back to article Feds: Bloke 'HACKED PLANE controls' – from his PASSENGER seat

The FBI has accused an infosec security researcher of hacking into the controls of a United Airlines plane in midair via the inflight entertainment system, causing the aircraft to temporarily fly "sideways". Infosec chap Chris Roberts allegedly made that audacious claim to special agent Mark Hurley of the FBI, who subsequently …

  1. Craig 2

    In my book, just the fact that the flight control & entertainment systems are linked is proof of negligence and reckless endangerment by the manufacturer.

    1. DryBones

      A-freaking-men. Yet another example of trying to ignore the message, then shooting the messenger.

      1. Christoph

        "shooting the messenger

        No. If he'd just reported the problem, or hacked it while on the ground and stationary, then yes. But apparently he hacked into and changed the operation of an aircraft in flight.

        How could be absolutely certain that this would not have any other consequences? It's not impossible that he could have crashed the system badly enough to crash the aircraft. He was utterly irresponsible and deserves the book thrown at him. An aircraft with passengers is not his toy to play with to show off what a great hacker he is.

        1. Gordon 10

          correction Christophe

          That what's the feebs are saying he did. From his tweet its sounds like they have muddled the work of 5 years into the events of 1 flight. He has presumably other ways of testing his hacking ie against simulated systems running the same code base.

          It always pays to assume The Man has an interest in bigging up the case in these scenarios.

          1. Annihilator

            Re: correction Christophe

            "That what's the feebs are saying he did."

            @Gordon 10 - actually that's what the Feds are saying *he* said he did.

            1. War President
              WTF?

              Re: correction Christophe

              I'm guessing the FBI guys either outright lied or through sheer, massive lack of understanding, misrepresented the facts in the "interview" with him. I don't have links handy, but I know he's said in the past that he's gotten access to flight controls IN A SIMULATED ENVIRONMENT. Of course, all the major airplane manufacturers claim that there is no connection between the in-flight entertainment system and the flight controls system. So, which is it, are the flight controls on a network connected to the entertainment system or aren't they? Can you really just find a tombstone under any number of aisle seats, pop it open, and plug in (with a little fiddling) to the network and take over the plane?

              1. Anonymous Coward
                Anonymous Coward

                Re:no connection between [IFE] system and [critical] systems.

                "all the major airplane manufacturers claim that there is no connection between the in-flight entertainment system and the flight controls system."

                1) Their PR people would say that wouldn't they. And other employees aren't contractually allowed to comment.

                2) There's a lot of wriggling going on here, trying to avoid admitting that critical data and noncritical data may (sometimes do) share the same physical network wiring on a modern aircraft equipped with AFDX/CDN/ARINC664 (not to be confused with old skool stuff like ARINC429 where there's no scope for sharing).

                Think about VLANs in the datacentre. Logically separate networks over physically shared cables. Now, in your datacentre vLAN, what is the correct answer to "is the management vLAN separate from the backbone network?". Yes, no, "it depends", all may be valid answers for the same setup, depending on context.

                On an aircraft network there are lots of other additional design and implemetation constraints intended to make it "safe" for aircraft use.

                If the equipment design is correct and has been correctly implemented with no potentially worrying loopholes or failure modes, all should be OK.

                Note: ***should be*** OK. And almost all the time, it will be OK.

                Is anyone going to offer a guarantee that it won't ever misbehave in an exploitable way? That would be a brave person.

          2. Alan Brown Silver badge

            Re: correction Christophe

            "It always pays to assume The Man has an interest in bigging up the case in these scenarios."

            Exactly.

            And in any case if he managed to pull what they said he pulled it would be all over the aviation press as uncommanded activity causing the pilots to declare an inflight emergency and precautionary landing.

        2. PleebSmash
          Mushroom

          no punishment

          >He was utterly irresponsible and deserves the book thrown at him.

          The ends justify the means. As it stands hundreds or thousands of people are flying in identical airplanes right now and could crash the plane using the entertainment system. The longer a crappy manufacturer keeps a problem like this under wraps, the more entrenched the problem becomes. If Roberts has been talking about these issues for years, clearly he needed to endanger lives to save lives. If he gets punished for this, he should be pardoned.

          1. JustNiz

            Re: no punishment

            > hundreds or thousands of people are flying in identical airplanes right now and could crash the plane using the entertainment system.

            If you're going to make such a bold statement you need to back it up with some actual facts. As a senior software engineer that works in avionics I can tell you that this claim is both technically impossible and also utter bullshit. The entertainment network (or anything else) isn't in any way connected to the avionics network and they are VERY careful about that.

            1. Bleu

              Re: no punishment

              OK Niz, what you say makes sense.

              I admit, this story had my bullshit detector on overload.

              Given that, for example, sensitive military hardware control systems have not uncommonly been Internet connected (maybe not lately, but several examples were obvious at the time of the Iraq invasion, 12 years ago), are you 100% sure that no manufacturer would ever do such a screw-up?

              I can see your logic.

              If you read, for example, the Wired article, Roberts says he set up a simulation system at home, using some of the same components as in the real vehicles, researched the manuals, pulled off the tricks on the simulator, then repeatedly did it, at least to the data-logging level, on flights, and claims to have had control over critical systems at least twice.

              Is it just a massive hoax or a massive flaw in design of the 'Dreamliner', presumably the aeroplane in question?

        3. Anonymous Coward
          Anonymous Coward

          It is conceivable that he could have reached the aircraft systems but I can't believe he could be so dumb as to try to alter flight characteristics while the plane is in the air. Plane crashes, 150 people die but self-righteous hacker scored a moral victory and got some publicity for his book/company. Except that he'd be dead too.

        4. Uffish

          Re: Man HACKED PLANE controls from his PASSENGER seat

          @ Christoph

          Judging from the article you can't be absolutely certain that the guy in the next seat with the laptop couldn't deliberately crash the plane so we should be extremely grateful for Chris Robert's actions. Please go and head-butt a library until you calm down.

        5. Tom 13

          @Christoph

          Allegedly hacked it while in flight. That seems to be one of the points in contention.

          Normally I give the benefit of the doubt to the gmen because they've got a tough job and these days cops are everybody's second favorite bogey man. But the bit about flying the airplane sideways makes me dubious about the warrant.

      2. Doctor Syntax Silver badge
        Facepalm

        @ DryBones

        Yes shooting the messenger is always such a good idea.

      3. chris 17 Silver badge

        so has it been confirmed by an independent third party that what he said is true?

        My understanding is that the in-flight entertainment and the flight operations systems are air gapped, completely preventing this type of thing.

        Jumping to conclusions because someone you don't know said something was wrong with something is popular around these parts.

        This is where a proper criminal justice system wins over the internet court of hearsay.

      4. Shannon Jacobs
        Holmes

        Not even the first messenger

        Actually Richard Clarke specifically mentioned the linked networks in an airplane (not sure if it was that model) in a book "Cyber War", which was published several years ago. However, I think his #1 concern was for the links between the Internet and the power grid controls.

    2. Anonymous Coward
      Anonymous Coward

      Not the first time an IFES has caused a problem, see this deadly crash caused by shoddy install:

      http://en.wikipedia.org/wiki/Swissair_Flight_111

      1. Destroy All Monsters Silver badge
        Facepalm

        Not the first time an IFES has caused a problem, see this deadly crash caused by shoddy install:

        Quite so. There is a clear link between the IFES failure and loss of plane control: electric power. Arrest it now!!

      2. Anonymous Coward
        Anonymous Coward

        Not a very good Wiki

        @AC:

        "Not the first time an IFES has caused a problem, see this deadly crash caused by shoddy install"

        That is a miserably imprecise, and therefore not extremely useful, Wiki article

        The exact cause was specified as failure of the Kapton wiring insulation

        https://en.wikipedia.org/wiki/Kapton

        which caused arcing and then ignition of the Kapton insulation. The fire then spread, inside the enclosed overhead wiring space, to the insulation within the overhead space and spread into the main cockpit undetected, until it was too late.

        Kapton was found, after hundreds of thousands of miles of it had been installed in airplanes all over the world, to have excellent insulation properties for its weight but, unfortunately, horrible physical abrasion resistance. It is believed Swissair 111 was downed due to physical abrasion failure of the infotainment wiring harness; all MD-11 infotainment systems were shut down by all carriers out of concern until the exact cause was determined by the NTSB. Swissair 111 was one of the key factors of Kapton being pulled from all those planes after the fact.

        A sad, horrible tale.

        One can say that the Douglas DC-10 (the MD-11 was the revised, stretch version) was cursed.

      3. Deltics

        Oh FFS

        Seriously ?

        The issue in that crash was an arc in the wiring of the IFES, NOTHING TO DO WITH SYSTEMS OR SOFTWARE BEING INTEGRATED. i.e. it was a WIRING issue that could have arisen with ANY electrical component that involved a wiring loom.

        Also worth noting is that this is presumed to have been the initiating cause of the fire, but the primary finding of the investigation was that the materials used for retardation of combustion were inadequate. There was no finding of any causal relationship directly attributable to the IFES that gave any cause for changes to that system to be either considered or even recommended.

        Posting a link to that incident with the implication that this somehow "PROVES" that IFES hacking is possible or that IFES issues have previously been shown to be involved in the downing of an aircraft, not to mention loss of life is frankly downright irresponsible not to mention offensive to the memories of those that died in that crash, and their families.

        1. Anonymous Coward
          Anonymous Coward

          Re: Oh FFS

          >not to mention loss of life is frankly downright irresponsible not to mention offensive to the memories of those that died in that crash, and their families.

          You made your point and then had to go right over the top and ruin it. You'd think the original poster was denying the holocaust or something.

      4. Afernie

        "Not the first time an IFES has caused a problem"

        "Not the first time an IFES has caused a problem, see this deadly crash caused by shoddy install:"

        You could have as easily said ""Not the first time <system X> has caused a problem, see this..." Even if the theory regarding Swissair 111 is correct, the wiring caused the fire, the IFES wasn't sitting in the fuselage with a zippo lighter, chuckling maniacally.

    3. Anonymous Coward
      Anonymous Coward

      Anyone care to comment on this? I work now in medical software, and even though I see no end of shit code and design every day, linking these systems like this would be a new low. Could they really be so dumb?

      1. Trigonoceps occipitalis

        Could they really be so dumb?

        Its a triumph of hope over experience but I really, really hope they are not so dumb.

      2. swampdog

        Yes. They are that dumb. Aircraft systems are very good but things get dumbed down by the penny pinchers.

        My car ABS refuses to work on ice. All I want is a button to disable ABS when on ice. Never going to happen because of Health & Safety.

        This happens every few years with aircraft. Services are extended or whatever. People die. Lessons "are learned".

        1. JeffyPoooh
          Pint

          Buy a Mercedes

          "My car ABS refuses to work on ice. All I want is a button to disable ABS when on ice. Never going to happen because of Health & Safety."

          My Mercedes will, upon command (pressing the brake pedal harder), lock up the wheels at slow speeds. Great for studded tires on icy hills.

          1. msknight

            Re: Buy a Mercedes

            "My Mercedes will, upon command (pressing the brake pedal harder), lock up the wheels at slow speeds. Great for studded tires on icy hills."

            And presumably no use whatsoever for the UK where studded tyres aren't allowed! :-)

        2. Anonymous Coward
          Anonymous Coward

          My car ABS refuses to work on ice. All I want is a button to disable ABS when on ice. Never going to happen because of Health & Safety.

          Pull the fuse on the ABS pump. No power, no pump; no pump, no ABS.

          Anon because if you do this and make a mess / fireydeathball, I don't want your mum taking me to court.

        3. Anonymous Coward
          Anonymous Coward

          > My car ABS refuses to work on ice. All I want is a button to disable ABS when on ice.

          You may want to consider

          a) A defensive driving course (to keep you off the ice in most instances)

          b) An ice driving course (to teach you what to do when Plan A has failed)

          c) (Optional) A race driving course (to teach you about threshold braking)

      3. Anonymous Coward
        Anonymous Coward

        Yes, they could be that dump

        I was once looking through some assembler code and found the comment in the error handling after a call to the OS, which read: "error at this point too horrible to contemplate". The program then continued as though successful.

        Subsequently, several years experience in IT at a major airline also convinced me that much airline-related software is, shall we say, NOT of the highest quality standard.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yes, they could be that dump

          "error at this point too horrible to contemplate"

          As long as this wasn't in critical code it's not unusual. There's an old programming rule: "never test for an error you can't handle".

          1. Anonymous Coward
            Anonymous Coward

            Re: Yes, they could be that dump

            Strange been programming commercially for about 32 years now and never heard that rule, please tell me what systems you have worked on so I can avoid them, perhaps a better rule is "don't program if you can't handle errors'.

            1. Jeffrey Nonken

              Yes, they could be that [dumb]

              "Strange been programming commercially for about 32 years now and never heard that rule..."

              So have I, and I've heard it. I also understand it.

        2. Anonymous Coward
          Anonymous Coward

          Re: Yes, they could be that dump

          "experience in IT at a major airline also convinced me that much airline-related software is, shall we say, NOT of the highest quality standard."

          Good job the airlines don't write the software for the aircraft then.

          Not that the likes of Boeing, Airbus, and their safety-critical subcontractors are necessarily better. But they are *supposed* to be better at doing safety critical stuff than (say) the people doing seat allocation software.

          1. cortland

            Re: Yes, they could be that dump

            I've worked (NB: on hardware, NOT in the SW group) for a firm that, among other things, has written flight control software. It's tightly regulated to prevent vulnerabilities, and requires a really horrendous* effort to verify. See http://www.adacore.com/gnatpro-safety-critical/avionics/do178b//

            *Except when verification catches something.

            1. Anonymous Coward
              Anonymous Coward

              I'm not sure DO178 is what you think it is

              Lots of words and no TLDR. Sorry.

              "I've worked (NB: on hardware, NOT in the SW group) for a firm that, among other things, has written flight control software."

              Excellent. I've worked with/for firms that do safety critical hardware and software for aircraft. Since a long time ago.

              "It's tightly regulated to prevent vulnerabilities"

              DO178 ? It's tightly regulated to ensure a defined process is followed. Whether this prevents errors and vulnerabilities is an entirely separate discussion.

              E.g. when a DO178 audit is done, the auditors main task is to ensure that the development process is appropriate and properly documented, and that work follows the documented process. They will not spend much time looking at the actual design, code, tests, etc.

              An earlier commenter in another thread described DO178 certification as "tick list" stuff and it's not far wrong. "Best engineering practice review" it surely isn't.

              "requires a really horrendous* effort to verify."

              It does indeed, which is why one big name aerospace company I'm familiar with now wants verificaton to be done largely (preferably solely) on the design, rather than the implementation of the design. It's so much cheaper to verify the design, then generate the implementation from it and take it on trust that everything is bug free and perfect. What could possibly go wrong?

              Unfortunately for the beancounters, aircraft aren't operated by designs, they're operated by implementations. But that won't become obvious to the beancounters until there's a significant price to pay.

              Quite how verifying the design actually helps verify the implementation is a question which the good people at Adacore, and others elsewhere, might want to think about. After all, no Ada compiler ever had code generation bugs that ACVC, ACATS, etc, didn't discover, did it.

              Same for hardware - if the design passes its validation suite, the actual hardware must be right, mustn't it, so no need to test the actual hardware.

              So following these principles you could switch a design and its implementation from one model of PowerPC to another, or from PowerPC to something completely different (ARM? does anyone ever use ARM for safety critical avionics?), and nothing would need to be re-tested, re-validated, whatever.

              Very nice (for the beancounters). Not so nice for the people in the aircraft.

              If you want something a bit closer to "best engineering practice", MISRA might be a place to start. Maybe.

        3. Anonymous Coward
          Anonymous Coward

          Re: Yes, they could be that dump

          > several years experience in IT at a major airline also convinced me that much airline-related software is, shall we say, NOT of the highest quality standard.

          Airline != Aircraft Manufacturer, me dear chap.

      4. Tom 13

        Re: linking these systems like thislinking these systems like this

        Depends on exactly what the system is carrying and how they are linked.

        If the IFE is carrying internet traffic (which seems to be an up-selling point these days) and sending other data about the flight via the internet, you probably can't afford the weight for two independent receiving systems. Frequently a logical separation is deemed sufficient. Of course that needs to be properly implemented and is subject to attack.

    4. chivo243 Silver badge

      right on!

      From my post a few weeks ago:

      Why?

      Is there such important connections in the passenger cabin? And why are they active during a flight? Surely any need for such connections would be when the plane is on the ground for maintenance and not in the air?

      http://forums.theregister.co.uk/forum/1/2015/04/22/fbi_tsa_hcker_panic/

    5. Richard 12 Silver badge

      No, he did not.

      Because this did not happen. At all. It is impossible.

      He may have hacked into the inflight entertainment system. That's probably fairly easy as I doubt it's particularly hardened.

      But there is not, has not and never will be a backchannel that is physically capable of sending anything from the passenger cabin data systems into the flight control systems.

      The FBI are talking utter bollocks.

      1. The Axe

        Re: No, he did not.

        "The FBI are talking utter bollocks."

        As are the commentators above you.

      2. cordwainer 1

        Re: "utter bollocks", other sources show FBI and LE not that stupid

        If you read some other news sources, you'll find this quote:

        "Senior law enforcement officials said Sunday that no evidence gathered thus far suggests that such a capability, as outlined by Roberts, exists. 'While we will not comment on specific allegations, there is no credible information to suggest an airplane's flight control system can be accessed or manipulated from its in flight entertainment system. Nevertheless, attempting to tamper with the flight control systems of aircraft is illegal and any such attempts will be taken seriously by law enforcement.'

        That last sentence is a major point, i.e., that even ATTEMPTING to tamper with actual flight controls is a crime. So is CLAIMING you've tampered with a plane, or passenger safety, whether you did or not.

        Roberts is the one who is stupid, if he actually told the FBI he managed to issue a Climb command during a commercial flight - potentially endangering everyone on board - yet somehow figured he wouldn't get in trouble for his statements. He's also stupid if he really thinks even jokingly threatening to release cabin oxygen masks is not going to get the Feds' attention.

        That he actually DID tamper with locked, sealed onboard equipment is sufficient for him to be charged with a crime for that matter. Hell, it's illegal to tamper with the restroom smoke detector, and people have been charged and fined for that. Why would Roberts think tampering with the entertainment system - especially in the way he described - would be any different? He's not crew or airline personnel. That stuff is off limits to passengers - Period.

        So his tweet was not substantively different than someone claiming they managed to sneak a gun onboard. Or phoning in a phony bomb threat. You may not actually have sneaked a gun on. You may not have actually planted a bomb. But sneaking a gun onto a fight is a felony, as is making a bomb threat, or having a bomb onboard, whether true or false.

        So it's a GOOD thing the FBI and other agencies check out ALL those comments to make sure there is no real danger. And it's a good thing they prosecute idiots who try similar scare tactics.

        In Roberts case...when you claim you have, multiple times, interacted with actual flight control systems, AND you claim you intentionally, however briefly, took over control from the actual pilots....well, you should be smart enough to know of COURSE the Feds are going to have a nice long talk with you, and explain why messing around with any onboard system is a big, BIG no-no, whether you do any harm or not

        Frankly, I also think Roberts is full of crap. But it's unbelievable he doesn't "get" that his claims and tweets are the same as joking about a bomb to your seatmate while getting ready for takeoff. You just don't do that shit.

        1. Uffish

          Re: You just don't do that shit.

          Only because idiots have rushed through stupid laws that give draconian powers to goons; laws that must subsequently be implemented by law enforcement and legal system people.

          There was nothing that the existing security, safety and "wasting police time" laws etc couldn't have coped with but "Something must be done !" was called by those who had no idea what to do.

          Good God you can't even make a joke about a possible danger now. Pathetic.

      3. Robot Overlord

        Re: No, he did not.

        This topic actually came up on Paul's Security Weekly podcast 417 and Chris Roberts himself said it's *very possible* but he did not do it. He simply tweeted that he definitely could if he wanted to.

        MP3 of the episode is on here:

        http://wiki.securityweekly.com/wiki/index.php/Episode417

        1. Sotorro
          Thumb Up

          Re: No, he did not.

          Thank you for that link Robot Overlord,

          So the only thing that happened is that while he was on a plane to a airplane security conference, he communicated over the internet with somebody else, reacting on a comment, if the plane could be hacked from it's entertainment system, and he replied with "yes I could do that".

          So,

          A) he did not hack in to the plane systems.

          B) he did not threaten to hack in to it.

          As far as I'm aware admitting that you can hack in to something is not illegal at the moment, and elreg and some commentards have done a great job in pushing the FBI's FUD while really nothing has happened at all.

      4. Mark 85

        Re: No, he did not.

        Boeing has come out and said that hacking from the inflight entertainment system is BS. That there is no comm from IFE to the flight system. My impression is they're taking any flight info (maps, etc.) and passing it down a one way pipe. The flight system never hears if someone hacks it and tries commands.

        I'm thinking either they know and this is true, or they know and are lying. For anyone who flies sake, I hope it's true.

        1. Anonymous Coward
          Anonymous Coward

          Re: No, he did not.

          My impression is they're taking any flight info (maps, etc.) and passing it down a one way pipe.

          If it is a wire, it is a two-way pipe - bugs and 'sploits aside: If nothing else some griefer could try her luck with a nice, fat, transient down the line and "see what happens".

          Some people would think that connecting only the Tx-wires in an Ethernet cable is "one way", but then some of the driver chips are clever enough to be reconfigured for many, many, different modes to make dumb users with the wrong cabling happy.

          1. Anonymous Coward
            Anonymous Coward

            Re: No, he did not.

            "If nothing else some griefer could try her luck with a nice, fat, transient down the line and "see what happens"."

            I understand where you're coming from, but that's not the best illustration.

            Even the dumbest avionics design must reflect the fact that planes frequently get struck by lightning, and stuff has to survive that and ideally remain normally operational. There will be testing that proves that it's done right.

            The bit that may be of more concern (given what I've observed in the industry) is that the designers of some of this stuff are not network experts. The stuff is being shipped in relatively small quantities (vs mainstream network kit). Combine those two and you get kit and/or software with designed-in vulnerabilities that the mainstream network industry sorted years ago, with a sufficiently small user base that any new vulnerabilities may or may not take a while to show up.

      5. fajensen

        Re: No, he did not.

        Sure about that?

        The presentations that I have seen on AFDX, the Latest and Greatest in COTS control systems for Airbus and Dreamliner appears to be all Ethernet, with the separation performed by management system in the switches, f.ex.: http://www.afdx.com/pdf/AFDX_Training_October_2010_Full.pdf

        The in-flight internet would come from the same antenna array as the other traffic so there will be a physical connection over some form of VLAN at least - unless people cut another opening in the hull for more antennas specifically for this purpose, which I don't think is considered "cost effective".

    6. P. Lee

      >he fact that the flight control & entertainment systems are linked is proof of negligence and reckless endangerment by the manufacturer.

      Maybe he hacked the entertainment system, which gave him access to a flight-sim game and he didn't realise it...

    7. klempie

      Entertainment systems networked to flight systems

      It does seem quite unbelievable.

    8. NoneSuch Silver badge
      Alert

      This is why you cannot talk to the FBI or any Federal US agency.

      If you lie to them you can spend one year in jail per offense, but they can lie to you as much as they want to get an admission of guilt.

    9. DrGoon

      They aren't

      However, now that you're willing to accept that they might be, you'll offer no resistance when the TSA decline to allow you to fly with anything electronic or that might be used to permit or hamper the passage of electrons.

    10. JustNiz

      Everything is wrong about this claim.

      I'm a senior software engineer working in an avionics company and can tell you not only are they not even on the same network, they're very carefully partitioned in every way.

      I remain convinced that there's no way this claim is even possible. Not only is there literally no way to access the avionics network from a passenger seat (short of tearing up the walls/floor to get to the actual cabling). Even if you somehow did theres still no way an unknownunauthorised unit on that network can just issue a "climb" command to an EMC (Engine Management Computer) thats total baloney. Apart from anything else no such single command even exists in the first place.

      1. fajensen

        they're very carefully partitioned in every way.

        Which way? If it is via switches and firewalls, then I would not trust the separation to hold - the qualification process guarantees that the installed hardware and software is always *generations* behind The Internet. I read (in Wired, I think) that they (Boeing) wired the entertainment network via plastic junction boxes under the seats. Not very inaccessible.

        Separate physical cabling all the way, separate antennas, that might actually work for a while.

        .... At least until some moron tries his EMP-device on the plane.

  2. James 51

    If he can make a plane fly sideways expect someone from the USAF to pay him a visit and offer to make all his problems go away.

    1. SkippyBing

      Seconded, if you increase power to one engine you'll initiate a turn but it's not going to go sideways.

      It sounds like whoever wrote the Feds press release should be working for the Daily Mail...

      1. werdsmith Silver badge

        Seconded, if you increase power to one engine you'll initiate a turn but it's not going to go sideways.

        Are you sure? Not even for milliseconds? If the systems automatically move control surfaces to counter. It is possible to get a slight amount of yaw so the plane is flying a small amount off its long axis. Not aerodynamically very good, and will likely be noisy and buffety at cruise speed for a degree or less yaw.

        Smaller, lighter aircraft can fly "crossed controls" in order to crab, it helps give aerodynamic drag when needed (for instance descending without flap available without picking up too much speed, or countering a crosswind).

    2. Natalie0000

      I don't know as if the USAF would offer him a private security contract now after how he went about it. Back in the 90's yeah he would have got a good contract, but there is too much competition now.

      1. James 51

        It's not for infosec, it's for being able to make a passenger jumbo do stuff that even fighters can't do i.e. fly sideways.

        1. Danny 14

          Well, at speed; ducted fans can move an aircraft sideways when hoveringnplus helicopters can utilise ground effect.

          As for Roberts, he'll get shafted. Air paranoia is high, see what happens when you mention 'bomb' regardless of context. If people get wind of daily mail headlines of 'ipad hacks plabe to remote control engines' then we will be back to reading paperbacks again.

    3. Annihilator
      Headmaster

      "He stated that he thereby caused the one of the airplane engines to climb"

      He might have caused one of the engines to throttle up, but an engine doesn't "climb" by itself.

      It might be more accurate to say that either he:

      1) caused the engine to throttle up, causing the aircraft to yaw as it pulled one wing ahead of the other.

      2) managed to get a wing to climb (effectivel banking the aircraft), which could have induced a slight lateral stall which could be described as a sideways movement.

      But then again, the only person that says any of this happened is him. I'm not convinced.

    4. Vic

      If he can make a plane fly sideways expect someone from the USAF to pay him a visit

      Nah. Making a plane fly sideways is really quite easy. Initiate an aileron roll, and put in top rudder.

      I was doing it on a glider last week. That was quite scary. I've not done much glider flying...

      Vic.

  3. Anonymous Coward
    Anonymous Coward

    Is Douglas Adams back?

    Next step hack into elevators, infuse them with a neurotic consciousness and let them experiment with lateral (sideways for FBI agents) travel.

    https://www.youtube.com/watch?v=wgpjJfJdsQY

    1. Robert Carnegie Silver badge

      Dilbert

      http://dilbert.com/strip/1997-09-10 yo.

      Then the plane crashed on September 11th! 1997!

      DO YOU SEE!

      (see what, I have not yet worked out, but surely it means something... maybe that Scott Adams went back and switched the dates on some cartoons)

      1. NichR

        Re: Dilbert

        Presumambly you've all seen http://www.funnychill.com/media/747/found_new_hardware/

  4. Destroy All Monsters Silver badge
    Holmes

    FBI levels of retardation and career-chasing

    We haven't made any progress from when it was feared that Kevin Mitnick could start WWIII from prison by whistling launch codes in DTMF into the phone if any were provided to him to him, right?

    Don't they have some terrorist sleeper cell to "incite" and then drag off to the cleaners?

    1. LucreLout

      Re: FBI levels of retardation and career-chasing

      We haven't made any progress from when it was feared that Kevin Mitnick could ...

      Quite. I'm losing count of the number of department managers I've bought his books for; usually after they make such dumb statements as "our systems are secure". I accept there's a degree of artistic licence in all book writing, but Mitniks books are accurate enough that the empty suits get the message.

  5. Anonymous Coward
    Anonymous Coward

    Where is common sense these days?

    Someone checks to see if they can access cockpit control through the airplanes (secure?) network, they can, they tell you about it and you arrest them?

    What are these people on?

    Get the details, remove the problem (threat) job done and say thank you.

    If it wasn't for people messing around with networks/planes/security and telling you about them then all your networks would eventually be compromised.

    1. Steve Knox
      Facepalm

      Oversimplification

      Someone checks to see if they can access cockpit control without permission through the airplanes (secure?) network while the plane is in flight with passengers onboard, they can, they tell you about it and you arrest them?

      That's what the question actually is. And the answer to that question is "yes".

      Testing the systems in a controlled environment, with permission from the system owners? Fine.

      Testing the systems in a controlled environment without permission? Questionable at best.

      Testing the systems in an uncontrolled environment without permission? Not acceptable.

      Telling the FBI that you're even hypothetically capable of performing an act which can be interpreted as a crime, the breaking of which could make some agent's career? Absolutely Fucking Stupid.

      Why is this so hard to understand?

      1. swampdog

        Re: Oversimplification

        Because those cheapo, lowest bidder avionics are going to be in our military kit?

        1. Danny 14

          Re: Oversimplification

          What would have happened if he was correct though? And he couldn't cancel the climb request? Or the avionics crashed? Hence the need to do this on the ground.

      2. Michael Wojcik Silver badge

        Re: Oversimplification

        Someone checks to see if they can access cockpit control without permission through the airplanes (secure?) network while the plane is in flight with passengers onboard, they can, they tell you about it and you arrest them?

        That's what the question actually is.

        No, the question actually is "What did Roberts actually say and do?". I, for one, don't trust any of the reporting on this story. I certainly don't trust what the FBI are (quoted as) saying.

      3. Oninoshiko

        Re: Why is this so hard to understand?

        I can commit the perfect murder.

        That doesn't mean I DID commit the perfect murder, or that I have murdered anyone.

        Why is this so hard to understand?

    2. Anonymous Coward
      Anonymous Coward

      Get the details, remove the problem (threat) job done and say thank you.

      Except that he claimed to have used the flaw to hijack the plane, albeit briefly, thus making himself the threat, and now he wants a medal for it? Drop the asshole in a deep hole somewhere. And fix the problem (assuming it isn't imaginary, as it likely is) of course.

  6. Tromos

    Not total madness, just 90%.

    I assume the reason for the linkage between the flight management systems and the entertainment kit is for the purpose of information display. The bit where the film finishes and there's still an hour to go where they show slides of position on a moving map, airspeed, outside temperature, altitude, ETA, etc.

    The last couple of flights I was on were showing the route. Unless someone is going to go to the trouble of loading all this information into a separate system, a link is required. The stupid part is allowing control commands through the link (especially the fly sideways instruction!).

    1. SkippyBing

      Re: Not total madness, just 90%.

      I suspect the position information is at least from a separate GPS antenna, at least judging by the BA flight I was on to Jordan where the position on the map would go 10 miles forwards and then jump back to the current position every five seconds.

    2. JeffyPoooh
      Pint

      Re: Not total madness, just 90%.

      The only common connection is power. The rest is BS.

      1. Ken Hagan Gold badge

        Re: Not total madness, just 90%.

        I doubt they even have a common power supply. If you were designing a plane and had a battery backup in case the generators went out, would you let the in-flight entertainment system drain the battery whilst the pilots tried to make an emergency landing?

  7. phil dude
    Joke

    simulaton vs experiment.

    I thought it was clear (over in Ars) that the researchers comments were confused by an FBI agent that did not understand the technical nature of them.

    As evidence they gave the researcher is not in clink, as this clearly *would be* a serious problem.

    It looks as if there is some arse covering going on. The Fed's are acting as if they know what is going on. The researchers gets loads of press and not an orange jumpsuit, and United are offering airmiles (AHA H AHHA HAHA HAHAHAH ) to solve their IT problems.

    Joke Icon doesn't cover it...

    P.

    1. Destroy All Monsters Silver badge
      Headmaster

      Re: simulaton vs experiment.

      Joke Icon doesn't cover it...

      Indeed it doesn't. It's a sad indictment of the level of intelligent discourse that, today, passes as acceptable.

      No wonder we risk going to "nucular" war with Russia while making fart jokes over Ukrainian gas.

  8. Anonymous Coward
    Anonymous Coward

    Lemmings !

    You people cannot possibly be this naive. Someone is having a huge joke on all of you. There simply is no crossover between OE and secured avionics. It's like saying you can start your neighbor's car using the light switch in your closet. It simply cannot be done. Yes, they both use electricity and that's the end of it. On-board avionics are secured through fire-walls and communications protocols that are vastly different depending on the level of certification of the platform involved. There simply is no cross pollination between the systems. And you cannot "reprogram" code that is in the Flight Controls arena; for starters, it's EXECUTABLE code not Source code and unless this guy brought his own compiler on board and reverse engineered the 100,000 lines of code, inserted his changes, re-compiled it, re-loaded it, etc etc etc, this whole thing is a huge April fools day farce. Get real !

    1. ecofeco Silver badge

      Re: Lemmings !

      Naive? Because we all work in the aircraft industry?

      Oh wait, no we don't. So just how the fuck are we supposed to be experts?

      1. Anonymous Coward
        Anonymous Coward

        Re: Lemmings !

        > So just how the fuck are we supposed to be experts?

        You're not, but it would be reasonable to do 5 minutes of reading and apply some common sense rather than just believing what is written on the internets, and then spouting off about how terrible the world is ...

        [You in the general sense, not you specifically]

      2. Anonymous Coward
        Anonymous Coward

        Re: Lemmings !

        So just how the fuck are we supposed to be experts?

        If you're not an expert then, to quote a recent French President, you've missed a good opportunity to shut up.

    2. Beaver6813

      Re: Lemmings !

      Whilst I agree that the on-board avionics systems would be kept separate from the in-flight entertainment system; your assertion that someone could not "reprogram" an executable is incorrect. If we're presuming it was already running then you could cause something like a buffer overflow which would provide an entry point for your own code. Alternatively if you knew what you were looking for and could elevate access then you could patch an executable (which is how cracked games work). Would they have protection against these attacks? I hope so. Will they have every scenario covered? Probably not.

    3. tech_agitator

      Re: Lemmings !

      I concur with your post. I am smelling some male bovine excrement in the story. However, it is fun to watch how the story spreads.

    4. Solosolo

      Re: Lemmings !

      There is no crossover, yet there is also a firewall? And hackers are stumped by executables?

      And if we are naive, can you point to some online sources that we really ought to have consulted to determine the structure of airplane computer systems?

      I do think we might agree on one point: if people can't determine after reading several articles at Ars Technica and The Register whether the two systems are even *connected* or not, then either the articles are weakly researched, or such essential details are kept under wraps -- quite possibly both.

      1. Destroy All Monsters Silver badge
        Gimp

        Re: Lemmings !

        I do think we might agree on one point: if people can't determine after reading several articles at Ars Technica and The Register whether the two systems are even *connected* or not, then either the articles are weakly researched, or such essential details are kept under wraps -- quite possibly both.

        It is a good question but I can at least say that there are people thinking about the security implications at aerospace companies and making doubly sure that data goes only one way. Sure there may be undiscovered problems, but SOHO routers these ain't.

        1. Richard 12 Silver badge

          Re: Lemmings !

          Planes don't even use Ethernet as it is generally understood.

          They have a set of switches that have hardcoded (from factory) routing tables and paranoid behaviour.

          One of the things they do is to blackhole a packet (and if necessary, shut down the port) coming in a physical port that is addressed to an unexpected destination, is malformed or comes more often than expected, because it would indicate a malfunctioning or damaged device.

          Obviously that's also reported to the pilot, who can take the appropriate action (reset or ignore the bad kit)

          1. iranu

            Re: Lemmings !

            ARINC 664 and AFDX are the reference standards.

            So much nonsense on this thread - the word "commentard" has truly been warranted by those who believe all they read on the internet is true.

            1. Anonymous Coward
              Anonymous Coward

              Re: Lemmings !

              " the word "commentard" has truly been warranted by those who believe all they read on the internet is true."

              Right.

              But can we introduce the word "Exceltard" to describe those in managerial and regulatory positions in the industry who seem to work with the belief that if Excel can't tell you about it (cost, schedule, weight, etc) it can't be a problem (quality, security, robustness, etc).

              Two decades ago, engineers were in charge.

              Now, Exceltards are in charge (classic example is the nightmare which is the 787).

              It's not a comfortable feeling for a passenger. Now imagine how it feels for an engineer who wants the right thing to be done. Think about O rings, and Feynman, and pressure to deliver on time and on budget. At any cost.

              [btw I think the FBI claims are nonsense. But there's other stuff going on in the industry which is a whole other kind of nonsense.]

              1. klempie

                Re: Lemmings !

                "Two decades ago, engineers were in charge.

                Now, Exceltards are in charge"

                And three decades ago, engineers made Excel. The irony kinda hurts, doesn't it?

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Lemmings !

                  "And three decades ago, engineers made Excel. The irony kinda hurts, doesn't it?"

                  No pain at all, even if correct. Excel was developed by people who saw what 1-2-3 did, and realised they needed one of those because their own version (Multiplan) was rubbish in comparison. So they copied it and made it better. Engineers can do that. Exceltards can't. Where's the problem?

                  Another good [1] thing about a competent engineer is that a good engineer knows what tool(s) may be appropriate for a given job. They also know when they don't know, and in those circumstances they know to seek competent advice.

                  An Exceltard understands none of that. They understand budgets, staff-hours, deadlines, and maybe if they're really bright, ribbons, and even pivot charts.

                  There is a class of people called "proper managers" who know who their real engineering experts are, and rely on their expert inputs, and are willing to defend their experts against the next layer up where appropriate. This class of people is afaik an endangered species.

                  [1] Or irritating. Depends on management's point of view.

              2. Destroy All Monsters Silver badge
                Holmes

                Re: Lemmings !

                Think about O rings, and Feynman, and pressure to deliver on time and on budget. At any cost.

                If you really want to make a good point, it helps to actually know the story. "Pressure to deliver on time and on budget at any cost" had nought to do with the Challenger Launch Disaster except in hindsight. It was a problem of creeping, uncorrected biases of the risk perception. These are very hard to prevent. More here: Review: The Challenger Launch Decision: Risky Technology, Culture, and Deviance at NASA

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Feynman

                  "If you really want to make a good point, it helps to actually know the story."

                  Fair comment, though I'm not sure I'm reading the same review you're reading (a review of a book by a sociologist, which in itself would amuse Feynman given his views on "social sciences").

                  E.g. I see a paragraph in the book review that says:

                  "In a move to save cost, NASA decided to cut cost on safety testing, this was divergence from the earlier Apollo Program. The Covert report (Eugene Covert, Department of Aeronautics, MIT) concluded that the key components may not have been tested sufficiently and certification of components required more time than that given by NASA, leading to problems with the main engine. Due to economic constraints, success of the program was heavily dependent on success of its business model, which was based on maintaining high frequency of launch to meet financial goals."

                  Which is pretty much what I said, except mine was shorter.

                  Other primary references for the Rogers Commission can be found via

                  http://en.wikipedia.org/wiki/Rogers_Commission_Report

                  So rather than a review of a sociological investigation into the failure, should we look direct to Feynman's own words on the subject, unsummarised, unedited? They're in Feynman's Appendix to the Report, which can be found at, for example:

                  http://science.ksc.nasa.gov/shuttle/missions/51-l/docs/rogers-commission/Appendix-F.txt

                  Back to Feynman's appendix: here are a couple of unedited highlights, but please read the whole document for context:

                  "if we are to replace standard numerical probability usage with engineering judgment, why do we find such an enormous disparity between the management estimate and the judgment of the engineers? It would appear that, for whatever purpose, be it for internal or external consumption, the management of NASA exaggerates the reliability of its product, to the point of fantasy"

                  "Let us make recommendations to ensure that NASA officials deal in a world of reality in understanding technological weaknesses and imperfections well enough to be actively trying to eliminate them. They must live in reality in comparing the costs and utility of the Shuttle to other methods of entering space. And they must be realistic in making contracts, in estimating costs, and the difficulty of the projects. Only realistic flight schedules should be proposed, schedules that have a reasonable chance of being met. If in this way the government would not support them, then so be it. NASA owes it to the citizens from whom it asks support to be frank, honest, and informative, so that these citizens can make the wisest decisions for the use of their limited resources.

                  For a successful technology, reality must take precedence over public relations, for nature cannot be fooled."

            2. fajensen

              Re: Lemmings !

              ARINC 664 and AFDX are the reference standards.

              Sure - but - Is there a cable between the in-flight entertainment systems and the flight systems? The references that I could google up doesn't explain this.

              To all those who claim that this is super complicated to hack and this decades old special hardware is very secure - the example below is kind of what "we" are up against. Some people are very clever and very patient!

              http://hackaday.com/2015/01/22/reprogramming-super-mario-world-from-inside-the-game/

    5. tech_agitator

      Re: Lemmings !

      I just fly the things and do not program the avionics systems. However, I have found your post to be the one that I would consider to be the most likely scenario. It is amazing to watch the propagation of the story. I just saw this "shocking" story on the TV.

    6. Anonymous Coward
      Anonymous Coward

      Re: Lemmings !

      I don't believe he hacked into the control system. More likely he just made the plane appear to flying sideways on the infotainment screens. Even more likely he didn't do anything and it's just a publicity stunt.

      However, it's seriously naive to think that you cannot reverse-engineer and patch executable code. There are people reading this website who make their living doing exactly that. It's very intensive time-consuming work though. Realistically you would have to download the data on one flight, spend a few months analysing it, and then actually perform the hack on another flight.

      I really hope that the flight controls network are properly air-gapped from the passenger systems and they are not simply relying on firewalls. The people who design these system are not idiots, it's unthinkable that they would do it any other way.

    7. klempie

      Re: Lemmings !

      "it's EXECUTABLE code not Source code and unless this guy brought his own compiler on board and reverse engineered the 100,000 lines of code, inserted his changes, re-compiled it, re-loaded it, etc etc etc, this whole thing is a huge April fools day farce. Get real !"

      I'm still stuck on what the mode of connection was. WiFi???

    8. JeffUK

      Re: Lemmings !

      "On-board avionics are secured through fire-walls " Surely implying that they're separated by software only, and not air-gapped... anything is possible.

  9. Anonymous Coward
    Anonymous Coward

    After my common sense post I came to a close conclusion, firstly how did he get onto the planes network?

    wifi? or did he unscrew the panel, if so he would have been spotted by flight attendants.

    If wifi it would be pretty simple to use certain software to get past the security of said wifi unless it was using default setting (which in itself wouldn't surprise me these days, if you go into a bar and see someones wifi called "donkey dick" you know I've been there, right or wrong? if you leave your router with the default settings I'm going to change it for fun and so said bar owner learns about security)

    Something a bit fishy about this story imo...

    1. klempie

      wifi? or did he unscrew the panel

      Oh, snap! You beat me to it.

  10. ecofeco Silver badge

    If you have nothing to hide...

    ... then you having nothing to fear.... comrade.

    Oh wait. Yes you do. Here is just another of the thousands of examples.

    Normally I would say "wait and see," but the FBI is NOTORIOUS for trumping up charges and entrapment, so their credibility is shit.

    1. Marshalltown

      Re: If you have nothing to hide...

      Not much argument about the FBI credibility rating, but . . . Apparently, the dude actually claimed all this to the Feebs, so, they actually had no choice. He is reported to have quite literally claimed to have committed an act which would have endangered everyone on the flight. His tweets don't deny either. They seem to simply claim the FBI conflated FIVE YEARS of activity into a shorter period. I've no idea whether the acts claimed are possible or not, and I doubt the FBI do either. But they can't legally ignore the claim. They are required to take the claim seriously. In fact, assuming that the fellow really did make such a claim, and that it is in fact impossible, he'll still spend time in a cell for wasting their time with a hoax.

  11. Nanners

    u need security

    luckily I can sell it to you.

  12. Will Godfrey Silver badge
    Unhappy

    Presumably the feds just 'know about these things' so we should all relax and let them get on with it.

    Yeah Right.

  13. Anonymous Coward
    Anonymous Coward

    he should have known better

    This is what always happens when you speak to investigators as a suspect without an attorney present. As a security researcher he knew that better than most. It doesn't matter what you say. It doesn't matter if you're innocent. It doesn't matter if the charges don't make sense. They aren't looking for clarification; they are looking for incriminating statements. That's the whole reason interviews go on for 5 hours. Their goal isn't necessarily conviction. Sometimes just tying you up in the prison and court system for 10 years is enough of a deterrent.

    1. Destroy All Monsters Silver badge

      Re: he should have known better

      "Earlier you said you gave up trying to infiltrate the cockpit from the IFES?"

  14. skeptical i
    Devil

    While he was noodling around,

    did he at least schedule better movies?

  15. Anonymous Coward
    Anonymous Coward

    If you're trying to warn people of the danger

    What was he supposed to do if they won't listen? A demonstration would be required. If he really did what he said, he provided that demonstration. He may end up facing jail time for it, but taking him to court would require proving what he attempted to do and what the effect was so it'll all come out unless his trial is classified. Even if it is it'll force those who have access the transcript in the FAA to quietly force changes that fix the issue.

    Now I would hope no one is stupid enough to have ANY sort of interconnection between the avionics and in-flight entertainment systems, but despite those who just cry 'impossible!' without listing some heavyweight industry credentials in the matter other than what "five minutes of research on the internet told them" I can easily see how this would happen.

    Here's how: when the airlines first added the screens one of the first things it could do is show the plane's position. Now there are many ways to accomplish that, but the easiest from a software perspective is to tie it into the avionics system and have it grab the info there. The developers would argue it is fine because "it is just a single API for a read-only call that is exposed" or "there will be a requirement of a firewall between the two systems". We all know what those precautions are worth in the real world, but many developers seem ignorant of the facts of software bugs.

    1. anonymous boring coward Silver badge

      Re: If you're trying to warn people of the danger

      "What was he supposed to do if they won't listen? A demonstration would be required."

      Yeah, right...

      Messing with an airliner doing some 500 knots 10km above ground, full of people, and indeed the hacker himself, is just a really great way to make a point.

      Spiralling unintended (to this idiot, unknowable) consequences could have brought the plane down. Or the flight might have been re-routed due to technical issues at great expense and inconvenience.

      He is probably full of it though. If not there should be a log of the un-commanded engine surge.

  16. Anonymous Coward
    Anonymous Coward

    No Highway in the Sky

    Remember Theodore Honey!

    1. I ain't Spartacus Gold badge
      Happy

      Re: No Highway in the Sky

      He at least had the good sense to wait until the plane was on the ground, before risking destroying it...

  17. CaptainBanjax

    lol

    What? This is bollocks.

  18. Mrg9999

    Put this loon on a no fly list now!

    Had he lodged his ipr with a lawyer or demonstrated this in a simulator, I'd praise the man. To play with sensitive avionics during a flight, is like sawing the branch on which you are perched. I've met this guy at Blackhat and Defcon, and he's not adversed to break the law to gain access to places.

  19. wolfetone Silver badge

    Does this mean Ryanair flights are safest, as they have no on-board entertainment other than that crappy paper magazine?

    1. Anonymous Coward
      Anonymous Coward

      "Ryanair ...no on-board entertainment other than that crappy paper magazine?"

      That's not a magazine, that's just the adverts on Ryanair toilet paper.

      Anyway, you can't interfere with Ryanair control systems unless you physically crawl into the wing space and start unscrewing the Bowden cables.

      1. klempie

        Re: "Ryanair ...no on-board entertainment other than that crappy paper magazine?"

        @Arnaut the less and @wolfetone.

        I've never been on Ryanair, but your withering appraisals are awesome.

        1. Anonymous Coward
          Anonymous Coward

          Re: "Ryanair ...no on-board entertainment other than that crappy paper magazine?"

          @klempie,

          I have been on Ryanair twice, and that's only because I booked return.

          I have also been in DC10s on the old Indian airlines, AeroMexico and a couple of other airlines with a novel approach to passenger satisfaction. But in no other case than Ryanair have I had the impression that the owners of the airline actually hate their passengers and would prefer to operate planes with neither cabin crew nor passengers on board, while still getting paid (presumably by some EU fund).

          1. fajensen

            Re: "Ryanair ...no on-board entertainment other than that crappy paper magazine?"

            Ryanair would prefer to run the planes without crew and auction off the pilot seat - if they could get insurance cover for the passengers and the plane, they would do it too!

            I speculate that the people who like Ryanair are authoritarians, who gets pleasure out of "knowing the rules" (and the hideous web site) well enough to avoid getting stuck with some scam / fee and knowing that the crew is paid less than the average PFY working at McD.

            1. Vic

              Re: "Ryanair ...no on-board entertainment other than that crappy paper magazine?"

              the crew is paid less than the average PFY working at McD.

              Source?

              Because I was talking to a RyanAir captain a few weeks ago, and he was of a very different opinion about his remuneration.

              FOs don't do too well, of course, but the crew doesn't consist entirely of FOs...

              Vic.

  20. This post has been deleted by its author

    1. Shades

      Re: I am not an expert

      Unnecessary obvious title is obviously unnecessary.

      "I can modify the programming of my car door locks through the touchscreen"

      You mean you can change a user changeable setting included in the cars design by the manufacturer? I realise you're trying to illustrate that some systems can be and are interconnected for convenience but what you are describing is far from "modifying the programming", you're simply changing a manufacturer included user changeable variable that tells the programming to perform a different, but predefined, function. What (allegedly) happened on the plane is, to continue the car theme, akin to hacking the cruise control via the USB port of the cars entertainment system and then making the car accelerate.

  21. Amorous Cowherder
    Facepalm

    Desperately suspending disbelief at the whole story for a second ( no easy task ) , he wants to get famous for proving he can screw with the avionics of a plane he's riding is. He's risking his and lots of others lives, plus many more on the ground. Hmmm. If this even had a shred of truth to it, how's he going to get famous a researcher, posthumously?!

    Do me favour! Best April Fools I've heard in ages!

  22. Anonymous Coward
    Anonymous Coward

    We *think* we know its impossible. But unless you are a design architect for that specific avionics company, you can't know that the appropriate firewalls, seperation of systems etc has been done properly. However I can reflash parts of my car ecu from the usb socket (in fact I have...). I am pretty sure renault never intended me to do that as its unlocked some pay for extra features for free.

    It would not be the first time for some beancounters to override design in a drive to reduce costs. Or the wrong lead architect to be employed for various reasons then a case of emporers new clothes set in. So, deep investigation to make sure they haven't done the insane thing.

    If he screwed with the craft in flight, he needs a lesson involving jail time. If he is merely saying its possible to do in flight to garner attention for what he sees as a risk and this has been misrepresented by the federal agent as seems to be the case, then no.

  23. Anonymous Coward
    Anonymous Coward

    I used to work in the IFE industry many years ago and there was no connection at that time between the two systems. I realise that time and technology have moved on but the last person I spoke to in the industry said that the systems are still totally separate and as someone said earlier they only share a power supply. He should never have done anything to any system on a plane as some people rely on the IFE to help with their fear of flying. If he had genuine concerns he should have approached the FAA and spoken to them about it. They can communicate any problems with systems to the manufacturers, airlines, suppliers etc. He should not have done what he did which will panic some people unnecessarily - my mum being one of them.

    1. Cynic_999

      "

      ... the last person I spoke to in the industry said that the systems are still totally separate and as someone said earlier they only share a power supply.

      "

      Not even the last is necessarily true. Large aircraft have at least 3 completely separate power busses, and the IFES is probably only connected to one of them. All critical systems are capable of switching to another bus (either manually or automatically) should the one they normally run on fail (though cascade failures have happened in unusual circumstances).

  24. MacGyver

    Until I hear from an expert..

    Seriously, what did he do, add an extra line to the engine-thrust.ini file under "c:\windows\system32"? I'm no electrical engineer, but I'm pretty certain that the engine does not have a cat-5 jack that you can send URL-based thrust instructions to, nor do I think the they send control data across the same VLANs as the in-flight entertainment (if they are even using IP for that data at all and not some manufacture specific control language).

    Do I think he looked up on-line how to enter "diagnostic mode" on the in-flight entertainment, probably, do I think it got him anything other then free pay-per-view, no.

    I'm open to a real engineer telling me how wrong I am, but I would hope that a multimillion dollar plane has better security safeguarding the lives of 200+ people than an 1999 Xbox has at blocking copied DVDs.

    1. Destroy All Monsters Silver badge
      Holmes

      Re: Until I hear from an expert..

      Pretty much this. The design criteria that go into a home router with multimedia storage (cheap and nasty and everything on the same cable) are NOT the same as those that go into a plane (unless there is a war on and most of the capital infrastructure can no longer deliver), even if people get that impression from watching too much Navy CSI or whether crud fills the screens these days.

  25. Anonymous Coward
    Anonymous Coward

    A life in denial...

    That's what the US seem to practise most of the time.

    Whistleblowers are put away rather than dealing with the issues they blowed the whistle on in the first place.

    White hat hackers, who are pretty open about it, get nicked and charged for exposing evident security flaws which could endanger lives of many innocent civilians. (Well, if anybody is still considered innocent in the US, that is)

    What about all the polititians, agency staff, manufacturers? Why can they get away with what they do and, more often than not, fail to do? Why is it that the people in charge are never held accountable?

    Do the US believe they can silence those who disclose wrongdoing and neglicence and then simply deny the issues at hand even exist? Didn't work out too well for communist dictators, did it?

  26. JaitcH
    WTF?

    Why would ANYONE believe a word the FBI says?

    The FBI has, over the years, established a record of embellishing and misinterpreting technical matters.

    Given that lying to the FBI, in their own opinion, can get people jail time it is best to say "I want a lawyer" at which time they are supposed to not be questioned any further.

    Don't crooks watch TV crime shows any more?

    1. Anonymous Coward
      Anonymous Coward

      Re: Why would ANYONE believe a word the FBI says?

      "it is best to say "I want a lawyer" at which time they are supposed to not be questioned any further."

      Based on revelations about events in Chicago that's probably the point at which you get rendered to a windowless warehouse where you get rendered into pulp. We know know that the US has more gulags than just Guantanamo.

  27. Nash

    the 11'th commandment....

    ...."Thou' shalt' not get caught"

    he bragged, he posted, he mocked - he now be in trouble

    if he had reported it PROPERLY to the airline - all would have been OK.

  28. Shaha Alam

    security research is serious business

    I call upon all nations to do everything they can to stop these security researchers. Thank you. Now watch this drive.

  29. Brandon 2
    Alert

    i can smell it from here

    ... and no, I'm not talking about what the "Rock" is cookin... I'm talking about the bullshit. I can think of more than a few people that stand to profit from a claim such as this, and they all reside in DC. Self-inflicted problems lead to contracts and public $$$ to solve them... aka, standard operating procedure inside the beltway.

    To paraphrase from an old favorite of mine, if you can hack a plane's controls and make if fly sideways (quite the accomplishment for even the best pilots) from the infotainment system, "... then I am mickey MOUSE!!"

  30. Anonymous Coward
    Anonymous Coward

    So much for all of the...

    ...assurance that these systems could not be hacked or messed up by personal electronics. Now maybe the plane makers will take electronics security more seriously.

  31. Flatscissors

    Highly Unlikely

    I spent ten years working on avionics hardware and software.

    And whilst I'm not saying everything is rose-coloured, I do find it very difficult to believe that the aircraft dynamics can be affected via the in-flight entertainment system network (not that it isn't worth checking periodically that this remains the case).

    The control network and in-flight entertainment networks are very distinct and very different. They use very different technologies, and have very different strategies to ensure responsiveness and reliability. There certainly used to be air gaps between them, and if not air-gaps these days, the very different physical and transport layer technologies would, I understand, make it very difficult to actually connect the two kinds of networks. Regarding wireless comm's whilst there are radio data links between the aircraft and the ground, these are not accessible except by means of specific hardware complying with various ARINC specs and even then would be unable to affect the control systems directly.

    As for flying sideways, most planes fly sideways to some small degree most of the time. If the air mass isn't moving exactly along the aircraft's longitudinal axis, then there will be a (probably small) velocity vector component at right angles to the longitudinal axis of the aircraft. So in a small way, in order to navigate to it's destination, it will in a sense be flying mostly forwards and at the same time a little bit sideways (and probably with some up or down too).

    Finally, the process of going from white-sheet to delivered system, in high-integrity systems development, is very different from other areas of software development. The main effort is much more focused on correctness, determinism, fault detection, redundancy, graceful degradation, reliability etc,, than is true in other software development activities, so the existence, of stinky code in many areas of software development is, in my experience, a much less extant problem than in the avionics industry.

  32. cordwainer 1
    Boffin

    Those interested in a more technical discussion by commercial aviation professionals....

    Might want to visit the Professional Pilots Rumor Network at pprune.org and read the following threads in the PPRuNe Forums:

    PPRuNE Worldwide > North America > "Hacker turns a/c"

    Flight Deck Forums > Tech Log > "pax wifi networks again..."

    Note: PLEASE LURK ONLY. PPRuNe is not an amateur or enthusiast site. As its name implies, it is a forum primarily for professional pilots, commercial air crew, and others who work in commercial aviation. Except in the Misc. Forums, comments by "outsiders" are discouraged and generally unwelcome. Profanity, personal attacks, name-calling and flames are prohibited. The rules are enforced via deletion of comments and, often, the commenter's account. Also, ignorant questions are poorly tolerated or ignored, so be prepared to look up for yourself any terms or acronyms you don't know.

    But if you're willing to make the effort, pprune.org is one of the best sites to hit for reliable information, competent analysis, and intelligent theorizing, whenever there is any kind of air-related incident in the news.

    1. Anonymous Coward
      Anonymous Coward

      Re: Those interested in a more technical discussion by commercial aviation professionals....

      "pprune.org is one of the best sites to hit for reliable information, competent analysis, and intelligent theorizing, whenever there is any kind of air-related incident in the news."

      PPRUNE's best for technical discussion and small incidents. For anything of serious public interest (MH370 style), the signal to noise ratio becomes awful, which is a shame.

      "ignorant questions are poorly tolerated or ignored"

      Partly because in recent years 'journalists' have been feeding off PPRUNE. Not good to ask journalist-style ignorant questions.

      Also bear in mind that a pilot is a pilot, an aircraft maintenance person is an aircraft maintenance person. They do what they do. They're not avionics or IFE (etc) systems designers, they are users and operators and (to an extent) fixers of these systems.

      There may be some avionics or IFE people contributing to PPRUNE. They're in a small (very small?) minority.

  33. Hans 1

    Wired article is MUCH better!

    http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/

  34. Anonymous Coward
    Anonymous Coward

    FUD

    In a word, No. This is all wild speculation by the media and FBI, who learned their trade from Microsoft. Upvotes to those above who actually understand avionics systems and recognize the utter gibberish being spouted my most.

    Why yes, I do know something about IFE and on-board satellite internet systems. The avionics buses they get data from don't talk IP, and it's fairly difficult to make an interface chip that's only designed to read data from a bus suddenly write data back to it, without the use of a soldering iron.

  35. Sokolik

    Questions...up to you which is serious

    Too lazy to search all the comments, so probably these issues already have been discussed. If that's the case, sorry, move along, nothing to see here.

    1. UA responds with an invitation for white-hats to hack its *website*? Did I get that right? If so...WTF?!?

    2. Is the suspect licensed to pilot large, multi-engined a/c?

    3. Police, police. Every bureaucracy loves to have its own police. FBI is leading the investigation, so, FAA has not its own police? If so, *for-shame*!

    4. Finally, next time...Aeroflot.

  36. Uberseehandel

    Get Real

    Fly sideways.........." says who?

    Short of an aircraft with vectoring thrust, or a rotary, I can't think of a way to make a plane fly "sideways", The closest I know of is a sideslip, which requires bank (ailerons) and top rudder, ie all crossed up. Bank so that one wing is "down" and apply the rudder to the opposite side, so starboard wing down and rudder sticking out to port.

    Increasing the thrust of one engine or decreasing the thrust of another will make the aircraft turn towards the side with the least thrust.

    in order to discredit all those who are opposed to a free charter for government snooping and mandatory encryption backdoors, certain agencies will plumb any depths to create FUD amongst the general populace, Nobody who knows about flying or flight systems believes what has been said, or is alleged to have been said. But faced with some influential, knowledgeable and hostile congressmen, the Feds (for want of a better term) are crying wolf. As far as the "perp" is concerned, the term naive springs to mind, or is it dork?

  37. mrvco

    Considering accessing the flight control systems through the in-flight entertainment system has been suggested as a real possibility since before the disappearance of the first Malaysian Airlines flight... I guess he felt that this sort of exhibition (or claim thereof) was required to get someone to finally take the possibility seriously.

  38. Cynic_999

    I don't believe a word of it. Even the terminology is wrong - an engine is not commanded to "climb" it is commanded to increase thrust. While an ab-initio private pilot flying visually will be told to control altitude with throttle and speed with attitude (elevators), an auto-pilot works the other way around, controlling altitude with attitude and speed with thrust, so it would not be a terminology used in the system variables. It would however be good to get a definitive statement from the aircraft manufacturer that there is no possible way to affect the flight control system via the IFES.

    OTOH the creation of an imaginary "threat" is always lucrative business for companies who make a living from "security", and is even more profitable when the threat is not real, because you can then sell any snake-oil you like and truthfully claim that after implementing the "solution" there will be no threat.

  39. Henry Wertz 1 Gold badge

    Similar comments...

    I have similar comments to others...

    a) If he had been hacking flight control systems in flight, throw the book at him. This is just dumb.

    b) "That last sentence is a major point, i.e., that even ATTEMPTING to tamper with actual flight controls is a crime. So is CLAIMING you've tampered with a plane, or passenger safety, whether you did or not." Actually, per the last sentence, claiming it is not illegal at all; that doesn't mean you won't be investigated to see if you really did it or not, which is what is happening now.

    c) I do seriously doubt the in-flight entertainment system is tied into anything other than the power. First, I think they have the common sense to not tie systems together unnecessarily (airplanes have higher safety standards than cars, where the car cos have occasionally stupidly thrown everything on one bus). Second, airlines are obsessed with weight, they wouldn't want to tie things together due to weight and cost either.

    1. Bleu

      Re: Similar comments...

      Tieing things together reduces weight, I have no idea if this tale is true or not, I suspect it is, that there is an idiotic trend to tie all systems into a common network is undeniable.

      Maybe it is all just disinfo, but I do not think so. Read the article on Wired.

  40. Bleu

    Un-fucking-believable

    Having the hacker spirit myself, this chap sure pushed it a little too far. He is wealthy, I think a large fine and community service in the form of teaching and a bit of menial work would be fitting.

    The central point, though, is WTF are the system designers thinking to put the flight control, entertainment, and everything else on a common system? It is hard to believe they are so stupid, but it seems they are precisely that stupid.

    I am barely able to believe it, but it appears to be so.

    Why connect everything to everythimg else in such a dangerous way? It is insane!

    1. Destroy All Monsters Silver badge
      Holmes

      Re: Un-fucking-believable

      Why connect everything to everythimg else in such a dangerous way? It is insane!

      Can you explain why you believe any of this?

      Do you also believe no planes rammed the WTC?

  41. Bleu

    I would wager

    that only certain recent Boeing aircraft feature this idiocy. It strikes me as very odd that *none* of the several articles I've read about it mention the model of aeroplane concerned.

    1. Uberseehandel

      Re: I would wager

      Maybe the articles are written by people who haven't a clue. After all, nobody has questioned the claim that the aircraft was made to go "sideways". its patent nonsense.

  42. Anonymous Coward
    Anonymous Coward

    Serge Humpich

    Serge Humpich and the chip credit cards all over gain. Jail the whistle blowers I say!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like