Chris Roberts Is the Least Important Part of the Airplane Hacking Story

← Back to Stories (view on slashdot.org)

Chris Roberts Is the Least Important Part of the Airplane Hacking Story

Posted by samzenpus on Monday May 18, 2015 @09:32AM from the hacking-the-friendly-skies dept.

chicksdaddy writes: Now that the news media is in full freak-out mode about whether or not security researcher Chris Roberts did or did not hack into the engine of a plane, in flight and cause it to "fly sideways," security experts say its time to take a step back from the crazy and ask what is the real import of the plane hacking. The answer: definitely not Chris Roberts. The real story that media outlets should be chasing isn't what Roberts did or didn't do on board a United flight in April, but whether there is any truth to longtime assurances from airplane makers like Boeing and Airbus that critical avionics systems aboard their aircraft are unreachable from systems accessible to passengers, the Christian Science Monitor writes. And, on that issue, Roberts' statements and the FBI's actions raise as many questions as they answer. For one: why is the FBI suddenly focused on years-old research that has long been part of the public record.

"This has been a known issue for four or five years, where a bunch of us have been stood up and pounding our chest and saying, 'This has to be fixed,' " Roberts noted. "Is there a credible threat? Is something happening? If so, they're not going to tell us," he said. Roberts isn't the only one confused by the series of events surrounding his detention in April and the revelations about his interviews with federal agents. "I would like to see a transcript (of the interviews)," said one former federal computer crimes prosecutor, speaking on condition of anonymity. "If he did what he said he did, why is he not in jail? And if he didn't do it, why is the FBI saying he did?"

29 of 200 comments (clear)

Min score:

Reason:

Sort:

not the real question by ganjadude · 2015-05-18 09:36 · Score: 5, Insightful

the real question to be asking is that if what the FBI is claiming is true, why has the FAA not grounded all planes of the same make yet? they have grounded planes for less in the past, the FAA doesnt really mess around

--
have you seen my sig? there are many others like it but none that are the same
1. Re:not the real question by qeveren · 2015-05-18 09:39 · Score: 4, Interesting
  
  I doubt what the FBI is claiming is true, but you gotta market the fear somehow.
  
  --
  Don't just stand there, get that other dog!
2. Re:not the real question by damicatz · 2015-05-18 09:40 · Score: 4, Informative
  
  The FBI isn't claiming anything. The affidavit simply states that Chris Roberts told the FBI agents he was able to hack the avionics of the plane.
  Frankly, it's complete bullshit. The systems are completely, physically separate. There is no way to hack the thrust from the in-flight entertainment system because they are not connected to each other. The most he'd be able to do is turn on the fasten seatbelt sign.
3. Re:not the real question by Penguinisto · 2015-05-18 09:43 · Score: 3, Informative
  
  This, right here.
  Seriously - entertainment and flight controls on subnets that are reachable from each other? What the hell was the engineering team drinking/snorting/smoking/shooting that day?
  I'm thinking that due to the lack of an emergency TCTO* , and lack of any corroborating evidence (seriously, you'd think a pilot would notify *somebody* if his airplane did something way out of the ordinary like that, even if to report bad wind turbulence/shear/whatever as a warning to ATC and other pilots in the same path)?
  Yeah... not so sure the FBI's assertion holds that much water. Awaiting more evidence and/or corroboration on that one.
  * Time Compliance Technical Order - at least that's what the USAF used to call it. Dunno what they call it nowadays in the civilian world.
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
4. Re:not the real question by Mr+D+from+63 · 2015-05-18 09:49 · Score: 3, Informative
  
  The FBI isn't claiming anything.
  Exactly. They are just saying what they are investigating based on claims from Roberts himself. Roberts meanwhile has been anything but clear on what he's done.
5. Re:not the real question by mcrbids · 2015-05-18 09:52 · Score: 4, Insightful
  
  It's only bullshit if Chris Roberts was actually lying. And validating it is pretty straightforward: Did the plane yaw, as was claimed? Can Chris' software cause it to happen again?
  It's a pretty simple test. And as far as Chris' treatment, if he's been trying to tell people about this vulnerability and getting the cold shoulder, he's as innocent as they get and should be compensated for time served.
  
  --
  I have no problem with your religion until you decide it's reason to deprive others of the truth.
6. Re:not the real question by AK+Marc · 2015-05-18 09:52 · Score: 4, Informative
  
  The affidavit simply states that Chris Roberts told the FBI agents he was able to hack the avionics of the plane.
  It's not illegal to be "able" to hack something. A crime is an illegal act, done at a specific time and place. You can't charge someone with having killed "someone" unless you name that someone. You can't even charge them if you have a name of the murdered, unless you have a time and place named.
  
  You can get a warrant for someone "able" to do it, and they did. If they arrested him, the charge should specify what he did that was illegal, and when and where it happened. I haven't seen a pic of the actual arrest paperwork, but the media stated it was for hacking a specific flight. This means that the media reports are that he was arrested for actually having caused a flight-path diversion mid-flight by controlling (at least part of) the flight control systems from his passenger seat.
  
  --
  Learn to love Alaska
7. Re:not the real question by ganjadude · 2015-05-18 09:58 · Score: 5, Informative
  
  he made it clear that he did so in a simulator, not on a real plane in the sky. the FBI is taking it out of context to scare people and the media is complicit in this as well for not doing basic journalist research
  
  --
  have you seen my sig? there are many others like it but none that are the same
8. Re:not the real question by wonkey_monkey · 2015-05-18 09:59 · Score: 5, Insightful
  
  Frankly, it's complete bullshit. The systems are completely, physically separate. There is no way to hack the thrust from the in-flight entertainment system because they are not connected to each other.
  What are your qualifications to be able to say so?
  The systems should be separate. There should be no way to hack into avionics. That doesn't necessarily make it so.
  If you really do know, then great, I am more informed than I was previously was.
  
  --
  systemd is Roko's Basilisk.
9. Re:not the real question by john.r.strohm · 2015-05-18 10:06 · Score: 4, Informative
  
  The corresponding FAA term is "Airworthiness Directive" (AD). An AD is a very big deal.
  The in-flight entertainment (IFE) systems receive navigation data from the flight deck computers so they can display the moving maps and other stuff on the entertainment displays, for those passengers who want to know "where am I", "are we there yet", "is it time to reset my watch because we've crossed a time zone and I'm trying to adjust my body clock".
  I would be shocked to learn that Boeing allowed the IFE to put ANY kind of data into the flight deck computers. I'd actually expect Boeing to use a one-way interface, one that transmits but does not receive: think RS-232 with one of the pins removed. I'd be almost as shocked to learn that Airbus did something like that. However, Airbus's comment about "firewalls" does not exactly inspire me to confidence in their airplanes.
  There's something else. If Mr. Roberts did in fact do what the FBI claimed he said he did, I would have expected the air up in the cockpit to have turned very blue, as the pilots said (screamed, actually) something along the lines of what the Apollo 8 crew said (screamed, actually) when their CSM did an uncommanded thruster burn. I would further expected them to take manual control immediately, get on the radio immediately, declare an emergency because of the uncommanded engine power setting change, and land at the nearest airstrip that could handle the airplane. I would further expect maintenance crews to pull the flight data recorders to find out WTF just happened.
10. Re:not the real question by grimmjeeper · 2015-05-18 10:14 · Score: 5, Interesting
  
  The systems are completely, physically separate.
  Considering that both the Avionics systems and the in flight entertainment systems are both able to reach the SATCOM radios, I'm not sure this assertion is true.
  I've spent a great deal of my career working on avionics systems and did work on early Ethernet implementations in the late 90's, well before ARINC came up with AFDX/664 standards. Back then we restricted Ethernet to single point to single point dedicated channels with no switching or routing of any kind. The first vague ideas of having an in-flight entertainment network were starting to form. But at the time, it was just high level R&D.
  From what I've been able to piece together is that Chris Roberts bought an under-seat device and hooked up something in his basement for proof-of-concept attacks into the avionics network. But without all of the rest of the equipment, he had to build up his system with commercial grade equipment. And that's where his "hacking the engine controls" story falls apart. Sure, he may have been able to get a specifically formatted packet through the IFE network and send it out the port that connects to the rest of the plane. And with his generic Ethernet switches, he may have been able to get that packet through to where he thought the engine control computer was. But his model is flawed.
  AFDX/ARINC 664 is an entire structure built on top of the physical layer of Ethernet. While it may use Ethernet frames to pass the data, there's a ton of bandwidth management and strict routing management built on top of it. Assuming for the sake of argument that the avionics network was indeed set up correctly, there's no way an engine control packet coming from the IFE network would be routed. The filters would see that the IFE port isn't authorized to send that data and it would be dropped, perhaps with an error log of some kind. The only thing the IFE network should be able to talk to is the SATCOM radio and only within very specific parameters. There's no way a properly set up avionics network is vulnerable to an attack like this.
  Of course, that begs the question. Did they set up their avionics network correctly? It's highly likely that they did, but I'm not going to say with 100% certainty that there are absolutely zero vulnerabilities. Suffice it to say, I'm extremely skeptical of Roberts' claims. But I will stop short of saying that he is, without question, full of it.
11. Re:not the real question by R3d+M3rcury · 2015-05-18 10:28 · Score: 4, Insightful
  
  And I assume there are a couple of pilots on the flight who could easily verify if this was the case.
12. Re:not the real question by SpankiMonki · 2015-05-18 10:40 · Score: 4, Interesting
  
  Name 1 reason an active port under an uncontrollable passengers seat needs to have access to avionics or any critical system?
  History. As was pointed our to me in an earlier discussion on this topic, bean counters might have played a role in consolidating ALL electronic systems in an aircraft, thus tying its avionics with its in-flight entertainment systems.
13. Re:not the real question by Anonymous Coward · 2015-05-18 10:46 · Score: 5, Informative
  
  According to Bruce Schneier they're not physically separated: "Newer planes such as the Boeing 787 Dreamliner and the Airbus A350 and A380 have a single network that is used both by pilots to fly the plane and passengers for their Wi-Fi connections."
  See also Figure 4 of this GAO report: http://www.gao.gov/assets/670/669627.pdf. There's a firewall protecting the command-and-control avionics from the passenger's network. Both the avionics systems and the passenger network utilize the same egress to the ground. Per the report: "Firewalls protect avionics systems located in the cockpit from intrusion by cabin system users, such as passengers who use in-flight entertainment services onboard."
  Older planes had physically separate networks. Newer ones, not so much. Of course, maybe the security is bullet-proof. Doubtless there are access controls at the ethernet layer much more sophisticated than your standard network. And it'd be very surprised if Chris Roberts wasn't lying or grossly exaggerating. But regardless the systems are _not_ physically separate.
14. Re:not the real question by Anonymous Coward · 2015-05-18 11:16 · Score: 4, Informative
  
  I've been to Roberts' lectures. There is a piece of information that he talks about but is left out his slide deck and other documentation that is missing in the media reports. That piece is the actual vulnerability itself.
15. Re:not the real question by AK+Marc · 2015-05-18 13:11 · Score: 3, Insightful
  
  Yes. If you are charged with the murder of Bob, by shooting him, and you can prove that he was dead from a heart attack, the most they can charge you with is desecrating a corpse, which wouldn't stick if you could prove that he was alive when you shot, and dead when it hit.
  
  Hacking doesn't have to have an effect, though. It's not a crime to make a plane divert. It's illegal to try, whether or not you succeed. So that's different.
  
  --
  Learn to love Alaska
16. Re:not the real question by JeffOwl · 2015-05-18 15:30 · Score: 4, Insightful
  
  If he did this on an actual aircraft in flight (he didn't, it's BS) then he put the lives of everyone on that plane in danger. They don't let flight control software on a plane without a well understood pedigree for a reason and he was mucking with that. If he did this on an actual plane in flight (he didn't) he belongs in jail. If he didn't do it (he didn't) then he is basically confessing to a crime that wasn't committed, and perhaps he should be committed himself, that or the FBI is full of shit and it wouldn't be the first time for that. If the entertainment system actually has a way to send data to the critical flight control systems then a bunch of engineers and executives belong in jail right beside him, and throw in some FAA folks for good measure.
17. Re:not the real question by citizenr · 2015-05-18 18:55 · Score: 3, Insightful
  
  I doubt what the FBI is claiming is true
  of course its true, they found hair evidence and everything!
  
  --
  Who logs in to gdm? Not I, said the duck.
18. Re:not the real question by Anonymous Coward · 2015-05-18 19:49 · Score: 3, Informative
  
  Name 1 reason an active port under an uncontrollable passengers seat needs to have access to avionics or any critical system?
  History. As was pointed our to me in an earlier discussion on this topic, bean counters might have played a role in consolidating ALL electronic systems in an aircraft, thus tying its avionics with its in-flight entertainment systems.
  There's no way any designer would mix a Safety Critical System with a Non-Safety Critical System, no matter what the cost "benefits" might appear to be...
  DO-254 requires an astronomical (ha!) amount of verification and hence effort/cost. The physical segregation of Safety Critical Systems from Non-Safety Critical Systems is essential to reduce complexity, improve predictability and decrease verification costs. Keep in mind that the verification of these systems costs 100x what it does to design and implement them (if not more).
  In saying that, you can run a black channel (safety critical information mixed with non-safety critical information), but as per IEC-61784, these must be categorically protected against masquerade (as well as the usual sources of error). So even if our chump of a hacker could gain access to the network, they would be unable to influence any Safety Critical Systems.
  Bean counters don't sit at this table.
19. Re:not the real question by Xiaran · 2015-05-18 20:18 · Score: 4, Funny
  
  No. It is because when the generic olive skinned hijackers take over the aircraft the hero can hack into the system with the assistance of the plucky, attractive flight attendant and save the presidents life. Duh.
20. Re:not the real question by deadweight · 2015-05-19 01:16 · Score: 5, Informative
  
  I am a commercial pilot and the term "dog tailing" is a new one for me. Also I would *very much* notice an uncommanded change in engine power.
Hmmm... by fuzzyfuzzyfungus · 2015-05-18 09:46 · Score: 4, Insightful

It's almost as though the FBI is being hamfisted and incompetent again; but that couldn't be right...
I wonder how this will affect SC? by chris200x9 · 2015-05-18 09:54 · Score: 4, Funny

I wonder how this will affect the development of Star Citizen?
Sounds like a bad translation by Ken_g6 · 2015-05-18 10:10 · Score: 4, Funny

"Stop: Fly sideways!"

--
(T>t && O(n)--) == sqrt(666)
Re:Boeing Engineers... by grimmjeeper · 2015-05-18 10:26 · Score: 5, Informative

Logical? Yes. Physical? No.
Speaking as someone who worked for a Boeing subcontractor who designed their on board computers, I can tell you that there is a physical connection. There's only one set of SATCOM radios on board. The avionics systems use it for some of their communications and have for a long time. The airlines wanted to monetize the extra bandwidth by selling access to the passengers for a price. I am told they didn't add a second set of radios to provide bandwidth to the passengers.
So at the very least, there is a switch that connects the avionics network, the in flight entertainment network, and the SATCOM radios. And while this is a physical connection, there is a fair amount of confidence that it's still a logical separation. The AFDX/ARINC 664 standard is pretty extensive and allows for very strict connection management. While Roberts may have been able to get a packet out of the IFE network and have it look like an engine control message, there's very little chance that packet would make it anywhere close to the engine control computer. Of course, that assumes that the avionics network was set up correctly. And that's a pretty good assumption given the safety requirements in place for avionics design. Still, there's that one in a million shot that there is an exploitable flaw. It's probably less chance than that, but it's not guaranteed to be zero.
Re:Boeing Engineers... by PPH · 2015-05-18 10:39 · Score: 4, Insightful

Except that Boeing asked the FAA for a Special Condition to allow just such an interconnection.

--
Have gnu, will travel.
Re:Two radios? by grimmjeeper · 2015-05-18 11:03 · Score: 3, Informative

Because that adds weight and power consumption for no good reason. When it comes to that, the airlines and the manufacturers are pretty religious about reducing both. Every extra ounce reduces fuel efficiency. Every milliwatt consumed reduces efficiency. If you don't have to have two separate GPS units, you're not going to have them on the plane. The networking standards for avionics systems are capable of having the two networks connected together to share the data without letting one impact the other. So they do it that way rather than have two receivers on board.
Re:Boeing Engineers... by I'm+not+god+any+more · 2015-05-18 13:26 · Score: 3, Insightful

Except that Boeing asked the FAA for a Special Condition to allow just such an interconnection.
Which was granted: http://www.gpo.gov/fdsys/granu...
Re:Boeing Engineers... by Anonymous Coward · 2015-05-18 14:38 · Score: 3, Informative

Specifically, I suspect he set up his basement simulator with a regular commercial ethernet router standing in for a real ARINC 664 / AFDX router. An ethernet router will route AFDX packets just fine, since they look the same, but it will also pass malformed packets, packets that are not in the ICD, and packets that are sent at the wrong time. A real AFDX router has a table of every packet that's allowed on the network, along with the specific times when these packets are to be sent, and it drops any noncompliant packets. This is done to eliminate any chance of frame collisions, but it's also makes a lot of traditional attacks very difficult.