Hacker Briefly Flies Plane Sideways After Accessing Engine Systems, FBI Says
- Thread starter Maxed-out
- Start date
Fearless Tower
Touchdown! Greaser!
Right now, the big defense contractors (Boeing, Lockmart, NG....etc) are doing it to meet DoD requirements.. But from where I sit, the sky is the limit for anyone who wants to start their own business.
It is more than just transportation and defense. Think about all the apps that are constantly coming out linking everything from your personal email to bank account to Facebook. People are rolling that stuff out so fast to get ahead of the competition that most of those applications are not tested and easily hackable.
nddons
Touchdown! Greaser!
I'm envisioning a bunch of IT geeks sitting around with chubbies watching the movie WarGames scheming how they can access the 21st Century version of the WOPR (War Operation Plan Response) supercomputer.
bflynn
Final Approach
can I ask where your knowledge comes from?
I feel the need to ask because this guy was talking about An IT hack on an airplane. I've heard what you just said about other systems before, tight before they were hacked. Heck, I've said something very similar before.
I've learned the hard way not to discount hackers. So unless you can say that you're the Boeing design engineer and you know there is no network connectivity between certain systems, I'm still going to doubt.
Rigged4Flight
Cleared for Takeoff
- Joined
- Jun 11, 2012
- Messages
- 1,105
- Display Name
Display name:
Rigged4Flight
I find it beyond my ability to suspend disbelief that an airline would be run with the ability to manage flight controls remotely. Could it be done if the proper equipment were to be installed and tied in to a remote link? Sure. But I'm fairly sure that if that were the case we would have remote centers getting intimately involved when flight crews get in over their heads with a system malfunction.
I don't for a second believe that any flight controls that are capable of being remotely commanded are linked to the in-flight entertainment network. Prove it is so, and I'll heap praises and accolades on you. In the meantime, I'm not buying it for a second.
And by the way - none of the passengers on the flight in question said anything about any sudden course changes. Funny that they wouldn't notice anything amiss happening when the plane suddenly starts flying sideways.
Last edited:
nddons
Touchdown! Greaser!
Maybe he was controlling Dutch roll with his flight sim rudder pedals which he takes with him wherever he goes.
Larry in TN
En-Route
According to the Wired article, his hack increasing engine power was done on his simulation, not in an actual airplane. All he claims to have done in actual airplanes is monitor the data traffic on the bus.
It's even worse than that...
He said he was on a B737 (800, not 700, though they are the same) and suggested that he's throw up some EICAS messages. This is laughable because NO B737 HAS EICAS!
The 737s are still built on the original design from the 1960. They have a lot of yellow lights on the instrument and overhead panels. Since they were eliminating the flight engineer, who presumably spent the flight monitoring all those panels, they added a master caution system with a recall panel. The mast caution lights up and the recall panel tells who which system (on the overhead) has a yellow light on. Very rudimentary compared to an EICAS system.
brien23
Cleared for Takeoff
So are death rays form Mars.
Lindberg
Final Approach
Well, we all here know this is bull**** because we established last month that planes cannot fly sideways.
Silvaire
En-Route
- Joined
- Oct 10, 2012
- Messages
- 4,679
- Display Name
Display name:
Silvaire
Okay, are we now assuming the guy has a time machine? Because nobody has a 737 MAX yet, maybe in a couple of years. So I'm not gonna argue about something that doesn't exist yet.
My quals: been working on these things for about 30 years, installed and did the prototype certifications for Panasonic WiFi on Airbus, 777 and 757.
Again, and I don't care if you want to believe me or not, there is no way to hack into an aircraft's flight control systems via the passenger entertainment system. I don't care if you have a whole suitcase full of specially modified LAN cables and the latest MacBook Pro. It ain't happening.
So, being that that's an outright lie. Why does this clown continue to have any credibility in anyone's eyes?
fiveoboy01
Pattern Altitude
Because it apparently makes for interesting reading?
The guy is a whacko IMO. And FOS, too.
The guy is a whacko IMO. And FOS, too.
Circuit Flyer
Pre-takeoff checklist
- Joined
- Sep 19, 2014
- Messages
- 408
- Display Name
Display name:
Circuit Flyer
I would think that if anyone could control commercial flights remotely, the airlines could, and if they could, we would not have had the recent commercial crash.
OkieAviator
Pattern Altitude
- Joined
- Aug 17, 2014
- Messages
- 1,865
- Display Name
Display name:
OkieAviator
Media will sensationalize it, then the ignorant will repeat it... Soon there will be generations of people believing that planes can be controlled through Netflix.
Lindberg
Final Approach
If the planes were flown remotely, you'd only have to worry about homicidal maniacs instead of suicidal manics.
Circuit Flyer
Pre-takeoff checklist
- Joined
- Sep 19, 2014
- Messages
- 408
- Display Name
Display name:
Circuit Flyer
Exactly.
petrolero
Pattern Altitude
Please tell us, in technical terms, why you believe it's not possible. I know we're all curious.
I'd like to believe you because a) the claim seems far-fetched but then so have many of the feats pulled off by hackers, b) I'd just like to believe that airliners can't be hacked in this way, and c) you stated your job has provided you with relevant technical knowledge. Cool.
But saying "believe me" on an internet forum doesn't work because we (maybe just I) don't know you to the extent to establish that kind of instant and unquestioning credibility. It's not personal, it's just the innterwebs.
.
Last edited:
olasek
Pattern Altitude
Because (as was stated here before) the systems are isolated from one another:
In a statement, a Boeing spokesman said in-flight entertainment systems on airliners are isolated from flight and navigation systems.
To hack anything there must be 1) a physical connection, 2) there must also be a logical connection that enables WRITE operation from the hacker's side to the other one.
jesse
Touchdown! Greaser!
Define isolated....going to need to know more than that before I start saying what's possible. Is there an air gap between every system?
- Joined
- May 18, 2007
- Messages
- 6,809
- Display Name
Display name:
jsstevens
Physically isolated (assuming no wireless capability in the control systems networks)? Can't be hacked. Logically isolated (VLAN, firewall, router etc.)? Probably can be hacked.John
- Joined
- Feb 23, 2005
- Messages
- 11,187
- Location
- Lone Jack, MO
- Display Name
Display name:
Greg Bockelman
Can data be sent through a power line? In other words, if the systems are totally isolated except for the bus they get their power from, can they still get hacked?
- Joined
- May 18, 2007
- Messages
- 6,809
- Display Name
Display name:
jsstevens
There are networking systems (including broadband in some places) that work using RF over power lines. That said, there have to be proper network interfaces connected to them.
I'm not a flight systems engineer but I've done a ton of software, systems, network and some hardware design over the years and it's hard for me to imagine a way to hack (as in take control of, rather than crash) a system via the power lines.
John
petrolero
Pattern Altitude
Yes that's what I was wondering as well. Saying "it's impossible - they're separate" is not specific enough. Nor do I need to see wiring diagrams.
I'm just wondering why it is literally impossible as opposed to "unlikely" or "extremely difficult." Because the difference means that an airliner's ability to be controlled by a passenger is only a matter of technical know-how and persistence.
Didn't the guy say he exploited a default password vulnerability? Really?? Isn't that how all those nudy pics of dumb celebs got leaked? That is like computers 101 stuff right there.
jesse
Touchdown! Greaser!
Correct, be pretty hard, only thing I can really think of is if you were able to influence a system on the bus to negatively effect the bus's integrity and in chain cause something else on that bus to respond in whatever way you wanted. Not that realistic.
I'd also wonder if there are any flight system wiring harnesses that run by locations passengers could easily access, like, behind a panel in one of the lavs for example. With enough know-know and knowledge of the systems someone could do a lot of damage if so.
olasek
Pattern Altitude
Even if there is a 'network connection' between both systems - say aircraft lat/long gets sent to IFE it is still not enough to 'hack' since the connection can very easily be made one-way only. You can't hack radio station by listening to a live program. I have spent my whole life doing network programming. Unless the flight control software is reading something from the IFE and acting upon it, it can't be hacked. And even receiving something is not enough to get 'hacked' - I can receive a virus in an email but until I open the email - hacking can't happen. By the same token I can't hack a system that sent me the email.
Last edited:
fiveoboy01
Pattern Altitude
I wouldn't blame the FBI, I'd blame the attention craving idiot who's making the claims.
- Joined
- May 18, 2007
- Messages
- 6,809
- Display Name
Display name:
jsstevens
Like many subjects, there's been an astonishing amount of ignorance displayed. But I suspect the FBI, and certainly the airlines, would rather err on the side of caution while the public eye is upon them. Simply to avoid the same astonishing amount of ignorance to combine with social (and professional) media causing a panic about air travel.
I certainly don't know enough about the actual systems and interfaces to know whether it's impossible, plausible or likely. But I KNOW what I know, and by inversion, what I don't know. I use this knowledge to try my best to not display my astonishing amount of ignorance of say, animal husbandry.
John
MAKG1
Touchdown! Greaser!
- Joined
- Jun 19, 2012
- Messages
- 13,411
- Location
- California central coast
- Display Name
Display name:
MAKG
You mean like ACARS?
Though I guess that would be more of a social engineering attack than a hack.
- Joined
- May 18, 2007
- Messages
- 6,809
- Display Name
Display name:
jsstevens
Well, I was thinking WiFi or bluetooth. Something the hacker could use to get network packets to/from the flight systems network while on the plane, again assuming the networks are physically separate.
Social engineering attacks are a whole 'nother can o' worms.
John
And the hardware in that connection must support such write operations.
kontiki
Cleared for Takeoff
- Joined
- May 30, 2011
- Messages
- 1,176
- Display Name
Display name:
Kontiki
It sounds pretty bogus to me. Maybe it's just bad reporting. Would an engine control use an instruction like "climb?" When you have people on board doing experiments with the network or wiring, I call it attempted sabotage.
petrolero
Pattern Altitude
docmirror
Touchdown! Greaser!
- Joined
- Jan 5, 2007
- Messages
- 12,008
- Display Name
Display name:
Cowboy - yeehah!
I like this. I know a decent amount of general network stuff. Enough to know that some of the statements so far are wrong. But - I don't know enough about the networks used by aviation to comment with any certainty.
A few assumptions I would make, that seem like they are no-brainers. 1) They do NOT use POE, anywhere on the plane. Power isolation due to both ground plane issues, and static(lightning) discharge would make POE unpossible. 2) They have hardened and isolated optical paths, with full shielding, maybe well above the ASDD standard, I just don't know, but it would make sense. 3) No one, with any brains at all would share the same router/switch/hub between flight controls and entertainment. The cost of a dedicated router is so low, and the bandwidth so minimal that you could put three separate chassis in every plane for the flight controls and not have any weight penalty involved. 4) No WiFi, no radio, no unpublished back door access to the flight control network - ever. Again, an assumption, but I think I can rest comfy that a flight control designer wouldn't be that stupid.
YMMV, objects in mirror, don't try this at home, pro driver closed course, and may cause anal leakage. I think the FBI are just making a spectacle of this to prove they know how to track hackers and can get in their face anytime, anywhere. It's a dog and pony all the way.
paflyer
Final Approach
Only in the movies.
Maxed-out
Pre-Flight
- Joined
- Feb 14, 2014
- Messages
- 81
- Display Name
Display name:
Maxed-out
Anybody know if 737-800 entertainment system has internet connectivity?That would certainly create the possibility of accessing other networks on the airplane.
The Government Accountability Office issued a report recently chastising the FAA for failing to address potential weaknesses in airplane cybersecurity.
http://www.gao.gov/products/GAO-15-370
According to the report, systems that connect to the Internet can potentially provide unauthorized remote access to aircraft avionics systems. The GAO report said that a third of avionic communication systems connect to the Internet, and that figure is expected to reach as high as 60 percent in five years.
From the report:
The Government Accountability Office issued a report recently chastising the FAA for failing to address potential weaknesses in airplane cybersecurity.
http://www.gao.gov/products/GAO-15-370
According to the report, systems that connect to the Internet can potentially provide unauthorized remote access to aircraft avionics systems. The GAO report said that a third of avionic communication systems connect to the Internet, and that figure is expected to reach as high as 60 percent in five years.
From the report:
denverpilot
Tied Down
Denver is a small IT community.
Talked to a source close enough to have sneezed on him.
He's now attracted the attention of folks you don't want attention from.
Things not looking good for him in the local security professional community.
Enough said.
Talked to a source close enough to have sneezed on him.
He's now attracted the attention of folks you don't want attention from.
Things not looking good for him in the local security professional community.
Enough said.
ClimbnSink
Ejection Handle Pulled
- Joined
- Oct 11, 2007
- Messages
- 6,997
- Display Name
Display name:
Greg
If they are competent bad guy catchers that would suggest he was successful at something
Rigged4Flight
Cleared for Takeoff
- Joined
- Jun 11, 2012
- Messages
- 1,105
- Display Name
Display name:
Rigged4Flight
It means he's a professional attention seeker.
Silvaire
En-Route
- Joined
- Oct 10, 2012
- Messages
- 4,679
- Display Name
Display name:
Silvaire
In technical terms? I'm not sure what you're looking for here, all I can say is that there are absolutely no connections between the passenger entertainment system and the flight control systems of a commercial airliner. Why anyone would think that there would be is beyond me. What purpose do you imagine such connections would serve? The PES does three things: it plays movies and music from the file server, dings a bell to call the flight attendant when you need your Tom Collins refilled and turns your reading light on and off. It doesn't need a connection with the Thrust Management Computer to do any of those things and if you think that the airline, Boeing or the FAA would allow Panasonic or GoGo to install a system that tapped into existing flight control and guidance systems you really need to just sit down and think about it.
the claims and allegations in this story are ludicrous, there's no other way to put it.
ClimbnSink
Ejection Handle Pulled
- Joined
- Oct 11, 2007
- Messages
- 6,997
- Display Name
Display name:
Greg
Why send out supercops for a harmless mouthy punk? Send a regular local cop to pick him up. The reaction gives him more credibility then his claims.