Comp Sec. Researcher Commandeered a Plane

GURPS

GURPS

INGSOC
PREMO Member
Feds Say That Banned Researcher Commandeered a Plane



A SECURITY RESEARCHER kicked off a United Airlines flight last month after tweeting about security vulnerabilities in its system had previously taken control of an airplane and caused it to briefly fly sideways, according to an application for a search warrant filed by an FBI agent.

[clip]

He obtained physical access to the networks through the Seat Electronic Box, or SEB. These are installed two to a row, on each side of the aisle under passenger seats, on certain planes. After removing the cover to the SEB by “wiggling and Squeezing the box,” Roberts told agents he attached a Cat6 ethernet cable, with a modified connector, to the box and to his laptop and then used default IDs and passwords to gain access to the inflight entertainment system. Once on that network, he was able to gain access to other systems on the planes.

Reaction in the security community to the new revelations in the affidavit have been harsh. Although Roberts hasn’t been charged yet with any crime, and there are questions about whether his actions really did cause the plane to list to the side or he simply thought they did, a number of security researchers have expressed shock that he attempted to tamper with a plane during a flight.
Click to expand...


doesn't anyone every change the default passwords on such systems ....
 
Last edited:
T

tommyjo

New Member
Pretty stupid article...did anyone bother to read it?

“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application (.pdf).
Click to expand...

How exactly does one make a static engine "climb"?

Assume the engine can change the orientation of its thrust (which it can't)...but suppose it could...if "one" engine sets its thrust to "climb" and the other engines don't then the plane wouldn't move "sideways" now would it? It would likely go into a roll as one wing is forced up and then around.
 
GWguy

GWguy

*
tommyjo said:
Pretty stupid article...did anyone bother to read it?



How exactly does one make a static engine "climb"?

Assume the engine can change the orientation of its thrust (which it can't)...but suppose it could...if "one" engine sets its thrust to "climb" and the other engines don't then the plane wouldn't move "sideways" now would it? It would likely go into a roll as one wing is forced up and then around.
Click to expand...

Climb in RPM, not attitude. Increased thrust on one engine will cause the plane to pivot.
 
itsbob

itsbob

I bowl overhand
Larry Gude said:
Because taking over a 1980 Cessena 172 remotely is problematic.
Click to expand...

Remote plane control predates "fly by wire" by a few decades.. fly by wire only means there is no physical connection between the pilots controls and the flying surfaces.. ie. Pilot gets no feedback.

Power steering your hands are on the wheel, steering is hydraulically assited.. but there is a mechanical connection still between your hands, the string wheel, and the steering mechanis leading to the tires meeting asphalt..

Fly by wire that mechanical connection is removed. Steering wheel is connected to an electronic sensor that powers a solenoid that tells the hydraulic pump which way to turn the wheels.. nothing mechanical attached to the steering wheel, andcomplete mechanical break between driver and road.

The problem lies in the auto features on current and even some legacy aircraft. Most of these features use signals from the ground to determine landing, and takeoff.. if the plane isn't totally linked from the ground and the system in the ground Flys the plane.
 
itsbob

itsbob

I bowl overhand
Making a fly by wire plane "remotable" is much easier than an older mechanical plane, but present on both types.
 
Larry Gude

Larry Gude

Strung Out
itsbob said:
Remote plane control predates "fly by wire" by a few decades.. fly by wire only means there is no physical connection between the pilots controls and the flying surfaces.. ie. Pilot gets no feedback.

Power steering your hands are on the wheel, steering is hydraulically assited.. but there is a mechanical connection still between your hands, the string wheel, and the steering mechanis leading to the tires meeting asphalt..

Fly by wire that mechanical connection is removed. Steering wheel is connected to an electronic sensor that powers a solenoid that tells the hydraulic pump which way to turn the wheels.. nothing mechanical attached to the steering wheel, andcomplete mechanical break between driver and road.

The problem lies in the auto features on current and even some legacy aircraft. Most of these features use signals from the ground to determine landing, and takeoff.. if the plane isn't totally linked from the ground and the system in the ground Flys the plane.
Click to expand...

I assumed we were all on the same page and were talking about the ability to interfere with commercial aircraft based on the computerized components and the advances in hacking skills to be able to hack in and take over control components whereas you can't hack something, like an old 172, that has no computers controlling control surfaces or power to hack.

My bad.
 
itsbob

itsbob

I bowl overhand
Larry Gude said:
I assumed we were all on the same page and were talking about the ability to interfere with commercial aircraft based on the computerized components and the advances in hacking skills to be able to hack in and take over control components whereas you can't hack something, like an old 172, that has no computers controlling control surfaces or power to hack.

My bad.
Click to expand...

My point.. what the article describes I think would be much more difficult to do.. hacking a planes system from the passenger compartment?
 
Larry Gude

Larry Gude

Strung Out
itsbob said:
My point.. what the article describes I think would be much more difficult to do.. hacking a planes system from the passenger compartment?
Click to expand...

Right, but, and I don't know, which is why I am asking, IF the entertainment stuff has a physical connection somewhere with the systems that control flight AND if it's a matter of some sort of firewall/passwords, technically breach-able, THEN would it not be a matter of time before someone pulls it off?

I mean, like 'mom' 'running' for President, I assume most of the breaches we hear about "Man smuggles X on plane, could have blown up plane", and this one, are ALL about herding the public so it is easier to get more money for someone somewhere to address the risk.
 
glhs837

glhs837

Power with Control
Hell, my old platform, the bomb bay viewing window actually had the control cables running through it. You could grab them and tweak things?
 
GURPS

GURPS

INGSOC
PREMO Member
Larry Gude said:
Right, but, and I don't know, which is why I am asking, IF the entertainment stuff has a physical connection somewhere with the systems that control flight AND if it's a matter of some sort of firewall/passwords, technically breach-able, THEN would it not be a matter of time before someone pulls it off?
Click to expand...


with planes that make multiple trips at day, back and forth between say Atlanta and BWI ... do they really search the planes between flights

.... plug in a netbook, and stash it - connect to it from the ground
 
You must log in or register to reply here.
Top