It was discussed at https://news.ycombinator.com/item?id=9554841. The story seems to be of greater interest than that thread satisfied, so perhaps we won't bury this one as a duplicate.
What? That's still not an excuse to attempt it on a live passenger plane in the air. You're potentially endangering not only your life but the lives of hundreds of strangers.
In an empty plane you're piloting alone, or a simulation, sure, but there's clearly a non-zero chance that the navigation hijacking could disrupt the plane enough to force an emergency landing or even cause it to crash. Even if you think you know what you're doing, there could be lots of unintended side effects from forcing the plane to make certain maneuvers.
It says that he had been telling people about these security holes for years and without effect, so he probably felt that actually doing it on a real plane would.
If his statements are true, then it would be far better him doing it and potentially endangering people, causing manufacturers to fix their planes very quickly, than a terrorist doing it and actually causing some serious damage.
The article states that he had tried telling the manufacturers for years about these vulnerabilities. That means every time one of these planes flies all passengers are at risk. If he has to pull a stunt like this to raise awareness in order for the vulnerabilities to be fixed, who is putting more people at risk? This is an ethics question and it's a hard one. There are no direct analogies. This is pretty much par for the course with security researchers and big corporations. It usually takes some big negative publicity and a public scare for a manufacturer to do a recall, which makes sense because recalls are expensive.
There are two tracks on a railroad. An unguarded lever allows someone to switch which rail the track leads to. A fellow has told the train company to secure the lever so that only their qualified individuals can pull it. They've ignored this fellow for years. The fellow see two trains are approaching on the separate tracks. They decide to pull the lever - temporarily placing the lives of everyone on each train at risk of a collision. Before the trains are in danger of switching tracks, they pull the lever again. A bunch of people were scared, but no real harm was done.
One day, a malicious person could be the one that pulls the lever and kills hundreds of people. The company has been putting lives at risk for years - but only after receiving bad press regarding the insecure lever have they decided to invest in its security.
That isn't a reasonable excuse for endangering people's lives. If he actually altered the engine output even 1% he belongs in jail. It is as simple as that.
Looking at flight information, seeing nearby aircrafts, etc are not dangerous and they provide "proof of concept." Heck he could even turn on and off the navigation lights as proof that he can "control the aircraft" without directly endangering anyone.
I am sceptical like other people here that he actually altered the engine output from the entertainment system network. If he did then that would both be a gross lapse in basic aircraft security and he actually deserves some level of legal recourse for endangering other passenger's life, as well as thanks for exposing the vulnerability.
I liken it to hacking into a car and causing the acceleration pedal to stick on momentarily when you change radio stations. It would definitely alert people to the problem, but how many lives have been endangered to alert people? In particular if he made a mistake and instead of having it stick for 1 sec he did 10 sec? Is it right to put other people's lives in the hands of his experiments? They didn't sign up to be his guinea pigs.
That is a completely invalid statement. Saying that you are willing to risk the lives of everyone on a plane, potentially killing all of them, just to demonstrate that it's theoretically possible to bring a plane down, is akin to putting a washing machine on the railroad tracks, just to demonstrate it's possible to de-rail a passenger train.
This is the sort of testing that should be done on planes without passengers.
It's a matter of ethics, not logic. I don't think there's any similarity to putting a washing machine on a train track. According to the article the hacker had reported this vulnerability years ago. That means every time the plane takes off all the passengers lives are at stake.
If you are a criminal and wish to kill people, it's pretty straightforward to de-rail a train. Every time a train leaves a station, all the passengers lives are at stake. It is 100x more easy for your average person to derail a train than it is to fuck with the avionics system on a modern jet. There are lots of opportunities to kill people if you are evil.
Thankfully, being evil is a fairly uncommon situation. But, as in the case of this hacker, being stupid apparently isn't.
You don't execute the thing that can hurt people to demonstrate that people can be hurt if that thing is executed.
Presuming (big presumption by the way) that he actually did break through the avionics firewall of an actual plane, and attempt to send commands to the flight-control system - then he deserves pretty much all the pain he's going to experience for the next 10-15 years.
But, on the flip side, if it turns out that he wasn't actually ever hacking with the flight systems of operating planes, then I wish him the best, and I hope he's able to convince people that all of this was hypothetical, a misunderstanding, and the only testing he's done has been with research systems, or test environments made available by various plane manufacturers.
You're making a number of judgements about the danger of the situation. The train analogy is also misleading.
We're now essentially arguing about which situation puts the passenger's lives at stake the most. Which is the most dangerous situation?
If we absolutely have to use an analogy we should make the train and the plane situations equal. In the case of the plane no one was hurt. Nobody even knew what had happened - not even the pilots. This might be analogous to a train "hacker" placing a washing machine on the tracks...and then removing the washing machine while the train is still at a safe distance.
There we go - the train "hacker" has shown that a washing machine can be placed on the tracks successfully and now the train companies can start to think of a solution. Maybe breaks. Or horns. Or those big cute scoops ;)
I think if you wanted to send the hacker to rot in jail (and keep your conscience) you'd have to prove that the hacker was very reckless and had no experience with avionics systems. Something tells me he knew how to run these systems though - at least enough to hack into them.
I would be very surprised and disappointed if there is any connection between flight systems and the entertainment system. As someone holds a private pilot license, I feel like the first thing that you're taught is about the various systems and how they are separated physically. It feels shocking that the entertainment system would even be on the same network.
Having said that, I once worked with a guy who used to work for Boeing. Given the work he produced while we worked together, nothing would surprise me.
I hope this just turns out to be a vocal series of lies, but I also hope it's fully investigated.
Connecting his laptop to an Ethernet port (not intended for passenger use) is enough for the FBI to consider prosecuting him, even if he didn't actually do anything else.
Only if you can actually access the flight systems from the entertainment console, which you can't. We would have already heard of a massive undertaking of securing against this vulnerability on every 747, which didn't happen. Either the airlines have been negligent or the FBI has made up a story for a fishing expedition (most likely).
You'll notice that interview with the FBI happened in February, after he gave a talk on airplane security, and this incident was in May. Apparently, whatever he said during that interview wasn't enough to get him in any trouble.
Right, but that helped to justify the warrant. Even if he's never charged, he's lost a bunch of gear. Even if he gets it back, it will not be trustable. And any plaintext information therein may hurt him.
I can't believe Boeing would connect the entertainment system to the avionics system.
But the article mentions this:
"""
After news broke about a report from the Government Accountability Office revealing that passenger Wi-Fi networks on some Boeing and Airbus planes could allow an attacker to gain access to avionics systems and commandeer a flight,
"""
Anyone could find that report? I see mention about the report on other news sites, but not the report itself.
Yeah, that report was widely cited as saying that Wi-Fi and avionics systems were connected, but as far as I can tell, it says nothing of the sort. The only point at which it mentions Boeing or Airbus at all is in the context of the FAA issuing "Special Conditions" requiring them to restrict network connectivity, and it doesn't make any reference whatsoever to Wi-Fi.
It looks to me like Wired literally made the whole thing up and a bunch of other sites took it as gospel.
It's oft-repeated that avionics and other non-flight-critical systems like IFE are isolated from each other, so...
- If he was just lying, this must be one of the stupidest publicity stunts I've seen, and planes are still as resistant to hacking as they've always been.
- If he was telling the truth, there could be some serious effects and perhaps it was his way of imparting momentum to finally fix the vulnerabilities that he claims have been around for years; if that were the case, whatever happens to him, his "sacrifice" could even be considered heroic.
I'd really like to believe it's the former, but something about the latter still feels plausible.
It likely depends heavily on which aircraft we're talking about. The new 787 is highly computerized. It would not surprise me to learn everything is on the same network and only segmented in software.
The In-Flight Entertainment network is regular Ethernet, and Flight Management System is a different format (ARINC 664/AFDX) which provides deterministic real-time connectivity.
There is a device called a Network Extension Device (NED) which is a one-way gateway between the FMS and the IFE for showing the progress of the flight to passengers.
With no knowledge of how these systems are actually implemented for aircraft, for various values of "isolated":
I once had a customer that provided energy pricing data from their network via a leased line to be put onto their website. In their case the isolation they required was provided by not running any network stack over that link - they sent a mostly raw (error correction but that was it) stream of data point to point rather than network packets, and the connection was entirely one-way - if we were to try to send anything back, nothing was listening.
Making it physically impossible for something to listen is reasonably straight forward if you control the hardware, and you can easily additionally electrically isolate the networks.
I believe this is a big misunderstanding that has snowballed recently. I think what he actually claimed was that he did all of these outrageous stunts in a network simulation that he had, not a live aircraft. That is why he has not been arrested. He wants publicity for the issue of security of aircraft computers and that's why he isn't rushing to squash these "I made the airplane do a barrel roll" stories.
What's better for raising consciousness about a potentially fatal flaw that by making people think that lives were at risk when they weren't?
Also the idea that the plane went "sideways" could have been a weird coincidence. Maybe they went through turbulence when he allegedly sent the command?
> I think what he actually claimed was that he did all of these outrageous stunts in a network simulation that he had, not a live aircraft.
Page 14 (pdf page 15) of the investigation report describes evidence of seat electronics box tampering at the location where Chris Roberts sat when he tweeted about hacking the plane. It may be a coincidence (a lot of wear-and-tear on old aircraft could be described as "evidence of tampering" if you wanted to look at it that way), but the FBI doesn't seem to think so.
Simple explanation. He did plug in to the system. He did not issue commands against a live system, but did look around. The actual manipulation occurred offline in a test environment at a different time and place.
The extravagant claims were maliciously taken out of context by the agent in order to secure whatever he wanted from a judge, trump up charges, and making it sound as if there was some dire urgency to expedite due process and rational thought.
I don't actually know anything about this case, but have seen this happen with virtually every warrant document or indictment related to computer "crime". They're an adversarial exercise in sales to further the author's agenda, not an impartial document aimed at ensuring justice.
Now his lawyer is telling him to STFU, but he's being mischaracterized in the court of public opinion.
It's important to put things to the test, but I tend to listed to people who are actually qualified and know what they're talking about. Even that RenderMan talk at DEFCON 20 came with a bunch of caveats. If you don't want to watch the whole thing, the TL;DW version is: Boeing and Airbus are not stupid, a 787 is not a D-Link wireless router and you pretty much can't get to the flight controls from the in-flight entertainment system. https://www.youtube.com/watch?v=Uy3nXXZgqmg
As explained in the linked video above (from DEFCON 22), there is a device called a Network Extension Device (NED) which is a one-way gateway between the FMS and the IFE for showing the progress of the flight to passengers.
Yeah, but I think that the main message is that there are pilots in the cockpit who can easily override any weird input. Even if it is theoretically possible (hey, you never know, right?) to impersonate avionics and mess up with the FMS/ECU/EICAS, there's no such thing as a pilot going "holy crap! the plane is going sideways and there's nothing I can do!". I'm pretty comfortable calling this whole "hacking the engines from the in-flight entertainment system" fiction.
Why on earth would you need more than a simple one way API between the FMS and IFE to be able to show inflight progress. For that matter, why would it be more complicated than a simple serial cable with just the O pin on the FMS side, and just the I pin on the IFE side to feed information at regular intervals to the IFE. I have no idea how exactly the systems are setup, but off the top of my head I can come up with several VERY simple methods of insuring that the communication between the FMS and IFE is in deed unidirectional. If this story is true, I would be highly disappointed in Boeing!
neurotech1 above says that it's unidirectional in hardware, so it's a moot point. But you could also do a simple relay server with API. FMS pushes the info to a "server" through a one way link. IFE would request the info from the server and displays it as necessary.
If true I'm kind of surprised that "they" have not banned all computers from planes. It only took one incompetent shoe-bomber to cause many fliers to have to remove their shoes for a decade.
You should have seen the screener at Gatwick that almost freaked out a few years ago when my then 3 year old son had to send his shoes through and he could see electronics in the heel.
They were the kind of shoes that lit up when he put his feet down, and the guy had clearly not seen them before - he looked at the other screeners with this terrified look on his face. Thankfully one of them reassured him that it was safe quickly enough.
Never mind that I regularly forget water bottles and/or electronics in my carry on that they either never spot or can't be bothered to do anything about.
None of this really adds up for me. The in-flight entertainment system should run completely separate from the RTOS that governs thrust, navigation, control surfaces, etc. I highly doubt these mission-critical systems would somehow be directly connected to the back-seat infotainment systems that regularly crash after a few flicks of the finger.
If true, he also risked the lives of everyone else on that plane. That's not ballsy, it's selfish and dangerous. If proven true, what he needs is a "timeout" at one of our country's many penal institutions.
Airliners are not a Heroku dyno that you can "push code" into. There aren't APIs you can call, pull requests or Docker containers. We're not talking about a webserver or a couple of rails apps. We're talking about stuff being physically separated, non TCP, non IP, non Ethernet, uni-directional connectivity. Your OSI model doesn't apply here. Your API command list doesn't apply here. Your very notion of networking doesn't apply here. This is not about releasing early and iterating. We're talking about systems with a lot of redundancy and actual physical backups where efficiency is not an issue. The devops mentality does not work in this case.
The real secret the security services are trying to hide is their complete ineffectiveness, total waste of money and hijacking for political and public manipulation.
I really don't believe any of this piddling feargeddon media manipulation nonsense - spies are jerks.
Reprinting propaganda does not count as journalism or news.
Whether or not the allegations are true (as most people are questioning here), this article is really poorly researched. There's no indication that any attempt was made to get Roberts' side of the story or to check with any other security researcher about the plausibility of the accusations.
Several people have suggested that Roberts' goal is to raise awareness about airplane safety, so perhaps he actually wanted the article published like this even if inaccurate, though it still reflects poorly on the author.
64 comments
[ 2.9 ms ] story [ 127 ms ] threadThere's no excuse for risking the lives of passengers and crew.
In an empty plane you're piloting alone, or a simulation, sure, but there's clearly a non-zero chance that the navigation hijacking could disrupt the plane enough to force an emergency landing or even cause it to crash. Even if you think you know what you're doing, there could be lots of unintended side effects from forcing the plane to make certain maneuvers.
If his statements are true, then it would be far better him doing it and potentially endangering people, causing manufacturers to fix their planes very quickly, than a terrorist doing it and actually causing some serious damage.
One day, a malicious person could be the one that pulls the lever and kills hundreds of people. The company has been putting lives at risk for years - but only after receiving bad press regarding the insecure lever have they decided to invest in its security.
The end.
Looking at flight information, seeing nearby aircrafts, etc are not dangerous and they provide "proof of concept." Heck he could even turn on and off the navigation lights as proof that he can "control the aircraft" without directly endangering anyone.
I am sceptical like other people here that he actually altered the engine output from the entertainment system network. If he did then that would both be a gross lapse in basic aircraft security and he actually deserves some level of legal recourse for endangering other passenger's life, as well as thanks for exposing the vulnerability.
I liken it to hacking into a car and causing the acceleration pedal to stick on momentarily when you change radio stations. It would definitely alert people to the problem, but how many lives have been endangered to alert people? In particular if he made a mistake and instead of having it stick for 1 sec he did 10 sec? Is it right to put other people's lives in the hands of his experiments? They didn't sign up to be his guinea pigs.
This is the sort of testing that should be done on planes without passengers.
Thankfully, being evil is a fairly uncommon situation. But, as in the case of this hacker, being stupid apparently isn't.
You don't execute the thing that can hurt people to demonstrate that people can be hurt if that thing is executed.
Presuming (big presumption by the way) that he actually did break through the avionics firewall of an actual plane, and attempt to send commands to the flight-control system - then he deserves pretty much all the pain he's going to experience for the next 10-15 years.
But, on the flip side, if it turns out that he wasn't actually ever hacking with the flight systems of operating planes, then I wish him the best, and I hope he's able to convince people that all of this was hypothetical, a misunderstanding, and the only testing he's done has been with research systems, or test environments made available by various plane manufacturers.
We're now essentially arguing about which situation puts the passenger's lives at stake the most. Which is the most dangerous situation?
If we absolutely have to use an analogy we should make the train and the plane situations equal. In the case of the plane no one was hurt. Nobody even knew what had happened - not even the pilots. This might be analogous to a train "hacker" placing a washing machine on the tracks...and then removing the washing machine while the train is still at a safe distance.
There we go - the train "hacker" has shown that a washing machine can be placed on the tracks successfully and now the train companies can start to think of a solution. Maybe breaks. Or horns. Or those big cute scoops ;)
I think if you wanted to send the hacker to rot in jail (and keep your conscience) you'd have to prove that the hacker was very reckless and had no experience with avionics systems. Something tells me he knew how to run these systems though - at least enough to hack into them.
Having said that, I once worked with a guy who used to work for Boeing. Given the work he produced while we worked together, nothing would surprise me.
I hope this just turns out to be a vocal series of lies, but I also hope it's fully investigated.
http://scifi.stackexchange.com/questions/54734/making-sense-...
But maybe they asked him point blank if he had ever pwned a real plane in flight. And he didn't didn't want to risk lying to an FBI agent. Tough call.
But the article mentions this:
""" After news broke about a report from the Government Accountability Office revealing that passenger Wi-Fi networks on some Boeing and Airbus planes could allow an attacker to gain access to avionics systems and commandeer a flight, """
Anyone could find that report? I see mention about the report on other news sites, but not the report itself.
EDIT: I think I found the report:
http://www.gao.gov/products/GAO-15-370
It looks to me like Wired literally made the whole thing up and a bunch of other sites took it as gospel.
- If he was just lying, this must be one of the stupidest publicity stunts I've seen, and planes are still as resistant to hacking as they've always been.
- If he was telling the truth, there could be some serious effects and perhaps it was his way of imparting momentum to finally fix the vulnerabilities that he claims have been around for years; if that were the case, whatever happens to him, his "sacrifice" could even be considered heroic.
I'd really like to believe it's the former, but something about the latter still feels plausible.
Roberts is the founder of One World Labs
Incidentally, not to be confused with http://en.wikipedia.org/wiki/Oneworld
The In-Flight Entertainment network is regular Ethernet, and Flight Management System is a different format (ARINC 664/AFDX) which provides deterministic real-time connectivity.
There is a device called a Network Extension Device (NED) which is a one-way gateway between the FMS and the IFE for showing the progress of the flight to passengers.
The NED for the IFE doesn't physically have the wires for two-way connectivity to the aircraft FMS network.
I once had a customer that provided energy pricing data from their network via a leased line to be put onto their website. In their case the isolation they required was provided by not running any network stack over that link - they sent a mostly raw (error correction but that was it) stream of data point to point rather than network packets, and the connection was entirely one-way - if we were to try to send anything back, nothing was listening.
Making it physically impossible for something to listen is reasonably straight forward if you control the hardware, and you can easily additionally electrically isolate the networks.
One circuit emits light, the other circuit listens to the pattern.
What's better for raising consciousness about a potentially fatal flaw that by making people think that lives were at risk when they weren't?
more examples: ~ https://youtu.be/YiPOyee_V0E inflight movement and shipbourne TO/L ~ https://youtu.be/4Sf6LQ50V2c
Page 14 (pdf page 15) of the investigation report describes evidence of seat electronics box tampering at the location where Chris Roberts sat when he tweeted about hacking the plane. It may be a coincidence (a lot of wear-and-tear on old aircraft could be described as "evidence of tampering" if you wanted to look at it that way), but the FBI doesn't seem to think so.
The extravagant claims were maliciously taken out of context by the agent in order to secure whatever he wanted from a judge, trump up charges, and making it sound as if there was some dire urgency to expedite due process and rational thought.
I don't actually know anything about this case, but have seen this happen with virtually every warrant document or indictment related to computer "crime". They're an adversarial exercise in sales to further the author's agenda, not an impartial document aimed at ensuring justice.
Now his lawyer is telling him to STFU, but he's being mischaracterized in the court of public opinion.
They were the kind of shoes that lit up when he put his feet down, and the guy had clearly not seen them before - he looked at the other screeners with this terrified look on his face. Thankfully one of them reassured him that it was safe quickly enough.
Never mind that I regularly forget water bottles and/or electronics in my carry on that they either never spot or can't be bothered to do anything about.
I mean, I've released bugs to production before, but they have never put my life at risk...
If true, he also risked the lives of everyone else on that plane. That's not ballsy, it's selfish and dangerous. If proven true, what he needs is a "timeout" at one of our country's many penal institutions.
The real secret the security services are trying to hide is their complete ineffectiveness, total waste of money and hijacking for political and public manipulation.
I really don't believe any of this piddling feargeddon media manipulation nonsense - spies are jerks.
Reprinting propaganda does not count as journalism or news.
Several people have suggested that Roberts' goal is to raise awareness about airplane safety, so perhaps he actually wanted the article published like this even if inaccurate, though it still reflects poorly on the author.