Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chris Roberts Is the Least Important Part of the Airplane Hacking Story

Posted by samzenpus on from the hacking-the-friendly-skies dept.

chicksdaddy writes: Now that the news media is in full freak-out mode about whether or not security researcher Chris Roberts did or did not hack into the engine of a plane, in flight and cause it to "fly sideways," security experts say its time to take a step back from the crazy and ask what is the real import of the plane hacking. The answer: definitely not Chris Roberts. The real story that media outlets should be chasing isn't what Roberts did or didn't do on board a United flight in April, but whether there is any truth to longtime assurances from airplane makers like Boeing and Airbus that critical avionics systems aboard their aircraft are unreachable from systems accessible to passengers, the Christian Science Monitor writes. And, on that issue, Roberts' statements and the FBI's actions raise as many questions as they answer. For one: why is the FBI suddenly focused on years-old research that has long been part of the public record.

"This has been a known issue for four or five years, where a bunch of us have been stood up and pounding our chest and saying, 'This has to be fixed,' " Roberts noted. "Is there a credible threat? Is something happening? If so, they're not going to tell us," he said. Roberts isn't the only one confused by the series of events surrounding his detention in April and the revelations about his interviews with federal agents. "I would like to see a transcript (of the interviews)," said one former federal computer crimes prosecutor, speaking on condition of anonymity. "If he did what he said he did, why is he not in jail? And if he didn't do it, why is the FBI saying he did?"

5 of 200 comments (clear)

  1. Re:not the real question by qeveren · · Score: 4, Interesting

    I doubt what the FBI is claiming is true, but you gotta market the fear somehow.

    --
    Don't just stand there, get that other dog!
  2. Re:not the real question by grimmjeeper · · Score: 5, Interesting

    The systems are completely, physically separate.

    Considering that both the Avionics systems and the in flight entertainment systems are both able to reach the SATCOM radios, I'm not sure this assertion is true.

    I've spent a great deal of my career working on avionics systems and did work on early Ethernet implementations in the late 90's, well before ARINC came up with AFDX/664 standards. Back then we restricted Ethernet to single point to single point dedicated channels with no switching or routing of any kind. The first vague ideas of having an in-flight entertainment network were starting to form. But at the time, it was just high level R&D.

    From what I've been able to piece together is that Chris Roberts bought an under-seat device and hooked up something in his basement for proof-of-concept attacks into the avionics network. But without all of the rest of the equipment, he had to build up his system with commercial grade equipment. And that's where his "hacking the engine controls" story falls apart. Sure, he may have been able to get a specifically formatted packet through the IFE network and send it out the port that connects to the rest of the plane. And with his generic Ethernet switches, he may have been able to get that packet through to where he thought the engine control computer was. But his model is flawed.

    AFDX/ARINC 664 is an entire structure built on top of the physical layer of Ethernet. While it may use Ethernet frames to pass the data, there's a ton of bandwidth management and strict routing management built on top of it. Assuming for the sake of argument that the avionics network was indeed set up correctly, there's no way an engine control packet coming from the IFE network would be routed. The filters would see that the IFE port isn't authorized to send that data and it would be dropped, perhaps with an error log of some kind. The only thing the IFE network should be able to talk to is the SATCOM radio and only within very specific parameters. There's no way a properly set up avionics network is vulnerable to an attack like this.

    Of course, that begs the question. Did they set up their avionics network correctly? It's highly likely that they did, but I'm not going to say with 100% certainty that there are absolutely zero vulnerabilities. Suffice it to say, I'm extremely skeptical of Roberts' claims. But I will stop short of saying that he is, without question, full of it.

  3. Re:not the real question by SpankiMonki · · Score: 4, Interesting

    Name 1 reason an active port under an uncontrollable passengers seat needs to have access to avionics or any critical system?

    History. As was pointed our to me in an earlier discussion on this topic, bean counters might have played a role in consolidating ALL electronic systems in an aircraft, thus tying its avionics with its in-flight entertainment systems.

  4. Re:Hmmm... by tomhath · · Score: 1, Interesting

    More like an attention whore tried a little too hard to get attention.

  5. Re:not the real question by Anonymous Coward · · Score: 2, Interesting

    Great post.

    From the WIKI page on afdx, it appears that AFDX expects all systems are physically connected together, but logically separated by routing tables in the switches. The logical separation seems fairly simple, so maybe it is not hackable. But 'maybe' is not a good word to have to use for this sort of thing. Without more info, it seems impossible to say. This really makes Airbus saying 'naturally' we don't discuss this stuff counterproductive.

    The question is, from where he was able to connect, can he send packets to a box that in turn has the ability to send stuff to the flight control stuff (or the box controlling the routing)?

    Perhaps he setup a test system in his basement with normal Ethernet switches and was able to do something interesting that would not have worked in the air with real AFDX switches?