk.
5. Re:call me skeptical by Anonymous Coward · 2015-05-16 11:18 · Score: 4, Informative
  
  The police CAN and WILL use anything you say against you, NEVER EVER EVER for your benefit or for you. People do not realize that. They are trained to use various tactics to extract information out of you, The rooms are uncomfortable, they are small, they leave you alone for long periods of time, they make promises that you can leave soon if... etc.. Please people, never talk to police, you get ZERO benefit from it. Really, ZERO. If you said he hit me 20 times and I hit him back, They will only use the part where you said you hit the person, it might not ever be on an official record anywhere either. They very selectively cherry pick small bits and pieces from your sessions. There is no context at all. They are not interested in finding the actual person who committed a specific crime, they are interested in find a person.
6. Re:call me skeptical by msauve · 2015-05-16 11:43 · Score: 4, Insightful
  
  if he ACTUALLY did any such thing the FAA would have issued a notice requiring aircraft WiFi
  You obviously didn't read the search warrant.
  
  First, it states that in previous interviews (in Feb, and I'll bet the FBI has audio records to support that), he had described connecting to the network using Ethernet connected to a "Seat Electronic Box" ("SEB") which is mounted under the seats. So, WiFi has nothing to do with it. In the same interview, he said he understood the legal ramifications and would not access airplane networks.
  
  The warrant goes on to state that the FBI inspected the SEBs around the seat he occupied on his 4/15 Denver to Chicago leg, and found signs of damage and tampering.
  
  That, along with his history and the tweet regarding being on the flight and suggesting he could tamper with the flight systems seems to me to be reasonable grounds for a warrant.
  
  And, I hope he's prosecuted. Also in the Feb. interview, he admitted actually tampering with flight control systems. It's one thing to find a vulnerability and try to get it addressed. It's quite another to actually make use of that vulnerability during a flight, placing the public at risk.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
7. Re:call me skeptical by Anonymous Coward · 2015-05-16 12:00 · Score: 4, Funny
  
  It turns out the plane did in fact climb, for 20-30 minutes, at the start of the flight.
8. Re:call me skeptical by FatdogHaiku · 2015-05-16 12:19 · Score: 2
  
  In the 90's we called them PEBKAC issues...
  P roblem
  E xists
  B etween
  K eyboard
  A nd
  C hair
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
9. Re:call me skeptical by sjames · 2015-05-16 12:38 · Score: 3, Interesting
  
  s/WiFi/SEB/g and it's the same issue. Surely you could have managed to work that out.
  How many of the OTHER SEBs showed the same signs, I wonder?
10. Re:call me skeptical by lgw · 2015-05-16 12:40 · Score: 2
  
  My money is on the FBI flat-out lying. It's what cops do. But of course I'm speculating and haven't seen the evidence. If it gets to court, a jury will make the call, and if they find the FBI's actual evidence convincing, that's what matters. OTOH if the FBI drops the case then we'll know this was all BS.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
11. Re:call me skeptical by hodet · 2015-05-16 12:42 · Score: 4, Informative
  
  We called it failure at OSI level 8.
12. Re:call me skeptical by garyisabusyguy · 2015-05-16 13:09 · Score: 4, Interesting
  
  The network that he gained access to was the In Flight Entertainment System via default userids and passwords
  The primary order should have been for the airlines to set up routines to cycle the passwords
  We do not know if they did that because the only access that they claim he got at this point is to the box under his seat
  I think that more definitive proof would be that he managed to log into the system because there could be claims that the box under the seat was being moved around by luggage feet of passengers behind him
  None of this addresses how he managed to hop from the entertainment system network to the flight system network, which many people have claimed are air gapped from each other
  
  --
  Wherever You Go, There You Are
13. Re:call me skeptical by myowntrueself · 2015-05-16 13:14 · Score: 2
  
  My money is on the FBI flat-out lying. It's what cops do. But of course I'm speculating and haven't seen the evidence. If it gets to court, a jury will make the call, and if they find the FBI's actual evidence convincing, that's what matters. OTOH if the FBI drops the case then we'll know this was all BS.
  Indeed, lying is the main method that cops use to secure a confession. Especially in the context of an interrogation never believe anything that a cop or fed says, assume its a lie trying to trick you into revealing something.
  
  --
  In the free world the media isn't government run; the government is media run.
14. Re:call me skeptical by The+Rizz · 2015-05-16 13:56 · Score: 2
  
  Think what you will, but wasn't there physical evidence that the boxes in question had been tampered with?
  Yeah, because something stuck under the tiny no-legroom airline seats can realistically be "tampered with" during a flight without anyone noticing. That's much more likely than several years' of feet and bags bumping into and damaging it. I'm also sure they gave comparison photos of the "tampering damage" with other jacks on the same airplane, and didn't compare them to photos of a brand new jack.
15. Re:call me skeptical by Rich0 · 2015-05-16 14:24 · Score: 5, Insightful
  
  Well, either he did manage to access the flight controls from the entertainment system, or he didn't.
  If he didn't, I don't think the FBI has much of a case.
  If he did, then the FAA should certainly be issuing an airworthiness directive banning any inflight entertainment system with a connection to the flight control systems. I don't think it is likely that they'd be satisfied with passwords. As far as the FAA is concerned video games on planes are optional, safe flight is not.
  The fact that the FAA hasn't gotten involved makes me skeptical of the FBI's claims. I have a lot of issues with how the FAA does things, but they usually take any kind of potential aircraft defect seriously.
16. Re:call me skeptical by catmistake · 2015-05-16 14:26 · Score: 2
  
  Agreed. I control all commercial flights with an Atari joystick from 1982 that I customized to be on the same frequency as the InFlight entertainment system of all commercial aircraft. So this researcher is a fraud, or the FBI is lying. I know, because its me. I'm doing all the flying. Now... all I need to do is get the FBI to repeat this, then everyone will start asking "how does he do it?" without asking "why would anyone believe something so nutty?"
  
  --
  The Admin and the Engineer
17. Re:call me skeptical by sjames · 2015-05-16 14:27 · Score: 3, Interesting
  
  That's more or less my point. Apparently the many who say it can't happen includes the FAA (otherwise, why no advisory). The FBI alleges that he actually did just that during the flight (even if not impossible, their story is a bit thin).
  More strangely, he as a future defendant is one of the few experts who believes it is even possible, but they can't exactly use him as an expert witness for the prosecution.
18. Re:call me skeptical by Damarkus13 · 2015-05-16 15:45 · Score: 4, Informative
  
  Fortunately, it's still up to the FBI to prove they're not lying. Now, what an American jury is willing to accept as proof is anyone's guess.
19. Re:call me skeptical by j-turkey · 2015-05-16 17:32 · Score: 4, Insightful
  
  Well, either he did manage to access the flight controls from the entertainment system, or he didn't.
  If he didn't, I don't think the FBI has much of a case.
  I don't think that this has anything to do with whether or not the FBI actually has a case. I suspect that this is the federal government sending a message to security researchers that airplanes are off-limits. It's the same reason for the TSA's billions of dollars of security theater - it's not about safety, it's about making people feel like they are safe. If average citizens do not feel safe flying, they won't fly and we won't have an airline industry. This would have a tremendous effect on our economy. If average citizens believe that flight control systems can be hacked by a geek in his/her seat with a laptop, they will not feel safe, and may not fly.
  I'm not much of a conspiracy theorist, and I'm not about to start now. However, given the fact that it seems other-worldly outlandish that a security researcher can gain control of any flight controls via the wi-fi entertainment system, I strongly suspect that this is the purpose of the FBI's heavy-handed tactics.
  
  --
  
  -Turkey
20. Re:call me skeptical by radarskiy · 2015-05-16 17:38 · Score: 2
  
  "Somehow I doubt this actually happened. While I can believe that in theory it might be possible."
  Note this is not an indictment, it is a search warrant application.
  The FBI alleges that Chris Roberts claims to have committed a crime. That would be the probable cause for a search warrant for the investigation into whether he did in fact commit the crime that he claims. An alternative explanation for Roberts's claim is that he was just bullshiting the proles.
  Those crying that the lack of action thus far on the part of the FAA is evidence that no crime was committed are missing the point that this is the *beginning* of the investigation, not the end. It is not rational to expect all of the parties have already reached their conclusions.
21. Re:call me skeptical by WaffleMonster · 2015-05-16 17:54 · Score: 2
  
  Think what you will, but wasn't there physical evidence that the boxes in question had been tampered with? It's difficult to play the innocent victim of a grand conspiracy after 1) you describe to the authorities how to compromise a system
  This guys raison detre is spreading the word about how these systems can be compromised. The question is whether he actually did it for realz.
  
  and 2) said system has been tampered with exactly the way you described, by someone sharing your physical space at the time.
  People are adept at finding evidence supporting their presuppositions. A disease whose only cure is actively searching for evidence contradicting your assumptions.
  He supposedly was in seat 2A... from search warrant:
  "He said he was able to remove the cover for the SEB under the seat in front of him by wiggling and squeezing the box".
  "After removing the cover to the SEB that was installed under the passenger seat in front of his seat..."
  "A special agent with the FBI advised that the SEBs under seats 2A and 3A showed signs of tampering. The SEB under 2A was damaged. The outer cover of the box was open approx. 1/2 inch and one of the retaining screws was not seated and was exposed".
  So I'm really confused here the statements are not self consistent. The seat in front of 2A is 1A... wouldn't that be the SEB that showed signs of tampering?
  2A is under his seat...and 3A is under the seat BEHIND him.... so he not only screwed with his SEB without anyone noticing but got up moved to the seat behind him and screwed with that one too? In first class of all places? Does this make any sense?
  Did the agents conduct a survey of the condition of all SEBs on the aircraft and other similar aircrafts? Is the condition of the panel abnormal? Do they even know? Did they even check?
22. Re:call me skeptical by drawfour · 2015-05-16 18:52 · Score: 2
  
  The article says:
  
  Roberts had been sitting in seat 3A and the SEB under 2A, the seat in front of him, “was damaged.”
  So he tried to get at the one under his seat (which was "tampered with"), but since he couldn't get it opened, he tried the seat in front of him (which was "damaged"), and he succeeded.
23. Re:call me skeptical by Anonymous Coward · 2015-05-16 18:58 · Score: 2, Insightful
  
  >Is there any benefit to talking to the FBI under these conditions, as opposed to not talking at all?
  No, there is no benefit to you. Your words can only be used against you in a court, not for you. Innocent or guilty, always get a lawyer first and consult on everything before talking.
  >If you tell them "I don't feel like talking to you, see you in court", can they charge you with something? Can it reflect badly on you?
  Nope! We have this thing called the fifth amendment. It's pretty neat. Just say that you wish to invoke your right to remain silent, and that you want to talk to a lawyer.
24. Re:call me skeptical by tlhIngan · 2015-05-16 19:21 · Score: 5, Informative
  
  None of this addresses how he managed to hop from the entertainment system network to the flight system network, which many people have claimed are air gapped from each other
  Not quite air-gapped, bridged one way. Otherwise how do you think the flight page on the entertainment system gets its data form?
  The aircraft has two networks. The inflight system is Ethernet based, traditional IP and everything. Inflight WiFi is usually a separate network from this, maybe, which leads to its own satellite transponder and antenna array on the aircraft.
  The other network is the one all the avionics talk via. On modern aircraft, it's Ethernet-like. It's not quite ethernet, more slotted and with QoS guarantees and priorities. Basically it has real-time extensions added to it. They are not compatible with each other. It is NOT IP based at all, relying on proprietary protocols and addressing. There is a bridge device that allows data from the avionics network to be passed to the inflight network, but not the other way around. The bridge does not allow communications the other way because it lacks the ability to transmit on that network.
  On older planes, the network isn't Ethernet based at all, it's a completely proprietary protocol, and again, the bridge is one-way because they lack the ability to transmit.
  The easiest way for a passenger to take over the plane electronically is to get through the floor. The cabling for both networks usually runs close to each other.
25. Re:call me skeptical by dcollins117 · 2015-05-16 20:02 · Score: 3, Informative
  
  ...it's not about safety, it's about making people feel like they are safe.
  I'd feel safer if security professionals vetted the system, and verified that it was safe from hacking. Precisely what the FBI is actively working to prevent.
  I do like the phrase "other-worldly outlandish" to describe the situation. It beats "hogwash", which was my first reaction. This is just a search warrant application, though, and I wonder what the FBI agent's culpability is for making, let's say, "less than truthful" statements in order to obtain a search warrant.
26. Re:call me skeptical by msauve · 2015-05-16 22:42 · Score: 2
  
  You say that, but it's simply not true.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
27. Re:call me skeptical by drinkypoo · 2015-05-16 23:23 · Score: 2
  
  Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight.
  That was then. This is now.
  The FBI says he admitted to - briefly - taking control of a plane .He's saying they've got that "out of context". The only context I can think of that makes it okay is if it was with the full knowledge and backing of the airline.
  Your quoted text says he took control of a virtual plane. That is not the same as taking control of a plane. Did you quote the wrong text, or does the quoted text contain your answer, making it spectacularly puzzling as to why you would ask the already-answered question?
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
28. Re:call me skeptical by Agripa · 2015-05-16 23:45 · Score: 2
  
  That is a recent change and the DOJ says lots of things. I am sure the FBI has a way to weasel out of it.
29. Re:call me skeptical by Hognoxious · 2015-05-17 04:53 · Score: 3, Funny
  
  For once, not xkcd.
  https://www.flickr.com/photos/...
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
30. Re:call me skeptical by msauve · 2015-05-17 06:19 · Score: 2
  
  He was in seat 3A, which is in 1st Class on a 737. He had previously claimed to have done it 15 to 20 times. And, of course, he's only under reasonable suspicion of tampering with it on that specific flight, which is why they sought a search warrant.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
It's a PR campaign by Mr.+Freeman · 2015-05-16 10:06 · Score: 4, Insightful

No researcher would be so reckless as to actually screw with an airplane's engines mid-flight. The fact that the FBI alleges that he did means that they know damn well they have nothing to do on, but need to paint this guy as a terrorist in order to save themselves looking like idiots for arresting a guy based on a single twitter message.

--
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
1. Re:It's a PR campaign by Gizan · 2015-05-16 10:09 · Score: 2
  
  ^^^^^ what he said. And yes, I have nothing informative to add.
2. Re:It's a PR campaign by circletimessquare · 2015-05-16 10:12 · Score: 4, Insightful
  
  while i agree with you that this story sounds like bs, i despise this "always dealing with rational actors" argument
  people do insane things. all the time. if your argument depends upon how someone you don't know is perfectly sane and rational, your argument sucks
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
3. Re:It's a PR campaign by rubycodez · 2015-05-16 10:17 · Score: 3, Insightful
  
  "No pilot would be so reckless as to crash a jumbo jet into a mountain." "No doctor would be so reckless as to implant an unpreserved long-dead black market donor organ into a patient"
  You are silly
4. Re:It's a PR campaign by FatdogHaiku · 2015-05-16 12:50 · Score: 3, Interesting
  
  Somewhere out there a true Scotsman is rolling over in his grave like a turbine.
  and with the manual transmission of a pickup truck, some u-joints and a drive shaft we can couple him to a generator!
  The fact that we will be making money off him at little cost to us and zero compensation to him should start 8 of the nearest (buried) true Scotsmen also spinning. At that point we hook them all up and via RPM modulation we can play "When Irish Eyes are Smiling"! This will cause all the remaining true Scotsman (dead and possibly living) to also spin like turbines and energy will flow from Great Britain like water. I have to go write some IPO stuff and maybe make a kickstarter page for start up capital...
  Thanks!
  /jk (cause there's always someone wanting to be offended in some way... no matter how utterly ridiculous a statement is, a literalist is waiting to pounce)
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
The real problem is bad design by Anonymous Coward · 2015-05-16 10:10 · Score: 2, Insightful

This guy might be a giant dick who tried to crash a plane, and if that's the case we should hold him accountable like any other person who endangers others.
But isn't the real problem here that, if what the FBI describes is true (which I doubt), the FAA allowed -- and is still, today, allowing -- a plane to fly with a passenger entrainment system that can access flight controls? The power train CAN bus in my car has better isolation and security than that.
Can't be too safe by Crayola · 2015-05-16 10:16 · Score: 4, Insightful

Of course, if it were possible to take control of a plane like this, the government would immediately ground all those planes until the security flaw could be fixed, right? Funny, haven't heard that they've done that.
FBI probably left out the virtual simulation part by Anonymous Coward · 2015-05-16 10:18 · Score: 5, Insightful

Do not under any circumstance EVER talk to law enforcement. It's that simple stupid. I don't care if the cop threatens to tow your car and take your children. STFU. If they have something on you they will do it anyway and if they don't then they're trying to get you to say something for which they can arrest you. Nothing you say will ever help you in a court of law. Law enforcement are TRAINED TO LIE in order to get the responses they're after. "Sir- I'll need to ask you to step out of your car so I can search it". He's not ordering you to step out of your car. He's asking permission to search your car. If you comply he'll testify in court you gave permission for them to search your car. The exact phrasing will never be heard in court as the cop will just summarize it as "I asked for permission to search he responded yes". Had you STFU and only surrendered your name and address and if driving your ID, insurance, and registration you would never have ended up arrested. Yes- cops will "get angry" if you don't "cooperate". They will threaten to arrest you. However these are generally lies to get you to do what they want (allow a search, etc). If you don't "cooperate" they won't actually arrest you 99% of the time because they haven't got anything on you.
rubbish by Anonymous Coward · 2015-05-16 10:21 · Score: 4, Insightful

As I professional pilot can I say that while I have no insight into what may or may not actually have happened on this flight, the write-up in the article is utter bollocks from a flight dynamics perspective. If the case really rests on such a flimsy explanation of what happened than the FBI need some above from somebody who knows anything whatsoever about aircraft and flight dynamics.
1. Re:rubbish by kthreadd · 2015-05-16 10:35 · Score: 2
  
  According to the article he did that in a simulated environment, not the actual plane.
Excel by bidule · 2015-05-16 11:40 · Score: 4, Funny

Did he use Excel to land the aircraft?

--
ID: the nose did not occur naturally, how would we wear glasses otherwise? (apologies to Voltaire)
Fumbling Bumbling Idiots by Anonymous Coward · 2015-05-16 11:47 · Score: 3, Insightful

It's sad when the FBI makes a statement and I automatically don't believe them.
Here's likely what happened by shellster_dude · 2015-05-16 12:40 · Score: 2

The FBI asks him to describe what he was able to accomplish in his theoretical lab. He does, they cut and paste it into the affidavit leaving out the part that it was in a simulated environment. You should never believe what's in an affidavit, it's designed to get a warrant, or get a DA to prosecute, not to be truthful.
Re:How can this be? by plover · 2015-05-16 13:03 · Score: 2

There's no way that entertainment/wifi/anything-accessible-to-a-passenger could in anyway be connected to those critical systems...is there?
There should be no tie between the control and entertainment networks. I would be surprised if there aren't regulations that forbid it. My guess is this simulated system was not like the real ones. It certainly isn't clear what really was done.
If there is no tie between the entertainment and nav systems, then it becomes difficult to explain the seatback display of the current flight information. At some point the data has to move from one system to the other. That takes a lot more than "no tie".

--
John
FBI is lying by Anonymous Coward · 2015-05-16 13:32 · Score: 4, Interesting

He said if he was an attacker he could "access the control computer, ... issue a climb command..." etc.. FBI has just taken those quotes out of context to justify its warrant.
In this case he was dumb and was reporting what he thought was a vulnerability to the FBI, and explaining the possible attack scenarios, and the FBI have thought "great! finally we can justify our terrorism budget!" and arrested him.
As to whether there is a cat5e ethernet port that connects to the flight computer under a passenger seat. Why would there be such a thing? The only network there is the inflight entertainment system and those systems have no physical route to the flight controls.
Completely out of context... by etinin · 2015-05-16 13:45 · Score: 2

The guy actually said he had never truly tampered with flight control systems EXCEPT in simulator settings. So, no, he never hacked into real planes.

--
"I decided I could write something better than everything out there in two weeks. And I was right." - Linus Torvalds
Re:How can this be? by Anonymous Coward · 2015-05-16 15:57 · Score: 3, Informative

I work in the industry and have a decent understanding of these systems as I write software for them. In-flight entertainment systems ARE wired to critical systems but typically through buses that do not allow bidirection communication. in-flight entertainment systems require input from critical systems so they can know the city pair for route based content as well as other aircaft data for driving the moving map among other things. (altitude, heading, ground speed, lat, lon, etc, etc.) This data is typically read over ARINC 429 buses which are multi-drop buses where there is one source and multiple consumers. Sources include LRUs such as the FMC (Flight Management Computer), IRS (Inertial Reference System), CMC (Central Maintenence Computer), ADC (Air Data Computer), and sometimes ACARS or CIDS which are somewhat different as they do support some bidirectional communication.
I could be wrong about the viability of being able to get to aircraft controls from the IFE system as I'm more an expert with the in-flight entertainment side than the aircraft side. (The expectation has always been that the aircraft is supposed to protect itself from the in-flight entertainment system.) Regardless, I don't believe it is true that it is possible to achieve what has been claimed.
What if.... by rew · 2015-05-16 18:20 · Score: 3, Insightful

What if the protection on planes is so bad that a passenger can use the inflight entertainment system to gain virtual access to the controls of the plane?
Suppose you are a security researcher and find this out. What do you do? Tell boeing! They... do nothing. Tell the airline! They.... do nothing.
It all starts with a belief issue. You hack into the entertainment system, compromise the firewall and see plane-control messages flying around on the network you now have gained access to. This is enough for a sufficiently technical person to be convinced of having gotten too far for comfort. At that point you know you are only one step away from taking control of the airplane.
Tell anybody less technical about it and they will not be convinced that you'd be able to move the plane. For example, today with this news today someone already voiced: "he might only THINK he moved the plane" (... while in fact the pilots initiated that maneuver).
So... to prove to the world that there indeed is a dangerous situation, you need to actually make the plane move.
And this is where everybody gets their panties in a knot. Suddenly the guy who reports that the planes are not secure enough is the bad guy and needs to be thrown in jail.
Examples of people reporting security problems and being ignored include: On a saturday night two men walking their dogs notice that the bank has left a window open. A person can just climb into.. the bank! So monday morning they walk into the bank, tell them about it, bank says thank you and... nothing happens. Next weekend, window is again left open. So they tell the bank again. And again. After a few times, to prove the point, they decide to climb in, and photograph what access they have once inside the bank. They got into a lot of trouble for that. But since then, the window has been closed.
Personally I have reported security problems in computers without going that extra mile of "making the plane move". In one instance I've reported such a misconfiguration to over 100 system administrators. Two hours later, saturday afternoon, the first response: "Thanks, fixed". Come monday morning, one response: "we know, not a security issue, get lost.". And all others were "no response". A year later more than 50% of the computers where I reported the configuration error were still vulnerable.
With laws being written in such a way that the "white hats" (*) can be thrown in jail, we create an environment where the white hats are either ignored or thrown in jail. Before you know it, the "white hats" are too afraid to report anything and stop reporting real problems. In that situation, you only find out the problems when a bad guy ends up crashing a plane.
Boeing: invite the guy over to show you the problem. Once that hole has been closed, invite him over, pay his hotel an meals for a week while he hacks at a "fixed" plane on the ground at your facilities. Credit him for making aviation safer.
(Do this, before someone makes it stick that: "Boeing created this system with such bad security that it put passengers at risk.").
(*) the researchers that report the problems they find without causing real harm,
It's bullshit by Rhywden · 2015-05-16 22:18 · Score: 2

It's not even possible in theory. There are several reasons for that.
1. The routing of data is hardcoded into the switches and cannot be changed without physically accessing the switch. The routing table not only determines which devices may talk to which devices, but also the direction of the data flow. This means that a monitor device cannot talk to an engine because the monitor is configured only to receive data.
2. But even if they managed to get the monitor device to send data, the switch would recognize this as a device malfunction (because it's not allowed to send) and disable the port it's sending on. This is not due to security against hacking but more due to "a malfunctioning device should not be able to DOS the plane's network".
3. There are actually two networks, sending identical data for redundancy. Now guess what happens if one of the networks sends different data than the other? Right: The offending port / device gets shut down.
4. The network protocol is a modified UDP protocol (no need for TCP) which makes the network deterministic - data delivery is guaranteed within a certain timeframe. Which means, again, that you need specialized hardware to even talk to the network.
5. And even if you managed to take down both switches, there'd still be a manual override in the cockpit which allowed the pilot to steer the plane without the network.
In essence, you need pretty hefty physical access to modify the planes flight mechanics. Something you will not achieve while the plane is in the air and even very unlikely while the plane is on the ground.