Hacker told FBI he made a plane fly a little bit sideways after cracking entertainment system (and a
56 replies, posted
[url]http://aptn.ca/news/2015/05/15/hacker-told-f-b-made-plane-fly-sideways-cracking-entertainment-system/[/url]
[quote=APTN (don't ask me why this story's on APTN of all places if you're a Canuck...)]A well-known U.S. hacker told F.B.I. agents he took momentary control of an airplane’s engines mid-flight by hacking into its in-flight entertainment system, according to a document filed in U.S. federal court and obtained by APTN National News.
Roberts, who has been interviewed at least three times by the F.B.I. this year, is under investigation for allegedly hacking into the electronic entertainment systems of airplanes, according to an application for a search warrant to probe seized electronic equipment.
The document shows F.B.I. agents investigating Roberts believe he has the ability to do what he claims: take over flight control systems by hacking the inflight entertainment computer.
Roberts has not yet been charged with any crime. The allegations contained in the search warrant application have not been proven in court.
Roberts is the founder of One World Labs and he is widely viewed as an expert on counter threat cyber security.[/quote]
Hackers like this should be utilized not incarcerated..
He could easily save lives and stop more malicious people with the same level of competency from performing acts like this.
Someone correct me if I'm wrong, but aren't the cockpit doors usually electronically locked? If so, this type of thing has some serious implications regarding the possibility of terrorist plots.
[QUOTE=Bradyns;47733170]Hackers like this should be utilized not incarcerated..
He could easily save lives and stop more malicious people with the same level of competency from performing acts like this.[/QUOTE]
Hackers like this are like vaccines for computer systems, finding weaknesses in the immune system before a bad virus malicious hacker does.
[QUOTE]According to the search warrant application, Roberts said he hacked into the systems by accessing the in-flight entertainment system using his laptop and an Ethernet cable.[/QUOTE]
I wonder where he found an ethernet port, I've never seen one on any of the entertainment systems on my flights.
[QUOTE=ultra_bright;47733177]Hackers like this are like vaccines for computer systems, finding weaknesses in the immune system before a bad virus malicious hacker does.[/QUOTE]
AKA the definition of "white hat hacking".
[QUOTE=JoeSkylynx;47733172]Someone correct me if I'm wrong, but aren't the cockpit doors usually electronically locked? If so, this type of thing has some serious implications regarding the possibility of terrorist plots.[/QUOTE]
That doesnt matter if you can shut down the engines and crash the plane from your seat, unless you want to fly it into something.
[QUOTE=Bradyns;47733170]Hackers like this should be utilized not incarcerated..
He could easily save lives and stop more malicious people with the same level of competency from performing acts like this.[/QUOTE]
Unfortunately it's cheaper to hide vulnerabilities than to fix them
I was under the impression that critical aircraft controls are electrically isolated from everything else on the plane, going so far as to make sure the separate systems don't have wires running alongside each other.
[QUOTE=download;47733272]I was under the impression that critical aircraft controls are electrically isolated from everything else on the plane, going so far as to make sure the separate systems don't have wires running alongside each other.[/QUOTE]
You're right - the person who somehow linked the two systems should be sacked. Isolating them is just common sense
The only way I can imagine this happened was through the GPRS/data link that is indeed shared by non-critical flight systems and passenger services. We also know that RR engines have a continuous data link to RR HQ so perhaps the engines also go through the same data link
[QUOTE=Trumple;47733309]You're right - the person who somehow linked the two systems should be sacked. Isolating them is just common sense
The only way I can imagine this happened was through the GPRS/data link that is indeed shared by non-critical flight systems and passenger services. We also know that RR engines have a continuous data link to RR HQ so perhaps the engines also go through the same data link[/QUOTE]
So potentially an aftermarket install that linked them?
[QUOTE=Bradyns;47733170]Hackers like this should be utilized not incarcerated..
He could easily save lives and stop more malicious people with the same level of competency from performing acts like this.[/QUOTE]
they should be utilized... by the airplane manufacturer in testing.
Not on commercial flights. Theres a correct way to do things and this is not it.
A lot of people are gonna to die before organizations start learning their lesson about securing critical systems which lots of peoples lives depend on.
[QUOTE=Saxon;47733353]A lot of people are gonna to die before organizations start learning their lesson about securing critical systems which lots of peoples lives depend on.[/QUOTE]
They'll never learn. People don't care enough themselves.
Oh and the FBI trying to throw whitehats messing with the systems into jail doesn't help either.
[QUOTE=Code3Response;47733339]they should be utilized... by the airplane manufacturer in testing.
Not on commercial flights. Theres a correct way to do things and this is not it.[/QUOTE]
It was reckless, sure. But nothing serious happened and he reported the vulnerability.
If you're going to jail white hats then no one would report these security vulnerabilities and you might seriously set yourself up for something much uglier.
[QUOTE=download;47733272]I was under the impression that critical aircraft controls are electrically isolated from everything else on the plane, going so far as to make sure the separate systems don't have wires running alongside each other.[/QUOTE]
The controls would be isolated but maybe some of the navigational data inputs aren't.
Fiddling with those values could confuse the autopilot and make it do what you want.
[QUOTE=Code3Response;47733339]they should be utilized... by the airplane manufacturer in testing.
Not on commercial flights. Theres a correct way to do things and this is not it.[/QUOTE]
No. The correct way is to [b]actually test[/b] things, which they obviously did not.
The manufacturer should have sucked it up, fixed the vulnerability, given him a fat bounty and gotten someone to pentest it properly.
[QUOTE=DeEz;47733368]It was reckless, sure. But nothing serious happened and he reported the vulnerability.
If you're going to jail white hats then no one would report these security vulnerabilities and you might seriously set yourself up for something much uglier.[/QUOTE]
Except the source seems to purport that he didn't report this until he was questioned by the FBI, refused access to his electronics, and had claimed to have done this before.
It's claimed he was questioned because this is the same guy that tweeted
[quote]Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)[/quote]
[QUOTE=download;47733335]So potentially an aftermarket install that linked them?[/QUOTE]
I've seen some of the mods being installed and the ones that are good are a separate system. They install their own dish for the entertainment and Wi-Fi to communicate which is isolated. Maybe another subsidiary is cutting corners or something but its probably an issue with newer aircraft.
Some of the ones that are shipped with the A330 are a lot more complex and seem more integrated into everything which runs off some linux boxes in the front.
[QUOTE=DeEz;47733368]It was reckless, sure. But nothing serious happened and he reported the vulnerability.
If you're going to jail white hats then no one would report these security vulnerabilities and you might seriously set yourself up for something much uglier.[/QUOTE]
You go ahead and fuck with the most regulated form of transportation. I'm not going to stop you. The FAA and FBI will have your ass. Reckless or not. You dont fuck with airplanes that are not yours.
[QUOTE=Thlis;47733395]Except the source seems to purport that he didn't report this until he was questioned by the FBI, refused access to his electronics, and had claimed to have done this before.
It's claimed he was questioned because this is the same guy that tweeted[/QUOTE]
That makes more sense then.
[editline]16th May 2015[/editline]
[QUOTE=Code3Response;47733427]You go ahead and fuck with the most regulated form of transportation. I'm not going to stop you. The FAA and FBI will have your ass. Reckless or not. You dont fuck with airplanes that are not yours.[/QUOTE]
Making the plane fly slightly sideways was what was reckless about it. I missed the part where it was that guy from last month who basically only seemed to want to assert superiority.
But outside this case, the general philosophy of white hat hacking is that you find vulnerabilities and report them, not exploit them.
So, I now expect those who said in a thread about how internet was getting into everything that people who knew how to manipulate and hack into systems [B]wouldn[/B]'t have a big advantage or power over the other mortals who are completey unaware of coding to see how wrong they were...
Guess who's laughing now?
Well, robert, of course.
This proves my argument that, really, tomorrow when everything is connected hackers will be on the top when it comes to personal-to-personal power.
Think about it: If you wanted or want to fuck up somebody, today, you need contacts. No matter if you're a lawyer, a sheriff or the CEO of a $$$ company, you need people.
But a hacker, just your number and your IP and he can more about your life in a week than anybody else....
[QUOTE=Trumple;47733309]You're right - the person who somehow linked the two systems should be sacked. Isolating them is just common sense
The only way I can imagine this happened was through the GPRS/data link that is indeed shared by non-critical flight systems and passenger services. We also know that RR engines have a continuous data link to RR HQ so perhaps the engines also go through the same data link[/QUOTE]
I was reading about this stuff a while ago and from my brief reading it seems that the IFE is meant to be completely isolated from the flight control system. Even down to having its own GPS receiver for the moving map etc.
Its very scary if the entertainment system is a attack vector to the actual aircrafts systems..
I'm just going to repost what I posted last time. The only proof this guy has is his word...
[quote]For some reason I seriously doubt you could hack a plane to any serious extent through an IFE box.
Even if the guy triggered a pass oxy message on the EICAS, that wouldn't really affect the flight... it would be pretty obvious to the pilots that the oxygen wasn't on (considering the switch wasn't thrown, the light wasn't on, and the cabin altitude would probably be normal). A quick call to the cabin would confirm that.
The whole point of the 737 is that it's not very computer-controlled. That is the big argument between it and the A320s... the computer only acts as an advisory and the pilots have to do a lot of legwork. You could not crash a plane by hacking it through an IFE system - maybe just slightly confuse the pilots. At worst, you could maybe kill the flight displays, but any pilot on a major airline is trained to fly the plane with a total electrical failure anyway, so all you'd do is just ground the flight.
I feel like he was just being a jackass for the sake of starting a shitstorm.[/quote]
If you've ever been in a 737 cockpit, you'd know that basically anything and everything is isolated. The only possible thing that could trigger passenger oxygen is the cabin altitude going over 15-some-thousand feet, which is another isolated system. Even the autopilot will whine and disconnect itself if you try to fuck with the navigation. The autothrottle quite visibly moves the throttle handles, so if he somehow managed to set it to climb, the pilot would probably notice in an instant that one of the throttles is moving forward for no reason and disengage the autothrottle.
I could maybe see him doing some shit on an Airbus, but Boeing's older jets were designed before the internet was even invented (60s) and has hardly been updated technologically since. They are hopelessly un-networked.
[QUOTE=Cutthecrap;47733627]So, I now expect those who said in a thread about how internet was getting into everything that people who knew how to manipulate and hack into systems [B]wouldn[/B]'t have a big advantage or power over the other mortals who are completey unaware of coding to see how wrong they were...
Guess who's laughing now?
Well, robert, of course.
This proves my argument that, really, tomorrow when everything is connected hackers will be on the top when it comes to personal-to-personal power.
Think about it: If you wanted or want to fuck up somebody, today, you need contacts. No matter if you're a lawyer, a sheriff or the CEO of a $$$ company, you need people.
But a hacker, just your number and your IP and he can more about your life in a week than anybody else....[/QUOTE]
How about a nice game of chess?
Let's pay attention to the fact that there isn't any proof that he actually did this besides a confession.
How the fuck is anyone supposed to fix this problem(if it really exists) if no one knows how he did it and he's not talking? If it's true then honestly he's being an asshole by withholding that information.
[QUOTE=Bradyns;47733170]Hackers like this should be utilized not incarcerated..
He could easily save lives and stop more malicious people with the same level of competency from performing acts like this.[/QUOTE]
if he's sentenced at all you bet that it'd be a plea bargain for him to work for the NSA or something
I'm sure the FBI won't be that retarded to miss this opportunity to patch up holes.
[QUOTE=Snowmew;47733814]I'm just going to repost what I posted last time. The only proof this guy has is his word...
If you've ever been in a 737 cockpit, you'd know that basically anything and everything is isolated. The only possible thing that could trigger passenger oxygen is the cabin altitude going over 15-some-thousand feet, which is another isolated system. Even the autopilot will whine and disconnect itself if you try to fuck with the navigation. The autothrottle quite visibly moves the throttle handles, so if he somehow managed to set it to climb, the pilot would probably notice in an instant that one of the throttles is moving forward for no reason and disengage the autothrottle.
I could maybe see him doing some shit on an Airbus, but Boeing's older jets were designed before the internet was even invented (60s) and has hardly been updated technologically since. They are hopelessly un-networked.
How about a nice game of chess?[/QUOTE]
This will not be a issue until the 737 MAX is out which is implementing more fly by wire surfaces.
Boeing is saying it is just the spoilers right now but I do not expect that to hold up.
The FBI believes him, and they said there was tampering with the seat he was sitting in on a flight they were monitoring him on, something about a router and ethernet cable. I bet it was an Airbus
[QUOTE=download;47733272]I was under the impression that critical aircraft controls are electrically isolated from everything else on the plane, going so far as to make sure the separate systems don't have wires running alongside each other.[/QUOTE]
This reminds me of a story posted on FP a year or two ago about someone hacking into a water treatment plant and messing everything up. Just...how is it that people allow these things to be connected?
Hoping that it's BS as some people are saying now.
Sorry, you need to Log In to post a reply to this thread.
