"Hacking into a plane’s critical flight controls is at least theoretically possible on some new models, computer security experts told the GAO."
Can someone explain this? I've been asking knowledgeable people all day and haven't heard a good explanation of how this could be possible. Is the IFE system really on the same physical network as the flight control system on newer planes?
And here's an interesting puzzle: if these planes are sharing a SATCOM link between their IFE and control systems, is it even possible for it to be non-software-hackable?
Is the IFE system really on the same physical network as the flight control system on newer planes?
I have no direct knowledge here, but I've heard from multiple sources that whereas past aircraft had air gaps between aeronautic and IFE systems, newer aircraft rely on a firewall to block traffic from the IFE side to the aeronautic side.
I've heard there's a one way (readonly) link from the aeronautic side to the IFE, which is used for sending the IFE a small amount of information, used to display the moving map and sensor values (altitude, temp, etc) on the seat back displays. I'm speculating, but this link could be for example some sort of legacy serial data link with only one TX->RX pin being used.
I'm also speculating, but in the case of it being a serial link (very common), it's probably ARINC-429 as that's the predominant standard in aviation low and medium (read: very low and low) speed data exchange. ( http://en.wikipedia.org/wiki/ARINC_429 )
I find ARINC-429 to be quite elegant/pleasing as an engineer and impressive for the time of its creation.
Don't know if this is even more worrisome.
FBI and Boeing denying any threat.
Either the guy is/was delusional and his 15 min of fame (like mentioned below) blew up in his face, or the systems are vulnerable and it's being downplayed (while hopefully it's being fixed).
At this point though, it's difficult to trust FBI and a corporation that has a lot to loose...
I think Boeing needs to bring in independent researchers and let them loose on some planes on the ground, either proving or disproving this whole debacle...
"Both Boeing Co. and Airbus Group NV, the world’s largest makers of commercial airplanes, have issued statements questioning Roberts’s claims."
Note that they didn't actually deny it completely. To me, this says they either don't want to say "it's impossible" for fear of liability, or that they know there are some holes and don't want to talk about it.
Also, comparing what the two companies said is interesting: I prefer Boeing's rather direct "they are isolated" response and find it far more reassuring in comparison to Airbus' wordy and vague statement.
Um, the 'statement' they issued was in an email response to the journalists. These guys reached out, and they responded, presumably with some vanilla message about how it was all poppy-cock. If they hadn't bothered to respond, you'd have gotten the same article except with "Boeing and Airbus have not been available for comment", making it just as awkward. There is no good way out for them.
This guy's claims seem bogus. But there are interconnections between the networks of the flight control systems and the entertainment network in some aircraft. Here's such an interconnect unit, the Teledyne Network Extension Device (NED)[1]: "Teledyne Controls' Network Extension Device (NED) is a high-performance and compact networking solution that facilitates data transfer between avionics systems and IP-based equipment, providing greater accessibility to a wide range of applications. This high-reliability device, built to OEM standards, combines the multiple functions of an ARINC 429 to Ethernet converter, multicast router, firewall, data loader and communication gateway, in one single and lightweight unit." See this block diagram [2] showing the NED gateway plugged into the in-flight entertainment system on one side, and the flight management system on the other.
The block diagram shows the flight management system as an output only. The NED gateway seems to be treated as an untrusted device. The flight management system (which can be thought of as turn-by-turn navigation for airplanes) does not directly fly the airplane, but the autopilot, and the human pilot, usually go where it sends them.
The NED does have the ability to update the "electronic flight bag", which contains navigational charts, aircraft manuals, and FAA and company paperwork. Those are updated frequently, so there's now a data distribution system to update them. (They used to be loose-leaf binders with frequent update packages.) But those have no connection to the flight controls.
A bigger concern is that software updates to the aircraft systems pass through the NED. Those can now be transmitted by radio to some aircraft.[3] The new files are stored on a server for updating when the aircraft is parked and the equipment is in a maintenance mode.
So, while taking over the flight controls in flight seems unlikely, some variant on a Stuxnet-type attack might be possible.
Later that day, an FBI agent examined the initial aircraft he had flown on and found evidence that boxes containing entertainment electronics on his seat and the seat in front of him had been tampered with, according to the FBI.
Well, that sucks. Messing around with the equipment on a plane like that is really a very bad idea. I don't care how 1337 you are.
He claims that he didn't and pointed out that these boxes are under seats where people ram their luggage every day and that they are usually in this kind of state.
Not sure I believe him (or them) (or anyone yet). But it is worth bearing in mind.
The IFE system has ties to the weight on wheels sensors at a minimum, meaning a ground test isn't a faithful reproduction of an air test. (That's how the IFE shuts down at touchdown, and I suspect it's how they know to push you their takeoff ads.)
Delta's system plays the Delta ad while the aircraft is still over the runway on takeoff and the entertainment shuts off in the first few seconds of rollout, as I recall.
I'd be surprised if there's a flight attendant whose duty it is to hit a button at a critical time in flight to make that happen.
He doesn't come out and say that he tampered with the controls, but he clearly states that he broke through firewalls and such (Is the unpatched Tomcat instance part of the controls or not?).
This article has a transcript of the stuff he says about the plane:
AFAIK, he made no such claim. He was on the Security Weekly podcast and said that he did no such thing.
It sounds to me that they trumped up some portion of his interview in the complaint, and are going out of their way to discredit this guy. My fear is that if Mr. Roberts is right, this will have a real chilling effect on other work in the area. If he's just a security troll, it still negatively impacts everyone.
Well, now that the FBI is weighing in, I have no choice but to believe the man's claims, because the FBI is a three-ring circus filled with nothing but clowns.
Can someone explain this? I've been asking knowledgeable people all day and haven't heard a good explanation of how this could be possible. Is the IFE system really on the same physical network as the flight control system on newer planes?
Edit: the best commentary on this appears to be the comments section on this Schneier blog post from a few weeks back - https://www.schneier.com/blog/archives/2015/04/hacking_airpl...
And here's an interesting puzzle: if these planes are sharing a SATCOM link between their IFE and control systems, is it even possible for it to be non-software-hackable?