Slashdot Mirror
Chris Roberts Is the Least Important Part of the Airplane Hacking Story
chicksdaddy writes: Now that the news media is in full freak-out mode about whether or not security researcher Chris Roberts did or did not hack into the engine of a plane, in flight and cause it to "fly sideways," security experts say its time to take a step back from the crazy and ask what is the real import of the plane hacking. The answer: definitely not Chris Roberts. The real story that media outlets should be chasing isn't what Roberts did or didn't do on board a United flight in April, but whether there is any truth to longtime assurances from airplane makers like Boeing and Airbus that critical avionics systems aboard their aircraft are unreachable from systems accessible to passengers, the Christian Science Monitor writes. And, on that issue, Roberts' statements and the FBI's actions raise as many questions as they answer. For one: why is the FBI suddenly focused on years-old research that has long been part of the public record.
"This has been a known issue for four or five years, where a bunch of us have been stood up and pounding our chest and saying, 'This has to be fixed,' " Roberts noted. "Is there a credible threat? Is something happening? If so, they're not going to tell us," he said. Roberts isn't the only one confused by the series of events surrounding his detention in April and the revelations about his interviews with federal agents. "I would like to see a transcript (of the interviews)," said one former federal computer crimes prosecutor, speaking on condition of anonymity. "If he did what he said he did, why is he not in jail? And if he didn't do it, why is the FBI saying he did?"
"This has been a known issue for four or five years, where a bunch of us have been stood up and pounding our chest and saying, 'This has to be fixed,' " Roberts noted. "Is there a credible threat? Is something happening? If so, they're not going to tell us," he said. Roberts isn't the only one confused by the series of events surrounding his detention in April and the revelations about his interviews with federal agents. "I would like to see a transcript (of the interviews)," said one former federal computer crimes prosecutor, speaking on condition of anonymity. "If he did what he said he did, why is he not in jail? And if he didn't do it, why is the FBI saying he did?"
the real question to be asking is that if what the FBI is claiming is true, why has the FAA not grounded all planes of the same make yet? they have grounded planes for less in the past, the FAA doesnt really mess around
have you seen my sig? there are many others like it but none that are the same
I demand the immediate release of the good security guy Dread Pirate Chris Roberts!
This is the NSA, we're gonna geet U h@x0r5! Also, what is a h@x0r5?
...when he uses the lives of others just to get attention for the FUD factory of which he is a part.
It's the Federal equivalent of, "I smell marijuana, I need to search your car."
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Chris Roberts is the wwwyzzerdd!! http://www.yzzerdd.com/
It's almost as though the FBI is being hamfisted and incompetent again; but that couldn't be right...
At the moment, no one has verified if he really did change the planes course. As a pilot, I can tell you that if the auto pilot suddenly changed course for no reason and the throttles changed.. You sure as hell would have reported it to the engineers and there would be a a big stink about it. But we haven't heard that.
As a developer, I can't imagine that you would over write throttle control code while in the same fucking airplane! Not to mention if he did, did he undo the code change to give control back? Did the pilots simply disable the auto pilot? Does the auto pilot even still work in that airplane without a firmware reset? All those make me highly suspicious of this guys claims. Until the airline comes out and says "yes, our pilots had to disable the auto pilot and fly manually for the rest of the trip and the airplane is at Boeing getting the auto pilot fixed.." I don't believe it.
I wonder how this will affect the development of Star Citizen?
And if he didn't do it, why is the FBI saying he did?
Wait, a "former federal computer crimes prosecutor" is arguing that knowing how to commit a crime isn't itself, a crime? How can the war on terror subjugate ^H^H^H protect Americans, if US prosecutors are so lenient?
I have talked to Boeing Engineers about this in the past. They say that (both with present systems and new all IP based systems) there is a total physical and logical separation between the three types of networks on a plane (basically, pilot command and control, airplane maintenance networking, and passenger facing networking). They were pretty firm on this separation being inviolable, due to the obvious safety aspects. Either Chris Roberts is blowing smoke, or some pretty smart people made some pretty basic mistakes.
"Stop: Fly sideways!"
(T>t && O(n)--) == sqrt(666)
"If he did what he said he did, why is he not in jail?
Because, contrary to some opinions, America is not yet a police state, and they still like to have silly things like trials.
And if he didn't do it, why is the FBI saying he did?"
A better question would be "why isn't he saying he didn't?"
systemd is Roko's Basilisk.
Aircraft makers Boeing and Airbus have both publicly refuted claims that their planes can be hacked, but also refuse to discuss the details of the security features in place on airplanes.
“Airbus has robust systems and procedures in place for our aircraft and their operations to ensure security against potential cyber attacks,” the company said in a statement to Passcode. “We naturally do not discuss details on our security design and operations in public.”
Public review of security is often a good idea. The word 'naturally' reflects a lack of understanding of security. Not a good sign. Hopefully Airbus can clarify what they mean.
In an interview in April, he also claimed that FBI agents asked for his assistance reproducing the results of his vulnerability research and helping them set up a custom virtualized environment he used to test vulnerabilities in in-flight systems. Their reasons for doing so were not explained, and Roberts claims that he declined both requests, citing his work responsibilities and the FBI’s unwillingness to grant him immunity from prosecution should he assist them.
Citing 'work responsibilities' seems pretty lame on his part. Hopefully the FBI will call his bluff with some sort of immunity offer.
I would not be surprise that entertainment systems retrofitted onto older aircraft share subnets. Likely for battery BMS, fire safety, electrical shorts, etc.... Funny--it's actually the safety stuff!
Sure the designers would never (even a practical person wouldn't do it) tie avionics to entertainment networks, that's logical and likely easier to do to keep them separate when designing an aircraft.
But when you retro fit a 25-30yr old plane, it's possible nets cross lines due to time (i.e. competition w/newer aircraft), short cuts (accounting) and cost constraints (CEOs). We all want our movies & music nowadays. So the airlines are going to add it ASAP w/some subcontractor (not the aircraft manufacturers). It's a cheap retrofit in the end. That's one problem.
The 2nd problem is Chris Roberts and the media sensationalizing these cheap retrofits. No different from one putting a kids seat over a regular car seat (which had it's share of problems for years up until 2006). Heck anything that flies is sensationalized nowadays--it's sells eyeballs and ad money..
Right before the crash there are reports of the caption needing to do a hard reset of the autopilot system.
The engineering team picked a bad day/week/month to give up whatever it was that they're wanting to give up...
If it's just for the cute little plane thing, why don't they just have a second radio for that and split the systems entirely?
To stop all this why don't Boeing or who ever put a plane on the tarmac and let him show them what can be done.
I would have thought this would have been a high priority for all parties. Chris, FAA, Boeing everyone.
If he can / cant do it then there is the answer. Of cause he does this with no risk the plane and him in the courts. Give him immunity for the hack.
...take a step back from the crazy and ask what is the real import of the plane hacking.
I d'know... bears??
(In addition, that statement is actually a question.)
Step 1: Work on hacking (at the very least gathering extensive info about hacking) various militarily and safety-sensitive systems ...er.... Profit?
Step 2: Boast about it, publish lots of findings and clues for others
Step 3: Piss off government of country where you are resident
Step 4: Get multiple private warnings from govt to keep your nose out
Step 5: Repeat steps 1 + 2
Step 6: Be surprised when govt gives you a slap.
Step 7:
[FrLz]
Never underestimate the ability of non-security programmers and hardware people to overestimate their own security prowess.
Rekt
15 April 2015 : Chris Roberts posted "a joke" on twitter about his ability to access aircraft control systems and alter the cabinet oxygen mixture while in flight.
That's more than enough to get interviewed by the FBI / TSA.
Now the fur is flying (ha, ha) over who said what, when, and the various interpretations of statements. Welcome to the legal industrial complex in a free country. His tweet started the whole mess.
When doing security testing of any system, one must consider the possibility of unforeseen consequences. That is, while you think that your test may be harmless, you'll really never know this for sure until you perform the test. And even then, you might not know of all possible damage that was done to the system.
Just as system architects and developers make certain assumptions that may introduce vulnerabilities, a security tester may make assumptions about the consequences of their actions. The problems happen when these assumptions don't map up to reality 100%.
Yes, airplanes' computer systems should receive security testing. But to perform any sort of testing without authorization and when there are potential safety (human life) consequences is inconceivably irresponsible. Regardless of whether or not the tester suspects any damage will occur.
You mean the Wing Commander?
I'll be here all night
A steep price to pay. Hope his sacrifice makes air travel safer.
Obiligatory Xkcd http://xkcd.com/538/ :)" lets see he has a custom made hacking box, this where he knows it or not is a felony when he hooks it to the IFE. That's in the 14 CFR Part 91. What is 14 CFR Part 91? its the 1000+ page rule book that FAA details every aspect of flight in. From the size of the screws to what can actually be on board as a part of the plane. its in there.
So back to the tweet. Chris hooks up an illegal hacking box to the IFE which is a redundant system separated from the navcom because requires an antenna to operate and there bandwidths can cause electrical issues with other systems (like aluminum foil in mircrowave issues).
If you see the explaination and think TL;DR read the xkcd it will explain too. But this below is why everyone is ignoring him.
Once again this is nothing more than fud. its FUD because there isn't a way for him to alter them.
He says he hacked into the actual flight controls via the onboard entertainment system. So I am going to explain how this is not on any plane outside a 787 or Airbus a-380 (both use an ethernet bus for the main connections between suites so a person with advanced knowledge who is an asshole enough to want to be banned for life from flying while committing several felonies [interfering with the flight crew for one is since 9/11] could.)
First the magic tweet states its a 737/800. This link is a pic the avionics bay of a 737/800.
http://farm4.staticflickr.com/...
They were introduced in1994. That's pre-internet. The IFE the In-flight entertainment system united uses was added in 2010. Its a redundant system not essential for flight or navigation so therefore its not connected directly to the rest of the avionics suite. But let me prove that.
https://www.redskyventures.org...
Actual boeing operations manual.
but lets go back to actual tweet "Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ?
Said box supposedly breaks firewall around IFE to get out. But to go where? He would be using command line and be seeing machine code at the core of a Boeing system.
So assumable he is seeing the maintenance list (unaware that the moment the firewall is breached in flight the in flight data recorder starts recording this) and he picks ICE?
ICE isn't ice its a function of the flight management system (FMS). IThe FMS will use ARINC 653 partitioned operating environment software, which allows multiple applications on the same processor. http://en.wikipedia.org/wiki/A...
What is ICE inside of FMS? Its to keep track of the ice buildup on the plane and to create solutions. But Ice can't drop oxygen masks nor can ice communicate with Satcom. And what is satcom?
SATCOM is satellite communications. Its an antenna on the fuselage of the plane. Its is not only for TV and wifi. It is a another way to communicate with Flight Ops, specifically with dispatch. It is just same as you use cellphone. If ARINC comm is not available, SATCOM comes to play, especially in remote areas and over polar regions. But here is the catch. IFE is directly connected to Satcom because thats Satcoms primary purpose on the 737/800. Satcom can't be used to change stuff internally because its not designed to. Its designed to be a communications channel for voice, internet and TV. sacom on 737 is wired through no 1 hf. so you can select hf or satcom.. Its manufactured by Thales UK The Thales TopFlight SATCOM is the first ARINC 781 SwiftBroadband-enabled SATCOM. However this wonderful device is connected to the rest of the suite via a Arinc 429 data bus.
Look. I generally don't believe in punishment.
But for this kind of crime (I'm talking about police/prosecutor overreach: inflating the charges into some fantasy monsters, like "destabilizing the country" for "ripping a CD", or "terrorist attack" for "wearing a blinkenlights badge in the airport"... you get the idea), we should re-introduce some medieval punishments.
I'd like to see a prosecutor publically whipped out in the main city square of a policeman ound naked to the village's water pump.
As long as you keep saying "hacking" I can safely ignore anything you say because you won't be making sense.
Same goes for the FBI except that you'd better run because you're getting hit with overly vague laws that are oh so convenient to them but have nothing to do with justice whatsoever. Better run and stay out of their reach for the next twenty years or so.
Another stupid Americanism... please, God, don't let this start being part of common speech...
A step back from the crazy WHAT?
Just for talking about it after playing with some rig at home? That's a bit harsh.
In what alternate history is 1994 pre-internet?!
I saw the name Chris Roberts and got all excited this was about the Wing Commander creator. What a let-down.
The Avionic box was probably designed in 1984, using hardened chips of the day. Chances are, it uses a 80186 or something of equal power, but no Linux, or Windows. Certainly there was never an IP stack in the OS, and there were never any ethernet connectors on the box. There is an ARINC-422 connection, which is mostly GPIO pins, not much serial.
Yes, there could be updates to the box, but the certification process is very time consuming. There are paths for software updates, but the hardware has almost no changes over the last 30 years.
Yes, Chris Roberts is full of Sh** and is causing peoples heads to explode for no good reason.
"This is your hacker speaking."
can't be used to change stuff internally because its not designed to.
That's what everybody says before equipment is used to do stuff it wasn't designed to.
So you are suggesting that dial up bulletin boards that required telephones to literally dial up a connection through Compuserve or Genie are comparable to the modern internet?
In 1994, Amazon, Yahoo! and Mosaic Communications (later Netscape) were in the beginning stages. Poynter reports Netscape Navigator was the first commercial web browser launched that year, two years before Microsoft Internet Explorer and 10 years before Mozilla Firefox.
Eternal September hadn't began. And it was a dream to download movies, music or TV. hell a single 1 mb porn image took hours.
E-commerce also launched in 1994. The first online transaction was allegedly for a pizza from Pizza Hut, while CNET reports a group of Swarthmore College students created the first secure "on-line" marketplace -- called NetMarket -- long before clicking to buy via eBay and other sites became the norm.
Wired claims it launched the very first banner ad ("Have you ever clicked your mouse right here? You will") in 1994. Graphics for AT&T and Zima, at just 468 pixels wide and 60 px tall began shortly thereafter. All of this after the shiny 737/800 was finished and sold. So I stand by my statement that the planes are and internally pre internet.
Can a $1 calculator download porn? No. But if you solider new chips into it and a new screen and a new os then yes. But is it a calculator now no it isnt. He's suggesting that insitu hacking of the plane which just his magic box. That's not possible. Now if someone has both computer hardware, programming and avionics skill sets and access to a plane on the ground could he? Yes. But it would require the same bastardization and the flight data recorder would know. That's what really did Roberts in. What he suggested would be recorded. And doing it is a felony.. And he wasn't playing with a rig at home. He tweeted while in flight that he should drop the passenger oxygen masks after taking over the system. If it wasn;t for Baltimore and Ferguson he would have vanish. He still needs to be charged with 'incitement' and willfully interfering with the duties of a flight crew'
Shoot the glass?
Park a plane on the tarmack, if a person can take control of the plane it's theirs. That should fix the security problems.
You're confusing the World Wide Web with the Internet. A common mistake, but a mistake never the less.
You have me there. Arpanet and NSFnet existed in the sixties and in 1982, the Internet Protocol Suite (TCP/IP) was standardized and the concept of a world-wide network of fully interconnected TCP/IP networks called the Internet was introduced.