Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

May 17, 2015

Hijacking Planes and the Forgotten Network on ≤ 5,577 Planes

Filed under: Cybersecurity,Security — Patrick Durusau @ 1:49 pm

The recent flare of discussion about hijacking airlines armed only with a laptop was due in part to: AIR TRAFFIC CONTROL: FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen GAO-15-370: Published: Apr 14, 2015. Publicly Released: Apr 14, 2015.

The executive summary reads in part:

Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems. As part of the aircraft certification process, FAA’s Office of Safety (AVS) currently certifies new interconnected systems through rules for specific aircraft and has started reviewing rules for certifying the cybersecurity of all new aircraft systems.

Security expert Bruce Schneier comments on this report, saying in part:


The report doesn’t explain how someone could do this, and there are currently no known vulnerabilities that a hacker could exploit. But all systems are vulnerable–we simply don’t have the engineering expertise to design and build perfectly secure computers and networks–so of course we believe this kind of attack is theoretically possible. (emphasis added)

Bruce may be right about wireless networks, but what about someone plugging directly into an existing network on a:

(In service statistics from: Airfleets.net.)

An FBI search warrant obtained on April 17, 2015 reads in part:

18. A Special Agent with the FBI interviewed Chris Roberts on February 13, 2015 and March 5, 2015 to obtain information about vulnerabilities with In Flight Entertainment (IFE) systems on airplanes. Chris Roberts advised that he had identified vulnerabilities with IFE systems on Boeing 737-800, 737-900, 757-200 and Airbus A-320 aircraft. Chris Roberts furnished the information because he would like the vulnerabilities to be fixed.

19. During these conversations, Mr. Roberts stated the following:

A. That he had exploited vulnerabilities with IFE systems on aircraft while in flight. He compromised the IFE systems approximately 15 to 20 times during the time period 2011 through 2014. He last exploited an IFE system during the middle of 2014. Each of the compromises occurred on airplanes equipped with IFE systems with monitors installed in the passenger seatbacks.

B. That the IFE systems he compromised were Thales and Panasonic systems. The IFE systems had video monitors installed in the passenger seatbacks.

C. That he was able to exploit/gain acccess to, or “hack” the IFE system after he would get physical access to the IFE system through the Seat Electronic Box (SEB) installed under the passenger seat on airplanes. He said he was able to remove the cover for the SEB under the seat in front of him by wiggling and squeezing the box.

D. After removing the cover to the SEB that was installed under the passenger seat in front of his seat, he would use a Cat6 ethernet cable with a modified connector to connect his laptop computer to the IFE system while in flight.

E. He then connected to other systems on the airplane network after he exploited/gained access to, or “hacked” the IFE system. He stated that he then overwrote code on the airplane’s Thrust Management Computer while aboard a flight. He stated that he successfully commanded the system he accessed to issue the “CLB” or climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after compromising/exploiting or “hacking” the airplane’s network. He used the software to monitor traffic from the cockpit system.

F. Roberts said he use Kali Linux to perform penetration testing of the IFE system. He used the default IDs and passwords to compromise the IFE systems. He said that he used VBox which is a virtualized environment to build his own version of the airplane network. The virtual environment would replicate airplane network, and he used virtual machine’s on his laptop while compromising the airplane network.
… (emphasis added)

The FBI search warrant wasn’t based on hacking wireless networks, but an old fashioned hardwire connection to the network.

Assuming Roberts wasn’t trying to impress the FBI agents (never a good idea), there are approximately 5,577 planes that may be susceptible to hardwire hacking into the avionics system. (Models change over production and maintenance so the susceptibility of any particular airplane is a question of physical examination.)

If I were still flying, I would be voting with my feet on airline safety from hardwire hacking.

PS: I first saw the search warrant in: Feds Say That Banned Researcher Commandeered a Plane. by Kim Zetter.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress