

Hacker told FBI he made plane fly sideways after cracking entertainment system - johnnycarcin
http://aptn.ca/news/2015/05/15/hacker-told-f-b-made-plane-fly-sideways-cracking-entertainment-system/

======
verelo
I would be very surprised and disappointed if there is any connection between
flight systems and the entertainment system. As someone holds a private pilot
license, I feel like the first thing that you're taught is about the various
systems and how they are separated physically. It feels shocking that the
entertainment system would even be on the same network.

Having said that, I once worked with a guy who used to work for Boeing. Given
the work he produced while we worked together, nothing would surprise me.

I hope this just turns out to be a vocal series of lies, but I also hope it's
fully investigated.

~~~
unoti
Even the Battlestar Galactica had a ban on netowrk connectivity of the
computer systems!

[http://scifi.stackexchange.com/questions/54734/making-
sense-...](http://scifi.stackexchange.com/questions/54734/making-sense-of-
battlestar-galacticas-network-ban)

~~~
flexd
Luckily for us; there is a low risk of Cylons for the foreseeable future!

------
redwards510
I believe this is a big misunderstanding that has snowballed recently. I think
what he actually claimed was that he did all of these outrageous stunts in a
network simulation that he had, not a live aircraft. That is why he has not
been arrested. He wants publicity for the issue of security of aircraft
computers and that's why he isn't rushing to squash these "I made the airplane
do a barrel roll" stories.

What's better for raising consciousness about a potentially fatal flaw that by
making people think that lives were at risk when they weren't?

~~~
Gracana
> I think what he actually claimed was that he did all of these outrageous
> stunts in a network simulation that he had, not a live aircraft.

Page 14 (pdf page 15) of the investigation report describes evidence of seat
electronics box tampering at the location where Chris Roberts sat when he
tweeted about hacking the plane. It may be a coincidence (a lot of wear-and-
tear on old aircraft could be described as "evidence of tampering" if you
wanted to look at it that way), but the FBI doesn't seem to think so.

~~~
lawnchair_larry
Simple explanation. He did plug in to the system. He did not issue commands
against a live system, but did look around. The actual manipulation occurred
offline in a test environment at a different time and place.

The extravagant claims were maliciously taken out of context by the agent in
order to secure whatever he wanted from a judge, trump up charges, and making
it sound as if there was some dire urgency to expedite due process and
rational thought.

I don't actually know anything about this case, but have seen this happen with
virtually every warrant document or indictment related to computer "crime".
They're an adversarial exercise in sales to further the author's agenda, not
an impartial document aimed at ensuring justice.

Now his lawyer is telling him to STFU, but he's being mischaracterized in the
court of public opinion.

------
userbinator
It's oft-repeated that avionics and other non-flight-critical systems like IFE
are isolated from each other, so...

\- If he was just lying, this must be one of the stupidest publicity stunts
I've seen, and planes are still as resistant to hacking as they've always
been.

\- If he was telling the truth, there could be some serious effects and
perhaps it was his way of imparting momentum to finally fix the
vulnerabilities that he claims have been around for years; if that were the
case, whatever happens to him, his "sacrifice" could even be considered
heroic.

I'd really like to believe it's the former, but something about the latter
still feels plausible.

 _Roberts is the founder of One World Labs_

Incidentally, not to be confused with
[http://en.wikipedia.org/wiki/Oneworld](http://en.wikipedia.org/wiki/Oneworld)

~~~
na85
It likely depends heavily on which aircraft we're talking about. The new 787
is highly computerized. It would not surprise me to learn everything is on the
same network and only segmented in software.

~~~
neurotech1
The 787 uses multiple isolated networks.

The In-Flight Entertainment network is regular Ethernet, and Flight Management
System is a different format (ARINC 664/AFDX) which provides deterministic
real-time connectivity.

There is a device called a Network Extension Device (NED) which is a one-way
gateway between the FMS and the IFE for showing the progress of the flight to
passengers.

~~~
koonsolo
First you say it uses isolated networks, but then you say NED connects the
two? How does it enforce the 'one-way'?

~~~
neurotech1
There is multiple networks for the various aircraft systems not a single
network.

The NED for the IFE doesn't physically have the wires for two-way connectivity
to the aircraft FMS network.

------
rdtsc
I can't believe Boeing would connect the entertainment system to the avionics
system.

But the article mentions this:

""" After news broke about a report from the Government Accountability Office
revealing that passenger Wi-Fi networks on some Boeing and Airbus planes could
allow an attacker to gain access to avionics systems and commandeer a flight,
"""

Anyone could find that report? I see mention about the report on other news
sites, but not the report itself.

EDIT: I think I found the report:

[http://www.gao.gov/products/GAO-15-370](http://www.gao.gov/products/GAO-15-370)

~~~
teraflop
Yeah, that report was widely cited as saying that Wi-Fi and avionics systems
were connected, but as far as I can tell, it says nothing of the sort. The
only point at which it mentions Boeing or Airbus at all is in the context of
the FAA issuing "Special Conditions" requiring them to _restrict_ network
connectivity, and it doesn't make any reference whatsoever to Wi-Fi.

It looks to me like Wired literally made the whole thing up and a bunch of
other sites took it as gospel.

------
verystealthy
It's important to put things to the test, but I tend to listed to people who
are actually qualified and know what they're talking about. Even that
RenderMan talk at DEFCON 20 came with a bunch of caveats. If you don't want to
watch the whole thing, the TL;DW version is: Boeing and Airbus are not stupid,
a 787 is not a D-Link wireless router and you pretty much can't get to the
flight controls from the in-flight entertainment system.
[https://www.youtube.com/watch?v=Uy3nXXZgqmg](https://www.youtube.com/watch?v=Uy3nXXZgqmg)

~~~
neurotech1
As explained in the linked video above (from DEFCON 22), there is a device
called a Network Extension Device (NED) which is a one-way gateway between the
FMS and the IFE for showing the progress of the flight to passengers.

~~~
x0054
Why on earth would you need more than a simple one way API between the FMS and
IFE to be able to show inflight progress. For that matter, why would it be
more complicated than a simple serial cable with just the O pin on the FMS
side, and just the I pin on the IFE side to feed information at regular
intervals to the IFE. I have no idea how exactly the systems are setup, but
off the top of my head I can come up with several VERY simple methods of
insuring that the communication between the FMS and IFE is in deed
unidirectional. If this story is true, I would be highly disappointed in
Boeing!

~~~
verystealthy
Don't you have to call an API?

~~~
x0054
neurotech1 above says that it's unidirectional in hardware, so it's a moot
point. But you could also do a simple relay server with API. FMS pushes the
info to a "server" through a one way link. IFE would request the info from the
server and displays it as necessary.

------
twblalock
If this is really true, it takes some balls to push code to the system that is
running the plane that you yourself are flying in.

I mean, I've released bugs to production before, but they have never put my
life at risk...

~~~
verystealthy
Airliners are not a Heroku dyno that you can "push code" into. There aren't
APIs you can call, pull requests or Docker containers. We're not talking about
a webserver or a couple of rails apps. We're talking about stuff being
physically separated, non TCP, non IP, non Ethernet, uni-directional
connectivity. Your OSI model doesn't apply here. Your API command list doesn't
apply here. Your very notion of networking doesn't apply here. This is not
about releasing early and iterating. We're talking about systems with a lot of
redundancy and actual physical backups where efficiency is not an issue. The
devops mentality does not work in this case.

------
jauer
If the allegations are true, he deserves prison, for reckless endangerment
more than computer trespass.

There's no excuse for risking the lives of passengers and crew.

~~~
efnx
Unless he's trying to raise awareness and force the manufacturer to fix their
defective, dangerous aircraft.

~~~
meowface
What? That's still not an excuse to attempt it on a live passenger plane in
the air. You're potentially endangering not only your life but the lives of
hundreds of strangers.

In an empty plane you're piloting alone, or a simulation, sure, but there's
clearly a non-zero chance that the navigation hijacking could disrupt the
plane enough to force an emergency landing or even cause it to crash. Even if
you think you know what you're doing, there could be lots of unintended side
effects from forcing the plane to make certain maneuvers.

~~~
efnx
The article states that he had tried telling the manufacturers for years about
these vulnerabilities. That means every time one of these planes flies all
passengers are at risk. If he has to pull a stunt like this to raise awareness
in order for the vulnerabilities to be fixed, who is putting more people at
risk? This is an ethics question and it's a hard one. There are no direct
analogies. This is pretty much par for the course with security researchers
and big corporations. It usually takes some big negative publicity and a
public scare for a manufacturer to do a recall, which makes sense because
recalls are expensive.

~~~
Nadya
There are two tracks on a railroad. An unguarded lever allows someone to
switch which rail the track leads to. A fellow has told the train company to
secure the lever so that only their qualified individuals can pull it. They've
ignored this fellow for years. The fellow see two trains are approaching on
the separate tracks. They decide to pull the lever - temporarily placing the
lives of everyone on each train at risk of a collision. Before the trains are
in danger of switching tracks, they pull the lever again. A bunch of people
were scared, but no real harm was done.

One day, a malicious person could be the one that pulls the lever and kills
hundreds of people. The company has been putting lives at risk for years - but
only after receiving bad press regarding the insecure lever have they decided
to invest in its security.

The end.

------
DanBC
If true I'm kind of surprised that "they" have not banned all computers from
planes. It only took one incompetent shoe-bomber to cause many fliers to have
to remove their shoes for a decade.

~~~
vidarh
You should have seen the screener at Gatwick that almost freaked out a few
years ago when my then 3 year old son had to send his shoes through and he
could see electronics in the heel.

They were the kind of shoes that lit up when he put his feet down, and the guy
had clearly not seen them before - he looked at the other screeners with this
terrified look on his face. Thankfully one of them reassured him that it was
safe quickly enough.

Never mind that I regularly forget water bottles and/or electronics in my
carry on that they either never spot or can't be bothered to do anything
about.

------
johnnycarcin
Another article with some additional follow-up:
[http://www.wired.com/2015/05/feds-say-banned-researcher-
comm...](http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-
plane/)

~~~
dang
It was discussed at
[https://news.ycombinator.com/item?id=9554841](https://news.ycombinator.com/item?id=9554841).
The story seems to be of greater interest than that thread satisfied, so
perhaps we won't bury this one as a duplicate.

------
tfe
I wonder why they didn't just track down the pilots of that flight and ask if
they had an uncommanded increase in thrust on one engine.

~~~
digdigdag
None of this really adds up for me. The in-flight entertainment system should
run completely separate from the RTOS that governs thrust, navigation, control
surfaces, etc. I highly doubt these mission-critical systems would somehow be
directly connected to the back-seat infotainment systems that regularly crash
after a few flicks of the finger.

------
wsha
Whether or not the allegations are true (as most people are questioning here),
this article is really poorly researched. There's no indication that any
attempt was made to get Roberts' side of the story or to check with any other
security researcher about the plausibility of the accusations.

Several people have suggested that Roberts' goal is to raise awareness about
airplane safety, so perhaps he actually wanted the article published like this
even if inaccurate, though it still reflects poorly on the author.

------
mirimir
He bragged about his hacking skills to the FBI? Really?

But maybe they asked him point blank if he had ever pwned a real plane in
flight. And he didn't didn't want to risk lying to an FBI agent. Tough call.

~~~
neurotech1
Connecting his laptop to an Ethernet port (not intended for passenger use) is
enough for the FBI to consider prosecuting him, even if he didn't actually do
anything else.

~~~
jack9
Only if you can actually access the flight systems from the entertainment
console, which you can't. We would have already heard of a massive undertaking
of securing against this vulnerability on every 747, which didn't happen.
Either the airlines have been negligent or the FBI has made up a story for a
fishing expedition (most likely).

------
deepnet
The FBI are liars and their informants are liars.

The real secret the security services are trying to hide is their complete
ineffectiveness, total waste of money and hijacking for political and public
manipulation.

I really don't believe any of this piddling feargeddon media manipulation
nonsense - spies are jerks.

Reprinting propaganda does not count as journalism or news.

------
ChuckMcM
Interesting if true, it will once again put wind behind the push to get
Professional Engineer status for software engineers.

------
maerF0x0
seems to me united wanted to be hacked: [https://www.united.com/web/en-
US/content/Contact/bugbounty.a...](https://www.united.com/web/en-
US/content/Contact/bugbounty.aspx)

