DHS hacks 757 from gate

ATN_Pilot said:
Or, you know, hydraulic power control units that aren't connected to WiFi can't be hacked wirelessly. But okay.
Click to expand...

How do you think the HPC (and every other component) got coded to do stuff in the first place?

You can upload code to just about any device if you know how to access it's maintenance/update mode. Doing it through the ARINC bus or some other system, once in the communications system, wouldn't be technically impossible at all.

Do I think this guy was able to do that? Nope... not at all. But it is certainly possible to do from a pure technology architecture point of view.
 
The coding on a 757 certainly wasn't done wirelessly. Remember, this guy is claiming to have done this completely wirelessly, with no physical access to the aircraft.
 
ATN_Pilot said:
The coding on a 757 certainly wasn't done wirelessly. Remember, this guy is claiming to have done this completely wirelessly, with no physical access to the aircraft.
Click to expand...

I don't think you know how computers work. Do you think hackers recompile the software

https://en.wikipedia.org/wiki/Buffer_overflow

https://en.wikipedia.org/wiki/Ping_of_death

I imagine that most of the systems on the 757 are probably programmed in something that is fault tolerant like Ada, but who the hell knows. If data can come in, say from an ACARS message that was maliciously formed, or ADS-B, or anything, well, there very well could be a vulnerability.

Imagine a specifically crafted ACARS message that due to some crazy unnoticed software error causes a buffer overflow that lets the attacker into the FMS might then allow an attacker to attack the flight computers or critical systems. Basically, if they're "in" and the programming wasn't done properly, then there is the chance that unbelievably crazy errors can occur.

http://blog.ioactive.com/2016/12/in-flight-hacking-system.html
 
ppragman said:
I don't think you know how computers work. Do you think hackers recompile the software

https://en.wikipedia.org/wiki/Buffer_overflow

https://en.wikipedia.org/wiki/Ping_of_death

I imagine that most of the systems on the 757 are probably programmed in something that is fault tolerant like Ada, but who the hell knows. If data can come in, say from an ACARS message that was maliciously formed, or ADS-B, or anything, well, there very well could be a vulnerability.

Imagine a specifically crafted ACARS message that due to some crazy unnoticed software error causes a buffer overflow that lets the attacker into the FMS might then allow an attacker to attack the flight computers or critical systems. Basically, if they're "in" and the programming wasn't done properly, then there is the chance that unbelievably crazy errors can occur.

http://blog.ioactive.com/2016/12/in-flight-hacking-system.html
Click to expand...
I think that a lot of people smarter than any pilot or mechanic here have been paid very well while under intense FAA scrutiny to make sure what you're suggesting is statistically impossible before anything gets certified.
 
I've also heard the FAA is dragging their feet regarding certifying systems that would allow the airplane to update all of the databases either through a 4G or wifi connection due to security concerns. I applaud them for this, doing the updates is a perfect opportunity to sit and drink coffee in the cockpit.
 
knot4u said:
I think that a lot of people smarter than any pilot or mechanic here have been paid very well while under intense FAA scrutiny to make sure what you're suggesting is statistically impossible before anything gets certified.
Click to expand...

I would like to think so? History tells me not to be so confident. Someone above mentioned Therac-25, and I think it's definitely relevant - there was another event where bad programming (failure to sanitize inputs) caused large naval vessel's main computer to divide by zero and rendered the entire vessel immobile and inoperative - I'd think that medical device companies and defense contractors would have excellent software testing, but these systems are unbelievably complicated under the hood. Yeah, the physical hardware is simple, but the actual systems may have millions of lines of code, in multiple, interconnected computer systems. Just because there's a single "line replaceable unit" box, doesn't mean that the actual system isn't wildly complicated. Indeed, the box is an abstraction away from the complicated mechanical systems of yesteryear itself. The Boeing setup (which I am not an expert on at all) has three processors from three different manufacturers, for each flight computer - but that doesn't mean that it can't be hacked. Maybe one gets hacked and it spoofs the databus with malicious instructions until it gets in, who knows until we test it. To dismiss the idea that it's "impossible" that there's a vulnerability is irresponsible.

Many of these systems are from a simpler time and the black hat people have all the time in the world to tinker... I'd bet serious money there are severe vulnerabilities in these systems somewhere, and I'd bet that there's a route in that has catastrophic results - it may not be "take over and fly the airplane" that may not be possible, but until we actually do real pen-testing, I wouldn't rule it out. For now, thank god for security through obscurity. I doubt it's in the wifi, but who knows. If there's a way in, eventually, someone will find it - ideally, it should be hard enough to find such that the airplane is no longer in service prior to the discovery of the vulnerability. I think it's in our best interest as pilots to support pen-testing the crap out of these systems and not be so dismissive.
 
I'd bet the worst anyone could do is corrupt the databases, aircraft is grounded. Inconvenient but not deadly. The access to update any database info is normally based on weight on wheels so once airborne it cant be tampered with, I always thought they did that so bored pilots wouldn't try updating stuff in cruise, maybe they did it for security reasons.
 
knot4u said:
I'd bet the worst anyone could do is corrupt the databases, aircraft is grounded. Inconvenient but not deadly. The access to update any database info is normally based on weight on wheels so once airborne it cant be tampered with, I always thought they did that so bored pilots wouldn't try updating stuff in cruise, maybe they did it for security reasons.
Click to expand...

Have any source for that assertion?

The pilot access to any database is limited, who knows how the back end works. If the whole database is loaded into memory prior to flight, then if someone was able to pass malicious code into the system, then they could overwrite that data, supposedly Airbus is using SQLite in the A350 - I don't know where, but suppose it's in a SQL database, malicious software could delete or modify data in the database. But a hacker manipulating a waypoint database on the ground could be bad enough.

Who knows how the architecture for flight controls work? Depending on how the software was engineered there could be a ton of terrifying ways it could be vulnerable. We need pen-testing.
 
If the aircraft enters an undesired state the automation is disabled with a switch on the yoke. Nothing the interwebs and do about that.
 
DE727UPS said:
If the aircraft enters an undesired state the automation is disabled with a switch on the yoke. Nothing the interwebs and do about that.
Click to expand...

If the computer that sends commands from the yoke to the flight control actuators is compromised, clicking off the autopilot won't do anything...
 
ppragman said:
You are probably the closest thing to a cross disciplinary SME on this thread about this sort of thing - what say you?
Click to expand...

I almost need to make an autoresponder with the "Blind men and the elephant" poem.

Have you ever seen Battlestar Galactica? Do you know how Admiral Adama feels about 'networked computerized systems'?

Yeah, that's basically me.

That said, I love seeing open discourse and dialog, but I personally hate wild speculation, and arguments based on it. I also grind my teeth when people throw around terms that they don't really properly understand, in contexts with which they're unfamiliar.

Just me. Carry on. ^_^

-Fox
 
Acrofox said:
I almost need to make an autoresponder with the "Blind men and the elephant" poem.

Have you ever seen Battlestar Galactica? Do you know how Admiral Adama feels about 'networked computerized systems'?

Yeah, that's basically me.

That said, I love seeing open discourse and dialog, but I personally hate wild speculation, and arguments based on it. I also grind my teeth when people throw around terms that they don't really properly understand, in contexts with which they're unfamiliar.

Just me. Carry on. ^_^

-Fox
Click to expand...

These are my feelings as well, but perhaps I take Steve Gibson too seriously.

What do you think of the fact that ADS-B and ARINC stuff is unencrypted?
 
ppragman said:
I don't think you know how computers work. Do you think hackers recompile the software

https://en.wikipedia.org/wiki/Buffer_overflow

https://en.wikipedia.org/wiki/Ping_of_death

I imagine that most of the systems on the 757 are probably programmed in something that is fault tolerant like Ada, but who the hell knows. If data can come in, say from an ACARS message that was maliciously formed, or ADS-B, or anything, well, there very well could be a vulnerability.

Imagine a specifically crafted ACARS message that due to some crazy unnoticed software error causes a buffer overflow that lets the attacker into the FMS might then allow an attacker to attack the flight computers or critical systems. Basically, if they're "in" and the programming wasn't done properly, then there is the chance that unbelievably crazy errors can occur.

http://blog.ioactive.com/2016/12/in-flight-hacking-system.html
Click to expand...

Trust me, nobody is making an aircraft climb by hacking the ACARS.
 
ppragman said:
Have any source for that assertion?

The pilot access to any database is limited, who knows how the back end works. If the whole database is loaded into memory prior to flight, then if someone was able to pass malicious code into the system, then they could overwrite that data, supposedly Airbus is using SQLite in the A350 - I don't know where, but suppose it's in a SQL database, malicious software could delete or modify data in the database. But a hacker manipulating a waypoint database on the ground could be bad enough.

Who knows how the architecture for flight controls work? Depending on how the software was engineered there could be a ton of terrifying ways it could be vulnerable. We need pen-testing.
Click to expand...
I can't update any databases if I have an airplane on jacks unless I trick it to think it's on the ground. I used to have the crews update the chart databases because they happen every two weeks and I considered it like updating the Jepps. These days things are a little different and it's probably better to let MX folks handle it.
 
knot4u said:
I can't update any databases if I have an airplane on jacks unless I trick it to think it's on the ground. I used to have the crews update the chart databases because they happen every two weeks and I considered it like updating the Jepps. These days things are a little different and it's probably better to let MX folks handle it.
Click to expand...

I don't...so...you know that...I what?

So...just how do you think software works?
 
You must log in or register to reply here.
Back
Top