Plane not actually commandeered by wi-fi that was not actually hacked
-
Hack that.
That's what ought to happen (except you'd probably convert the messages further on the insecure side before sending on to the main ethernet) but the worry remains that someone will get the “smart” idea to save some weight by cutting all that stuff, probably with a transitional stage where the interface adapter is done entirely in silicon, and then done in just software.
I know how people operate. :(
-
but the worry remains that someone will get the “smart” idea to save some weight by cutting all that stuff, probably with a transitional stage where the interface adapter is done entirely in silicon, and then done in just software.
And that's why the design notes, schematics, etal for that box would
- have a detailed explanation and security case for why it's designed that way
- have a "DO NOT DELETE THIS SERIAL LINK OR INTRODUCE A RETURN CHANNEL" note plastered next to the serial link on the schematic
- have a "THIS IS THE ONLY IC THAT CAN STRADDLE THE SECURITY BOUNDARY" note plastered on the serial buffer/driver IC (on the schematic, and presumably wherever else it appears -- heck, have it in the PCB silk too for that matter)
- have a stern warning in them that any PHB who dares disregard the security case, notes, etal will get a no-parachute D.B. Cooper ride courtesy of the security auditors.
-
Because jet fuel can't melt steel beams.
Boeing responded to the GAO report with a statement saying that a pilot manual override system would prevent someone from successfully commandeering its planes in this way.
Oh, so this is a complete non-issue then.
-
Because jet fuel can't melt steel beams.
>Boeing responded to the GAO report with a statement saying that a pilot manual override system would prevent someone from successfully commandeering its planes in this way.
Oh, so this is a complete non-issue then.
Yeah, besides Alternate and Direct Law, there's still Mechanical Law as well (at least in an Airbus)
-
>Boeing responded to the GAO report with a statement saying that a pilot manual override system would prevent someone from successfully commandeering its planes in this way.
Oh, so this is a complete non-issue then.
Wasn't there recently a plane that was commandeered using the manual override system?
-
Oh, so this is a complete non-issue then.
Yeah, at least from the Boeing POV -- even if they compromised the primary flight computers (no mean feat, mind you) without getting the pilots' attention with a storm of warnings on the EICAS, the pilots could simply flip the "PRIMARY FLIGHT COMPUTERS" switch to DISC, and the bad guys would be SOL at that point as that causes the Actuator Control Electronics boxes to completely stop listening to the Primary Flight Computers.
(That's the case for the Boeing 777 and presumably the 787 and 747-8 as well. For the Airbus fly-by-wire system, see below.)
Wasn't there recently a plane that was commandeered using the manual override system?
Err, rogue flight crew are a totally different problem...(and not a new one, either)Yeah, besides Alternate and Direct Law, there's still Mechanical Law as well (at least in an Airbus)
The Airbus philosophy relies more on the computers' ability to detect failures and put themselves into a degraded operating mode; getting into Mechanical Law (manual stabilizer trim + rudder pedals only) yourself requires a bit of button pushing -- there are individual OFF switches on the overhead panel for each flight control computer (ELAC, SEC, FAC). These are usually used to reset individual computers as part of a non-normal procedure, but could be used to switch off hacked flight control computers in a pinch...
-
If TDWTF members are as good at airplanes as we are at dischorse, I expect to see a Burns image of contrails in the sky at 5pm EST :TROLLFACE:
Also, I expect this clearly trolling statement to appear in FBI/NSA/CIA databases.
HEY FBI/NSA/CIA GUYS, I'M JUST KIDDING, SEE THE :TROLLFACE:??
-
Again, if you have physical access, you already have bigger problems than hacking.
-
"He hacked my computer!"
"What was it, phishing? Buffer overflow? XSS?"
"No, he used a hatchet."
-
OK, like one time, I was out in the parking lot Tryin' to remove my excess earwax with a golf pencil When I see this guy Marty tryin' to carry a big ol' sofa up the stairs all by himself So I, I say to him, I say "Hey, you want me to help you with that?" And Marty, he just rolls his eyes and goes "No, I want you to cut off my arms and legs with a chainsaw"
So I did
And then he gets all indignant on me
He's like "Hey man, I was just being sarcastic"
Well, that's just great
How was I supposed to know that?
I'm not a mind reader for cryin' out loud
Besides, now he's got a really cute nickname - Torso-Boy
So what's he complaining about?
-
"Even people who are familiar with how computers work have trouble getting their minds around [our bullshit]."
"the electrical current and molecular structure of the central processing unit is altered, [causing economic collapse as the new technology makes centuries of manufacturing processes obsolete]"
"As shocking as this is, it shouldn't surprise anyone. It's just the next step in an ever-escalating progress of [bullshit that we feed to extremely gullible old ladies]"
"Come withing two digits of cracking an 87-digit Russian security code that would have sent deadly missiles hurtling toward five of [our readers who have realized this scenario is the only one that is actually possible]".
"Soon it will be sold to terrorists cults and [Westboro Baptist Church, making funerals everywhere that more deadly]"
"That means anyone who has a quarrel with you, holds a grudge against you or just plain doesn't like your looks, can [troll you all over the internet with this bullshit, because those idiots wouldn't know how to use this technology even if it did exist]"
-
if the switch gets messages on the wrong port it drops them. "What? According to the configuration set when this network was designed in the factory, flap control messages only come from interface 2. Who's this joker sending flap control messages on interface 16? Shutting down interface 16 and sending a warning up to MFD #1 now..."
The joker sending flap control messages on interface 16 has just DOSed interface 16. How sure are you that this can never matter?
-
CAN bus, which is over TCP/IP.
Not really; CAN is more equivalent to PPP, though it does some IP like stuff too (though you generally don't split messages across multiple CAN packets) - there are tons of TCP/UDP equivalents spoken over it (J1939, J1708, ODB I, ODB II, and CANOpen to name a few of the most popular), and every vehicle manufacturer has their own set of PDNs and SPNs associated with them, each with their own multiplier and offset to convert the binary value to the actual measurement. Additionally, I can't think of any popular vehicle-based protocols that allow routing across the underlying nodes.
The reason for the physical insecurity of CAN is that everything that you can talk to on the bus sits on the same bus and contends for time on it. Every CAN bus has two ends and they either have a node or a terminating resistor at them. If you build your ECU right, you can insulate your car from the most dangerous problems if your drive-by-wire CAN is physically separate from the management/display CAN and your engine/driving interface CAN(s). I think all car manufacturers have finally moved to this, but you still have to be able to re-program the ECU from somewhere (in case of unintended acceleration), so there's always some risk.
You can gain access to CAN with your laptop easily only because the hardware to access the bus is commodity and costs less than $100 for hardware and software. It's what all the cool kids use to FUBAR the ECU in their rice racer.
-
The joker sending flap control messages on interface 16 has just DOSed interface 16. How sure are you that this can never matter?
Well, in theory something like that could result in a plane crash, true. However, simply cutting the cables would be a much easier way to achieve that.
There's also the issue of there always being two redundant data channels - so you'd have to corrupt two ports.
-
The joker sending flap control messages on interface 16 has just DOSed interface 16. How sure are you that this can never matter?
As I understand it, you normally don't have multiple switches (except for the redundant network, of course) on an airplane. Each port goes to a single device only, so in my example port 16 would be to the ill-advised avionics-connected wireless access point.
-
Each port goes to a single device only, so in my example port 16 would be to the ill-advised avionics-connected wireless access point.
(Speaking from the Airbus side of things, but the concepts still hold if you're on a Boeing.)
Besides, if an ELAC suddenly starts thinking it's a SFCC, you probably don't want to trust that particular ELAC to control elevators or ailerons, either -- who knows what happened to it? Better to disconnect it from the network and the output servos and pop an ECAM message complaining "ELAC 1 FAULT" than to confront the pilots with messed-up flight controls.
-
-
Because jet fuel can't melt steel beams.
The hilarious part about this 9/11 "truther" argument is that all you need to cook steel that has lost (or never had) fireproofing is a big propane torch.
-
The hilarious part about this 9/11 "truther" argument is that all you need to cook steel that has lost (or never had) fireproofing is a big propane torch.
Not to mention that you don't need to melt steel for it to lose structural integrity.
-
Not to mention that you don't need to melt steel for it to lose structural integrity.
Aye -- the "spaghettification" happens well before the steel actually reaches its melting point.
About the only thing that saved 1 and 2 WTC from collapsing within minutes of impact due to defireproofed steel being exposed to the fire was the fact there was enough thermal mass there to sink the heat from the fire for a while -- but once the structure got hot enough to start failing, it was all over, doubly so due to the building design.
-
9/11 "truther"
Obligatory:
(http://www.geeksofdoom.com/2011/09/01/the-conspiracy-behind-the-destruction-of-saurons-tower-in-the-lord-of-the-rings)
-
Ha!
Besides, I bet I wouldn't have to go that far to make Sauron wish he hadn't built that tower ;)
[spoiler]Just give me a copy of the as-builts and I'll do the rest of the planning...[/spoiler]
Filed under: stack effect, man, do you speak it?
-
Relevant:
-
While I stand behind the security principle arguments, I find that part of the reason there is so much confusion is because I mixed up a previous system, ACARS, with the current system of discussion, ARINC-664. They are both avionics systems but have entirely different purposes. The security argument is old and ongoing. If you read this, please keep the qualification in mind.
This is also relevant, but not so funny: Amateurs Produce Amateur Cryptography. The fundamental point is that the "professionals" that designed the Open Smart Grid Protocol didn't actually bother to bring in security professionals to ensure that system was secure. It isn't; and arguably it is as important as the security on the plane because this is our power grid that can be affected--literally brought down by all these insecure smart meters.
It is trivially insecure because it was designed to work, and work cheaply, by engineers who assumed they were competent to do anything, including good security. As is so often the case, proper security was/is a low priority.
That generalizes to this thread: We have a plane with a network that interconnects, and security designed by engineers, within the limitations of their knowledge, with a primary focus of flying, and told to keep costs low by PHB management. They claim the system is secure, but who proved that? "Well, we did, so there."...and we just have to hope in they weren't as myopic as the Open Smart Grid Protocol people. Which is actually a rather forlorn hope when for profit business designs protective systems of any kind.
Worse, the system must survive all future cost-cutting moves and the next generation of engineers who mutter to themselves, "WTF were they thinking?!" And remove all those "unneeded" security protections because they are just soooo much pain to work around.
I would feel much more comfortable with the security of the avionics if, say, 100 hackers had been called in, given open access to all the plans, and two months to break it every way they can think of. Because that is how you test security: If you need to hide the plans to keep it secure, then it is not secure.
(The latter is referred to as "security by obscurity" which is a major
in security circles. In a secure system, the only secret is a key that can be changed. If you need to keep immutable details of the system secret to achieve its security then it is not secure...because immutable details can't be updated when the plan leaks...and, one way or another, the plan always leaks.)So as with Open Smart Grid Protocol and nuclear plants before that and airplane engines before that; on and on ad infinitum, they will test the security of an avionic/public network with us for guinea pigs.
-
Good grief, this fallacy again: "Oh noes, one system has been proven insecure! That means everything else must be insecure too!"
Did you actually read this thread? Or were you just spreading FUD for the sake of spreading FUD?
The plane's network security is not obscure and it's not kept hidden. It's secure for the simple reason that the methods used to make sure that a plane stays in the air even in the event of equipment failure also make sure that hacking a plane's flight mechanics network is pretty much a very hard thing to do.
And with "very hard" I mean: It would be easier and less time consuming to smuggle powertools on board to saw and drill through the cockpit door in order to gain control over the plane.
-
Good grief, this fallacy again: "Oh noes, one system has been proven insecure! That means everything else must be insecure too!"
I'm no security expert, but I think you misunderstood. The claim is not that any specific system is insecure, it's that every system will fall eventually. There is no perfect security and if you're here arguing that some system is perfectly secure, well even as a non-expert I feel comfortable dismissing that out of hand.
And so if we take a step back and look at the bigger picture—what that means for aircraft systems:
- aircraft stay alive a long time. How many systems that were coded 30 years remain unhackable today?
- the comparison with physical security is flawed: While hacking plane systems would be more costly than breaking thru the cockpit door, the nature of electronic security is that often once a vulnerability has been found, any idiot with a bash script can exploit it.
- the same processes and procedures that you are touting here will make vulnerabilities incredibly costly to patch: Every days the planes are grounded after an 0day while the flaw is rectified and verified and certified is gonna be doing irreparable damage to public image.
-
Well, then pray tell, how exactly would you overcome a hardcoded routing table?
As such, the comparison with physical security is very much applicable.
-
See: http://en.m.wikipedia.org/wiki/Row_hammer
That kind of exploit might be possible
-
I somewhat doubt that they're using DDR3 in the switches.
-
That kind of exploit
somewhat doubt that they're using DDR3 in the switches
Same type, as in stack jumping. Is is not just for fun that you airgap management and traffic networks when you have a few servers...
-
Same type, as in stack jumping. Is is not just for fun that you airgap management and traffic networks when you have a few servers...
You do realize that they'll error check the wazoo out of any data sent over the network? I mean, we can also think about warp drives and wormholes, doesn't make them anymore real.
Fact is: It's FUD. Plain and simple.
-
Some mechanisms are inherently more secure. We're not talking about encryption protocols, we're talking about hardcoded routing tables, airgaps, and communication lines to the cabin that are one-way down to the electrical level.
-
If he was able to listen in on cockpit chatter, that connection was clearly not one way.
FBI: researcher admitted to hacking plane in-flight, causing it to “climb”
Chris Roberts "overwrote code" on Thrust Management Computer, according to affidavit.
-
http://arstechnica.com/security/2015/05/fbi-researcher-admitted-to-hacking-plane-in-flight-causing-it-to-climb/
If he was able to listen in on cockpit chatter, that connection was clearly not one way.
How exactly is "listening in on something" a two-way connection?
Does that mean that if I listen to my local radio broadcaster I'd be able to hack into their network through my car's radio? What?
Or, to alter a quote by Babbage: "I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a statement."
-
How exactly is "listening in on something" a two-way connection?
How exactly does
convey astonishment? X-shaped eyes usually indicates death.
-
How exactly does
convey astonishment? X-shaped eyes usually indicates death.I'm not sure. But the statement I responded to nearly gave me a stroke when trying to understand it, so in some ways it may actually be appropriate. :p
-
-
I presumed that they do not usually send that data to the entertainment thingies. So he had to request the data from somewhere that should have been privileged.
-
I presumed that they do not usually send that data to the entertainment thingies. So he had to request the data from somewhere that should have been privileged.
Well, let me put it this way: The article states that he used "Vortex software" to listen in. Now, maybe you could enlighten me as to what this ominous software actually does? Because it sure as hell isn't listed in a Google search.
Under the heading "Vortex" one can find the following pieces releated to software:
- A defunct gaming company
- A physics engine
- A population simulator for life sciences
- fast prototyping for robots
So, I somewhat doubt that he was even able to listen in.
-
I presumed that they do not usually send that data to the entertainment thingies. So he had to request the data from somewhere that should have been privileged.
Some airlines do, or at least used to, feed that into the entertainment system for at least some parts of some flights.I think I remember this back in the days when you had to have special headphones that were handed out in-flight and collected before the end, so you didn't get to listen to the take-off and landing, which of course would be the most interesting parts. I also recall more recently listening to ATC telling our flight into SJC to basically fly zig-zags to avoid overtaking a slower plane in front of us.
-
Some airlines do, or at least used to, feed that into the entertainment system for at least some parts of some flights.I think I remember this back in the days when you had to have special headphones that were handed out in-flight and collected before the end, so you didn't get to listen to the take-off and landing, which of course would be the most interesting parts. I also recall more recently listening to ATC telling our flight into SJC to basically fly zig-zags to avoid overtaking a slower plane in front of us.
In that case it's even less of an issue - "oh noes, he was able to listen to stuff we were already broadcasting deliberately!"
-
-
TIL. That sounds like a hell of a problem, but if it's intentional it obviously isn't.
-
And brought a case of powertools?
-
If he was able to listen in on cockpit chatter, that connection was clearly not one way.
I thought that the cockpit chatter was channel 6 on the headphone jacks.
-
That fool didnt hack shit. He TWEETED that he hacked shit. They didnt even bother to hold him or charge him with anything.
Hey u guyz hguess what i made airplaen go up some in sky!
I am pro airplane hacker now*
i am not an airplane hacker mr cia/fbi/nsa agent, that was all sarcasm
-
I won't, but someone might, and if they do, the hacking process is gonna be a lot easier for them to hire than operating powertools on a plane.
-
I won't, but someone might, and if they do, the hacking process is gonna be a lot easier for them to hire than operating powertools on a plane.
Using this mystical, unproven hacking process where every piece of evidence points strongly towards "not possible"?
Currently we only have this unsubstantiated FUD by a "researcher" who doesn't have a clue.
-
FUD
We're talking about the long-term future here. Fear, uncertainty, and doubt are the appropriate emotions.
-
- The FBI regularly lies and twists facts, both in court and out of it.
- The FAA is extremely obsessed with safety and reliability.
- The FAA hasn't grounded the planes in question.
Apply Occam's Razor.
