Ghoulish moans on AA flights' intercom

Hacker having fun, but how?

https://wapo.st/3fk05yT
Reminds me of this guy:

https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/

"Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane's Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states...

He obtained physical access to the networks through the Seat Electronic Box, or SEB. These are installed two to a row, on each side of the aisle under passenger seats, on certain planes. After removing the cover to the SEB by "wiggling and Squeezing the box," Roberts told agents he attached a Cat6 ethernet cable, with a modified connector, to the box and to his laptop and then used default IDs and passwords to gain access to the inflight entertainment system. Once on that network, he was able to gain access to other systems on the planes."
 
Reminds me of this guy:

https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/

"Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane's Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states...

He obtained physical access to the networks through the Seat Electronic Box, or SEB. These are installed two to a row, on each side of the aisle under passenger seats, on certain planes. After removing the cover to the SEB by "wiggling and Squeezing the box," Roberts told agents he attached a Cat6 ethernet cable, with a modified connector, to the box and to his laptop and then used default IDs and passwords to gain access to the inflight entertainment system. Once on that network, he was able to gain access to other systems on the planes."
First thing I'd do if I was AA is check to see which passenger(s), if any, were on all of the affected flights. Roberts' feat was impressive if he accessed the flight controls. Probably made some DO-178 people uneasy. Another thing that would be impressive is hacking a supposedly closed-loop system fleet wide.
 
Last edited:
Why would the inflight entertainment network have any connection to the flight control networks?
 
There is a theory. Airline pilots as a rule seem to be very bright people. Bright people have been known to enjoy mischief on occasion. QED?
 
Why would the inflight entertainment network have any connection to the flight control networks?

it doesn't.

If I'm wrong, please tell me what airplane has such a connection...
 
it doesn't.

If I'm wrong, please tell me what airplane has such a connection...
Yeah, I think the whole story from the hacker is rubbish.

But... obviously some IFE systems get some sort of position data from somewhere to populate the moving map data. I doubt you'd be able to backwards into the flight computers through that, though.

What I find more unbelievable is, in a post-9/11 world, that this guy's seatmates would watch him rip the cover off an IFE unit under the seat, connect a CAT-6 cable to it and attach it to his laptop all without (1) beating his ass into oblivion and/or (2) notifying the flight attendants/pilots.
 
What I find more unbelievable is, in a post-9/11 world, that this guy's seatmates would watch him rip the cover off an IFE unit under the seat, connect a CAT-6 cable to it and attach it to his laptop all without (1) beating his *** into oblivion and/or (2) notifying the flight attendants/pilots.

This. Who would sit by and let it happen?

I find it entirely believable that the IFE system has a connection to something because there's GPS, speed, altitude and course displayed and who is going to put the extra weight of a firewall into an airplane. If it's running on ethernet, it's a flat system. What I know about computer systems is that once you have a connection, hackers can find a way, especially in a system that is considered "closed" where there shouldn't be anyone getting into it and security is poorly considered.
 
This. Who would sit by and let it happen?

I find it entirely believable that the IFE system has a connection to something because there's GPS, speed, altitude and course displayed and who is going to put the extra weight of a firewall into an airplane. If it's running on ethernet, it's a flat system. What I know about computer systems is that once you have a connection, hackers can find a way, especially in a system that is considered "closed" where there shouldn't be anyone getting into it and security is poorly considered.

If a firewall had to be hardware it'd be ounces. But of course they don't have to be hardware. But the GPS/etc. info could be done with a single cell phone chip and an antenna (or even a splitter). Again, less than an ounce. I would never have a connection of any sort between those networks. The flight controls, nav, etc. would be hardwired and completely, physically separate. I see no advantage to connecting them at all. Weight, simplicity, service, none.

As a side note, a Jetblue pilot told me that the info-tainment systems in their airplanes add about 3 lbs per seat. Jetblue has screens in each seat back which in the current generation planes are going away as they assume everyone has their own device.
 
If a firewall had to be hardware it'd be ounces. But of course they don't have to be hardware. But the GPS/etc. info could be done with a single cell phone chip and an antenna (or even a splitter). Again, less than an ounce. I would never have a connection of any sort between those networks. The flight controls, nav, etc. would be hardwired and completely, physically separate. I see no advantage to connecting them at all. Weight, simplicity, service, none.

As a side note, a Jetblue pilot told me that the info-tainment systems in their airplanes add about 3 lbs per seat. Jetblue has screens in each seat back which in the current generation planes are going away as they assume everyone has their own device.

I agree there should never be a connection to flight controls, but the reason is simplicity. Managing point to point communications is hard. If you put everyone on the same network and just trust nodes to talk to who they need to talk to, then your network design and admin is much easier. After all, nobody should be plugging into an airplane's network, right?
 
I agree there should never be a connection to flight controls, but the reason is simplicity. Managing point to point communications is hard. If you put everyone on the same network and just trust nodes to talk to who they need to talk to, then your network design and admin is much easier. After all, nobody should be plugging into an airplane's network, right?
I think all these IFE systems are all aftermarket. Simplicity or not, I don't think Boeing would let a IFE installer plug into critical networks on the plane. But that's just me spitballing with close to zero computer knowledge.
 
I agree there should never be a connection to flight controls, but the reason is simplicity. Managing point to point communications is hard. If you put everyone on the same network and just trust nodes to talk to who they need to talk to, then your network design and admin is much easier. After all, nobody should be plugging into an airplane's network, right?

There is a simple reason that you won't see them on the same network - it would NEVER get certified.

Safety take priority over "simplicity"
 
Boeing, IFE experts hit back at hacker claims in FBI report


'Airframers and IFE stakeholders are loathe to say definitively that their systems cannot be hacked because doing so may have the undesired effect of further challenging black hat hackers.

But when reading the FBI search warrant application for Roberts, it’s important to consider that IFE systems on commercial airplanes “are isolated from flight and navigation systems”, Boeing said in a statement after myriad news titles reported the FBI claims as fact.

“While these systems receive position data and have communication links, the design isolates them from the other systems on airplanes performing critical and essential functions.”

IFE is typically certified to Design Assurance Level (DAL) E under the FAA’s DO-178B software guidance for airborne systems. Level E is the least stringent level of rigor put into design, verification and testing, as a fault is expected to have no effect on the safe operation of the aircraft. By contrast, radios are certified as Level D and avionics are Level C.

There are ARINC 429 connections to IFE systems (for mission data) “that are not segmented as diligently as with ARINC 664 Ethernet domains. It would take software manipulations to control the 429 interfaces from a compromised Ethernet connection. Regardless, the IFE ARINC 429 interfaces are not capable of changing automatic flight control modes,” notes industry expert Peter Lemme, who chairs the AEEC subcommittee that builds standards for Ku and Ka satcom systems.

“The claim that the Thrust Management System mode was changed without a command from the pilot through the mode control panel, or while coupled to the Flight Management System is inconceivable,” he adds.'

https://runwaygirlnetwork.com/2015/05/boeing-ife-experts-hit-back-at-hacker-claims-in-fbi-report/
 
The guy was using a Linux distribution built for security testing (Kali Linux). I've done some work with Kali before too, I agree it has some nasty stuff on it. With it, I would never rule out the ability for someone to hop through operating systems and come out another interface, especially when everyone expects the system to be isolated and never penetrated.

I'll also note there's a reason the word "inconceivable" is frequently is used when describing a security breech. It simply says they don't understand, not that it can't happen.
 
The guy was using a Linux distribution built for security testing (Kali Linux). I've done some work with Kali before too, I agree it has some nasty stuff on it. With it, I would never rule out the ability for someone to hop through operating systems and come out another interface, especially when everyone expects the system to be isolated and never penetrated.

I'll also note there's a reason the word "inconceivable" is frequently is used when describing a security breech. It simply says they don't understand, not that it can't happen.

The equipment doesn't even share the same power bus. Air gaps are tough to get through...
 
If he gained access to a box which provides GPS data, it isn't much more of a leap to spoof GPS data and make the aircraft turn and climb while on autopilot, right? He wouldn't need to get access to actual to thrust control if he had access to systems which influence thrust control. I presume an aircraft still increases thrust when it climbs, right?
 
If he gained access to a box which provides GPS data, it isn't much more of a leap to spoof GPS data and make the aircraft turn and climb while on autopilot, right? He wouldn't need to get access to actual to thrust control if he had access to systems which influence thrust control. I presume an aircraft still increases thrust when it climbs, right?

"If he gained access to a box which provides GPS data" - there is a difference between getting data from a box and actually having access to it. Simple way to look at it is: imagine a unidirectional interface. Imagine a Cat 5, 5e, 6 connector with the RX lines cut.

edit: it's not like depicted in hollywood... not everything has open ports... or even actual lines connected to the interweb.
 
edit: it's not like depicted in hollywood... not everything has open ports... or even actual lines connected to the interweb.

Shhhh....

movies-hackers-600.jpg
 
"If he gained access to a box which provides GPS data" - there is a difference between getting data from a box and actually having access to it. Simple way to look at it is: imagine a unidirectional interface. Imagine a Cat 5, 5e, 6 connector with the RX lines cut.

edit: it's not like depicted in hollywood... not everything has open ports... or even actual lines connected to the interweb.

Is your entire rebuttal based on a belief he lied about what he did? Well in that case, there's nothing to do, the systems are secure, nobody can do this. But that isn't what the FBI believes.

All those boxes are running some operating system, frequently a version of unix, and he said he used some default passwords to gain access. Unless you have inside knowledge that those systems were hardened 7 years ago and have been kept up to date, I have to believe that it's entirely possible. He had diagrams of the communications flow, so he obviously had some knowledge and a plan on how to influence.

No, everything doesn't have open ports, but vulnerabilities exist in things that are there. If there's a web interface running, there are about a dozen ways I know to break through it and gain access to a privileged shell. Example, were they using / are they still using the old Log4J/Log4Shell packages because it's inconceivable that hacking occurred, so don't update a system that isn't broke?? The programs to access vulnerabilities like them is a big part of what is in Kali. I worked for years as a network and security engineer and been a developer on unix. I've done pen testing of my own systems. I'm not talking from having watched movies from hollywood, I've done this work . Give me legal access to an airplane and I might be able to replicate what he did.
 
Is your entire rebuttal based on a belief he lied about what he did?

No. It's based on how aviation systems are developed and certified, how aviation systems are actually implemented, the physical interconnections.

your classic pen testing experience and skills won't be particularly useful on systems that aren't running unix or windoze or the like.

Gain all the access you want to the IFE, it won't get you to the FMS.
 
Gain all the access you want to the IFE, it won't get you to the FMS.

If I can spoof the GPS data, I don't need the FMS. You don't have to take over every node of a system to control it.

Sigh...
 
The equipment doesn't even share the same power bus. Air gaps are tough to get through...
The quote above says that they actually are connected for data. No air gap. That doesn't mean the hacker is telling the truth.
 
Back to the OP's original posting... it was AA.

The rest of you may not understand, but all the voices in my head are laughing so hard that the people next to me are turning and looking.
 
Do airliners use SAASM GPS?

Apparently not, but that's just one hypothetical.

But beyond that, the aviation industry believes there's a problem. To quote - "Our rules have always been focused on safety…We put safety layers to stop something from happening, but we assume that it happens just by chance when all things align. We never thought about somebody trying to exploit those vulnerabilities or flaws". Security has not been designed into the systems because nobody was ever supposed be on the system to hack it. The standards were published 8 years ago and in govt timelines, that means the information is probably 10-15 years old.

If there was no problem, there wouldn't be an industry push to secure systems. The FAA would not have a new Aircraft Systems Information Security/Protection group.

EASA, FAA Officials Talk Cybersecurity Policy Updates for Connected Aircraft Systems - Avionics International (aviationtoday.com)
 
Apparently not, but that's just one hypothetical.

But beyond that, the aviation industry believes there's a problem. To quote - "Our rules have always been focused on safety…We put safety layers to stop something from happening, but we assume that it happens just by chance when all things align. We never thought about somebody trying to exploit those vulnerabilities or flaws". Security has not been designed into the systems because nobody was ever supposed be on the system to hack it. The standards were published 8 years ago and in govt timelines, that means the information is probably 10-15 years old.

If there was no problem, there wouldn't be an industry push to secure systems. The FAA would not have a new Aircraft Systems Information Security/Protection group.

EASA, FAA Officials Talk Cybersecurity Policy Updates for Connected Aircraft Systems - Avionics International (aviationtoday.com)

It's happening with cars, too.

https://www.caranddriver.com/news/a37453835/car-hacking-danger-is-likely-closer-than-you-think/
 
..I'm very happy I spend all my money on flying and new cars don't interest me. 'Smart' tech horrifies me. If my current ride should give up the ghost I'll be looking for a mid 70s Land Cruiser. The last thing I want is full time connectivity, over the air updates, and a giant touchscreen that takes 5 menues and 16 clicks to change the volume or the temperature and has an aesthetic experience that is disharmonious with the car itself.

Turo'd a nice Tesla recently. Drove really well, acceleration was brisk.. I 'got' the hype. But once that 20 minutes of 'wow this is cool' faded I started to really hate the thing.
 
Back
Top