back to article FBI alert: Get these motherf'king hackers off this motherf'king plane

The FBI is warning airlines to keep an eye out for miscreants hacking airplane computer networks mid-flight. The alert – privately circulated today by the FBI's InfraGard program – claims hackers may or may not be able to take over a plane's navigational system via the in-flight entertainment (IFE) system or public Wi-Fi …

Page:

  1. Yet Another Anonymous coward Silver badge

    Either

    You know they can be compromised - in which case pull their airworthiness certificate now and ground them all. Or they probably can't in which case why arrest the guy for suggesting they can?

    Unless of course your intention was to stop people discussing the question - but the FBI would never engage in that sort of behaviour.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Either

      This is also the same FBI that thinks North Korea hacked Sony Pictures.

      C.

      1. Anonymous Coward
        Anonymous Coward

        Re: Either

        NSA told 'em so

    2. Christoph

      Re: Either

      "Your systems can be hacked"

      Nonsense! Our systems are perfectly safe!

      "Hey, I'll hack your systems! :-)"

      Arrest that terrorist!

      1. Yet Another Anonymous coward Silver badge

        Re: Either

        They arrested a drunk guy for trying to open a door inflight - with about 5ton of air pressure on the door that is somewhat impossible.

        So presumably if you stick pins in airfix models of a plane you can be charged with terrorist attempts to destroy it with voodoo.

    3. Anonymous Coward
      Anonymous Coward

      Re: Either

      True but...

      The whole point of hacking for many people is the challenge of finding a way into a seemingly impenetrable system...no system can ever be considered to be safe forever, it's only a matter of time.

      So if someone says they found a way should you ignore them if they threaten to mess about with the EICAS?

      It worked for Jeff Goldblum in Independence day :-)

      1. Richard Taylor 2

        Re: Either

        And Jeff was also using a Mac (see photos)

    4. Anonymous Blowhard

      Re: Either

      "Or they probably can't in which case why arrest the guy for suggesting they can?"

      I hate the use of the word "probably" in aircraft safety statements e.g. "the plane probably won't crash" or "the in-flight meal is probably inedible", but I think the point you're trying to make is that the IFE system is either completely isolated from the flight control systems (so you're safe from in-flight hackers) or they aren't (so you're relying on some kind of network security to keep you out of gravity's cruel clutches).

      1. Yet Another Anonymous coward Silver badge

        Re: Either

        Boeing's definetly isn't isolated, the FAA statement says that they rely "on firewalls and other software devices". But is typical US/UK government fashion, you don't have them fix it - you just threaten anyone who points out the flaw.

        In fact the NTSB are probably terrorists for pointing out why planes crashed - we should arrest them.

        1. Anonymous Coward
          Anonymous Coward

          Re: Either

          What genius actually thought it would be a good idea to connect flight systems to those accessible by passengers anyway, and what possible advantage did they think existed in doing so? All the more surprising given how twitchy they get over phones etc being on during critical phases of flight.

          1. x 7

            Re: Either

            "what possible advantage did they think existed in doing so?"

            1) weight reduction

            2) fewer components = less maintenance = fewer points of failure = better reliability

      2. Trigonoceps occipitalis

        Re: Either

        "gravity's cruel clutches" ain’t the problem, it's the edge of the air you should try to avoid.

    5. Anonymous Coward
      Anonymous Coward

      Re: Either

      Given recent events (MH370 and Germanwings Flight 9525) it looks like the real security issue could be those two front seats.

      1. VBF

        Re: Either

        Which has always been the case!

  2. Sgt_Oddball

    oh hell....

    Just about every time I fly long haul on klm I manage to get their in-flight system to show me tux.

    Would watching the system restart be enough for them to have a fit? (sadly the controller doesn't work until the damn things fully restarted, usually after 10-15 mins of painfully slow load up messages)

    1. Phil O'Sophical Silver badge

      Re: oh hell....

      painfully slow load up messages

      Including hundreds of missing modules, undefined symbols, etc. It works after the reboot, which shows that the missing crud isn't needed anyway. I'd really hate to think that any system which was that crappily assembled and tested shared more than a power cable with the actual avionics.

      1. AdamT

        Re: oh hell....

        I used to work with someone who had formerly worked on fitting out customised private jets - "client wants a diamond encrusted plasma TV that rises out the footboard of the bed", etc. etc. I think the actually restrictions were even tougher - they couldn't even share a power cable with the avionics. Obviously at some point there must have been some interaction but the point was there had to be no feasible way that any failure of the entertainment kit could have any impact, no matter how tiny, on the actual flight systems. I think he left because jumping through all those hoops took the fun out of the "how do I diamond encrust a TV?" aspects of the job ...

  3. Kevin McMurtrie Silver badge
    WTF?

    - Witness aircraft commands traveling to passenger seat

    - Don't interfere with flight

    - Land safely

    - Joke about poor security

    - Get arrested?

    1. Sebastian A

      I think it's more of a case of

      You make us look like idiots, we'll take your stuff.

      Typical playground bully behaviour.

      1. Will Godfrey Silver badge

        Re: I think it's more of a case of

        You show people that we are idiots, we'll take your stuff.

        Typical playground bully behaviour.

        FTFY

  4. DiViDeD

    So now we know where the TSA gets its intelligence

    I just thought it funny that this very subject (too close integration of avionics and IFS) was discussed in detail a couple of weeks ago on Off The Hook, with the general conclusion there needed to be some fieldwork done before the airlines would take notice, and Lo and Behold, fieldwork!

    Like the comment above, if these systems are really so secure, why the 4 hour interrogation? Unless of course (perish the thought!) they were built down to a price.

  5. Destroy All Monsters Silver badge
    Holmes

    Just FTW.

    The further along from 9/11 this ride with no brakes on the rape train goes, I'm increasingly going FTW.

    It started with FTW from Anthrax attacks, FTWed-out on random unmotivated attacks on Afghanistan by President El Shrub, over-FTWed when Iraq was bombed to smithereens for the 100-th time since president Klingon went full retard after enjoying his interns (by the same El Shrub), FTW²ed when colored President Bendy-Wendy-Spine blew up Libya and FTW-ed out relentlessly when ISIS finally was internationally recognized (no, wait ... am I going too fast here?)

    The sad thing is that people born in those FTW times will never have seen anything else and will think this is situation normal. As bad as being born into some kind Orwellian fantasy with added asshattery and dumbfuck stupidity.

  6. bazza Silver badge

    May or May Not...

    The alert – privately circulated today by the FBI's InfraGard program – claims hackers may or may not be able to take over a plane's navigational system via the in-flight entertainment (IFE) system or public Wi-Fi network.

    The only reason for there being any doubt in the matter is if there is some sort of electronic connection between the IFE and the flight control systems, and it relies on firewalls, protocols, etc. (and not air gaps) to prevent a hack taking place.

    The only reason that connection exists is because the manufacturers wanted to do that (and were allowed to by the regulators [FAA, CAA, etc]), because it was cheaper. Penny pinching.

    If the regulators had said no, they must be air-gapped, there would be absolutely no doubt at all. A hack would clearly be impossible via a seat IFE port.

    Instead we have a situation where no one can really say for sure whether there is a problem or not. The people charged with keeping us safe are always going to 'er' on the side of caution. Meanwhile the people who can answer the question aren't going to be allowed to do so. That's because the law enforcement guys know damned well that if the answer is yes, a hack is feasible, that knowledge will leak out. And if that happens then chaos will ensue.

    Law enforcement types might try and find the answer themselves, but they'd need a huge amount of extra resources. And they might just discover that the dreaded answer is 'yes', the knowledge that no one wants to have. And the worst is that they might never be totally sure of a 'no' answer.

    This is a totally predictable outcome stemming from a poor design choice made by manufacturers seeking to save a few dollars / euros, and it's going to cost us millions. Already has in fact. Some aged retired avionics engineer somewhere (not me) is sat at home right now feeling somewhat vindicated and smug, and contemplating phoning his old boss to say, "told you so, you prick".

    Pound foolish idiots.

  7. Paul Crawford Silver badge

    Really? I thought Boing, etc, assured us all that there is NO POSSIBILITY of in-flight systems being connected to the critical aircraft systems and thus leading to vulnerabilities.

    Are you telling me they lied about this? When are Boing, Airbus, etx, going to be arrested and prosecuted for recklessly exposing critical systems to danger?

    1. bazza Silver badge

      We (the general public) don't know for sure.

      If there were an air gap between the two systems, or a physical data diode (single fibre optic core, guaranteed one way) then it is easy to be very sure indeed. The fact that there seems to be some doubt is not encouraging...

      1. Anonymous Coward
        Anonymous Coward

        Doubt kills

        The fact that no one knows for sure is indeed disturbing. It's like saying no one really understands where all the wiring is located in a Boeing 787 or what it actually does. Not terribly re-assuring. Do they still employ full time aircraft engineers in Seattle these days or are they all working on zero hour contracts?

        Honestly, what sort of anal pore would connect an on-line entertainment system to the same physical segment as a mission critical network?

        Could it be the same jackasses who recommend companies like Boeing buy all their critical electronic components from the Dollar Store and Ali Baba?

        Dr Clueless and the Bean Counter Brigade?

        Mystery solved, and my next trip is by train.

        1. x 7

          Re: Doubt kills

          " The fact that no one knows for sure is indeed disturbing"

          The fact is that no one [i] on this forum{/i} knows. If you went to http://www.pprune.org and asked there, you'd get a definitive answer very quickly

          "and my next trip is by train"

          I suggest you rethink that.......on a modern train such as a Virgin Voyager theres one central databus which carries the train communications, passenger wifi, arrival display, tilt control, remote control for the power systems.......everything in fact. A nice tempting target.

      2. Yet Another Anonymous coward Silver badge

        But then you would need a separate GPS receiver to feed the moving map display on the seat back. These things could cost $10 - it's much easier and cheaper to just have the map display connect to the aircrafts navigation system

        1. bazza Silver badge

          But then you would need a separate GPS receiver to feed the moving map display on the seat back.

          No, all you would need is a data diode between the flight control network and the IFE system. These are fairly standard items, and generally rely on a single core of fibre optic to get a guaranteed one way flow of data (it's physically impossible to send any bytes, data or instructions back the other way). With one of those in place you can send any data you like to the IFE system, and there's no way anyone can do anything to harm the flight control system.

          There may indeed be one of these in place and the whole fuss is based on ignorance on the part of the FBI, the traveller, the hacker, etc. If that were the case it would be easy to dispel by publishing that part of the design.

          The fact that they've apparently not done so suggests that there isn't a data diode, and that there is rather more electronic connectivity than is desirable, and the safety depends on some protocols, firewalls, etc. Proving that they're correct is a near impossible task. Proving them to be inadequate is easier but "undesirable"...

          1. JeffyPoooh
            Pint

            bazza: "...generally rely on a single core of fibre optic to get a guaranteed one way flow of data (it's physically impossible to send any bytes, data or instructions back the other way)."

            If you have an LED on one side, and a phototransistor on the other, with an air gap in between, then that in itself guarantees the 'diode' unidirectionality. Unless you think that phototransistors can emit light to be detected by the LED. So what's the fibre got to do with it?

            Me thinks you are confused about the fibre bit. Some may include it if they want distance in the air gap.

            There are bulkhead mounted LED/Phototransistor devices. Fibre-free.

            1. bazza Silver badge

              @JeffyPooh,

              If you have an LED on one side, and a phototransistor on the other, with an air gap in between, then that in itself guarantees the 'diode' unidirectionality. Unless you think that phototransistors can emit light to be detected by the LED. So what's the fibre got to do with it?

              Oh, the fibre doesn't of itself provide any one way-ness, it is as you say the lack of a light emitter at the other end that gives that.

              Data diodes use a single fibre optic because that way you can get a high data rate too, and simply looking to see which end is emitting light is a convincing and unarguable test of the data diode-ness. There's also the point that you can easily implement it using standard-ish kit (eg fibre ethernet cards, or sFPDP) which is a lot cheaper than building your own through air high speed data link.

              1. JeffyPoooh
                Pint

                You just buy an optoisolator for a few cents. LED and detector in one 8-pin DIP package.

                If you need E3 isolation for some reason (in a teapot), buy the bulkhead mounted version for $20.

    2. nematoad
      Happy

      "When are Boing, Airbus, etx..."

      Boing? Are they making aircraft now? I thought it was pogo sticks.

      You probably meant BOEING.

  8. VinceH
    WTF?

    I'm confuzzled

    If his gear was all seized, how did he tweet a photograph of it to say so? Wouldn't they have taken his phone as well?

    1. Matt Bryant Silver badge
      Facepalm

      Re: VinceH Re: I'm confuzzled

      "If his gear was all seized, how did he tweet a photograph of it to say so? Wouldn't they have taken his phone as well?" Which suggests the pic was taken in advance of what was a big baiting exercise to draw publicity. He probably had one of his mates send an anonymous tip about his "joke" just to make sure he got arrested. TBH, the sooner all the airlines blacklist and ban such idiots the better.

      1. Anonymous Coward
        Anonymous Coward

        Re: VinceH I'm confuzzled

        " Wouldn't they have taken his phone as well?"

        They did, but gave it back to him and kept everything else, (according to a news report at the time).

  9. Spaceman Spiff

    Yeah, like most people would know when a hacker was hacking a plane's infrastructure? Get real! "Attendent, that man is writing software on his laptop! Maybe he is taking over the plane controls?" Give me a break! I write software on planes all the time. Most people have no clue what I am doing. Am I trying to hack the plane? Not likely. Usually I'm trying to solve a problem for a client or my company.

    1. Anonymous Coward
      Anonymous Coward

      working on planes

      Is a sure way to get your P45/Brown Envelope in my company.

      Even talking shop is frowned upon.

      You really do not have any privacy.

      Who knows if that competeitor has an employee on the same flight?

      Could they be sitting in the row behind you?

      Could they be watching your code be entered and even tested?

      You just don't know do you? So why take the risk?

      Careless Laptop use costs jobs!

      I have garnered all sorts of information from fellow travellers. Once I used it to stop a company being screwed by a Gov Department who were revelling that they were going to force the company to make a loss on everything they sold to 'The Man'.

      What do I do on flights?

      Read, Sleep, listen to Music. Sometimes I think about the trip I'm on. Visible work? Never.

      Just be another cow/bull in cattle class.

      1. Anonymous Coward
        Anonymous Coward

        Re: working on planes

        Having worked on security-cleared contracts before this is/should be best practice. You really have no idea what's around you.

        1. Paul Smith

          Re: working on planes

          Preparing a powerpoint sales pitch with big bold key points designed for simple minded managers to read and comprehend might not be the brightest thing to do in a public place, but cutting code? Seriously? When I used to code in C it was considered cool to able able to cram as much code into as little space as possible, but even I was never able to get enough for an even a slightly non-trivial program onto the confines of a laptop screen. I think you are perhaps taking commonsense past the point of paranoia and into the realm of stupidity.

  10. seacook
    Facepalm

    Connection UNDER my seat not infront of it?

    I think I would look suspicious crawling around on the floor trying to find the correct attachment point.

    Does anyone know what adapter type may be required? Or is USB enough; not clear from the article :-)

    Ohhhh - should only be discussed in a hacker forum.

  11. Anonymous Coward
    Anonymous Coward

    To be fair...

    Whether he could hack the plane or not is irrelevant.

    If someone came on board and said he was going to blow up the plane with a bomb, you might reasonably expect a similar reaction...

    So my take on this is that as a 'security professional' this douche should know better than to make threats...

    mucking foron.

    1. Jamie Jones Silver badge

      Re: To be fair...

      He should have known that in these facist times he shouldn't have made that joke... but if you think that is a threat, you must be shitting yourself everytime you leave your cosy bed!!

      1. Anonymous Coward
        Anonymous Coward

        Re: To be fair...

        Sorry...maybe I missed something here...did he tweet "THIS IS A JOKE...IGNORE IT" or did he threaten to mess around with the oxygen?

        Is he a security expert who has been claiming for years that planes are hackable, or is he "fat bloke from the pub"?

        The guy threatened the security of the airplane..I would hope that given recent intentional crashes/disappearances that anyone over the age of 6 would realise how completely stupid this sort of behaviour is.

        Call it fascist times if you want...but if following a plane crash a tweet like that turns up and it turns out to have been ignored...what sort of comment would you post then?

        1. Steve Davies 3 Silver badge

          Re: To be fair...

          US Officialdom does not have a sense of humour. They ALL have it surgically removed when signing up for their job.

          So don't even try to make a jobe with them. It will fall flat on its face and could even lead to more charges against you.

          This is how a simple traffic stop could end up in you being killed for no good reason.

          "He argued with me by saying that he wasn't doing 37 in a 35 zone. So I took that as resisting arrest. When he didn't stop talking I shot the perp."

          "Well Bubba, that looks like another star for your patrol car door. That is a good kill."

        2. Anonymous Coward
          Anonymous Coward

          Re: To be fair...

          Call it fascist times if you want...but if following a plane crash a tweet like that turns up and it turns out to have been ignored...what sort of comment would you post then?

          I dont know about anyone else, but I'd post "Oh my god, all those poor people - what an evil person to have done that."

          I wouldnt be ranting about why officialdom overlooked a tweet.

          The bigger problem is that 99.9999% of the time it will just be a joke and the public fear of a BadThing happening means that resources will be diverted to investigate said joke. I am sure the FBI would have been better off using its agents to investigate real crimes rather than this.

          The internet (especially twitter) is not a magical place. We shouldnt shit bricks even more because someone says something on it. If I am in the pub and I say "my wife is driving me up the wall, I could kill her," I wouldnt expect this to be taken seriously so why should it be the same if I tweet this? Same with this guy. He made a tweet. Nothing happened.

          The terrorists arent just winning, they have won. They dont even need to spend 10p to terrorise people.

          1. Anonymous Coward
            Anonymous Coward

            Re: To be fair...

            If I am in the pub and I say "my wife is driving me up the wall, I could kill her," I wouldnt expect this to be taken seriously so why should it be the same if I tweet this

            What if you are loading the shotgun when you say it?

            Or maybe the dork tweeted it from his etch-a-sketch, rather than a device that has networking capabilities...

          2. Matt Bryant Silver badge
            FAIL

            Re: AC Re: To be fair...

            "....The bigger problem is that 99.9999% of the time it will just be a joke and the public fear of a BadThing happening means that resources will be diverted to investigate said joke....." In your rush to righteous rage you seem to have overlooked the deterrent effect - by slapping this idiot hard they dissuade other idiots from following in his footsteps, actually saving time, resources and money in the long run.

    2. chivo243 Silver badge

      Re: To be fair...

      Two rules to live by:

      1. Never shout fire in a crowded theater.

      2. Never say there is a virus on the network.

      1. hplasm
        Happy

        Re: To be fair...

        "Two rules to live by:"

        What if there IS a virus on the network?

        Or do you mean 'Don't say it 3 times' sort of thing?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like