What started with a tweet from an airplane seat in flight has boiled over into a heated debate and serious concerns over taking security research too far when public safety is at risk.
The FBI has charged in an affidavit that security researcher Chris Roberts, managing director of One World Labs LLC in Denver, was able to hack into an aircraft's controls via the passenger WiFi network in midflight, causing the airplane to briefly climb and move sideways, or laterally.
But Roberts, who made headlines last month for a controversial tweet during a United Airlines flight on April 15 where he appeared to suggest that he would hack into the plane's controls, maintains that the live-hacking allegation was overblown. In an interview with Wired late last week, Roberts said that the paragraph in the FBI's affidavit was taken out of context and basically a misunderstanding of what he told them:
"That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can’t say anything about," he told Wired. "It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others."
Roberts told Dark Reading yesterday that his legal team advised him to refrain from commenting at this time. He has maintained all along that the main motivation for his research has been to better the aircraft security.
After his tweet from the United Airlines flight, federal agents barred Roberts from boarding a United Airlines airplane and confiscated his laptop and other equipment; speculation ran high that the action was due to his bold and ill-advised tweet. The plot thickened several days ago when the FBI affidavit, which was filed on April 17, was obtained and published by APTN National News and indicated that he had tampered with flight controls while a passenger. The filing also shows that the FBI in March had conversations with Roberts about vulnerabilities he had discovered in the in-flight entertainment systems (IFE) on the Boeing 737-800, 737-900, 757-200, and Airbus A-320 aircraft.
It was during those conversations that Roberts allegedly said he had "compromised" IFE systems with Thales and Panasonic video screens on seatbacks some 15-20 times between 2011 and 2014. He used an Ethernet cable to connect to the seat electronic box under the passenger seats.
Security expert Bruce Schneier says while it's unclear whether the FBI's statements of Roberts tipping a plane in-flight are accurate, if Roberts indeed was hacking a plane while a passenger, it was "a stupid thing to do," he wrote in a blog post yesterday.
"The real issue is that the avionics and the entertainment system are on the same network. That's an even stupider thing to do. Also last month, I wrote about the risks of hacking airplanes, and said that I wasn't all that worried about it. Now I'm more worried," Schneier wrote.
Roberts isn't the only security researcher who has studied airplane network vulnerabilities. Ruben Santamarta, IOActive, on April of 2014 revealed critical design flaws he discovered in the firmware of popular satellite land equipment that could allow attackers to hijack and disrupt communications links to ships, airplanes, military operations, industrial facilities, and emergency services. At Black Hat USA in August of last year, he explained possible attack scenarios exploiting those vulns, including how the plane's passenger WiFi network running Cobham AVIATOR 700 satellite terminals could be abused if an attacker were to gain control over the Satellite Data Unit or the SwiftBroadband Unit interface by taking advantage of the weak password reset feature, hardcoded credentials or the insecure protocols in the AVIATOR 700.
An attacker could wrest control of the satellite link channel used by the Future Air Navigation System (FANS), Controller Pilot Data Link Communications (CPDLC) or Aircraft Communications Addressing and Reporting System (ACARS), according to Santamarta's findings.
Santamarta says if Roberts experimented with a live flight, he crossed a serious line. "Roberts' claims need be carefully examined. Putting hundreds of lives at risk has nothing to do with security research," Santamarta told Dark Reading.
So are airplanes truly hackable from your seat? Experts say in some cases it's physically impossible, but in other cases, it's possible in theory.
"The ability to cross the red line between passenger entertainment and owned domains and the aircraft control domain heavily relies on the specific devices, software and configuration deployed on the target aircraft," Santamarta says. "Under my point of view, one of the main concerns are the SATCOM devices which are shared between different data domains. Therefore, this equipment might be used to pivot from IFE [in-flight entertainment] to certain avionics."
Santamarta says the plane's in-flight WiFi is "not a problem per se" and can be securely deployed such that the actual avionics network is safe.
There are four different domains on an airplane's network, he explains: the passenger entertainment and owned-devices domain, airline information services, and the aircraft control domain. "The SATCOM equipment is usually shared between different domains. It has to provide internet access for passengers but also air-to-ground communications for avionics," he says.
Santamarta says the avionics controls should be housed in the aircraft control domain and physically isolated from the passenger network domain. Unfortunately, that is not always the case on planes, he says. "Therefore, as long as there is a physical path that connects both domains, we can't discard a potential attack."
[Every security topic we research, everything we hack, every joke we make on Twitter, now, more than ever, has a quantifiable cost, researcher says. Read Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point.]
Whether Roberts indeed was able to pivot from the infotainment network to the airplane controls "is moot," says security researcher Don Bailey. The real issue is that increasingly networked systems, if tampered with, have public safety ramifications [and] are vulnerable.
"This industry has seen Windows XP systems controlling critical water dams, life-critical medical devices with unencrypted remote radio protocols, and automotive security systems directly connected to the Internet. The real issue isn't whether Chris accomplished this attack, it's the knowledge that the FAA, TSA, and other agencies aren't enforcing engineering companies to adhere to stringent security standards," Bailey says. "Because we all know, eventually, a breach of the entertainment system will result in a pivot to control systems. It's not if Chris made it happen, it's when someone else will."
So what now?
"Airlines cannot not rely on reactive solutions to detect attacks. The best way to avoid live attacks during a flight is analyze the security posture of the aircraft on the ground," Santamarta says.
He says the newest air-to-ground technology is a security challenge. It's best to be proactive about securing it, he says.
Even so, there's no reason to panic: "We should not be thinking airplanes are going to start falling down the sky if someone just presses a key in their laptop," Santamarta says. "Aircraft rely on redundancy to operate safely, [and] … pilots are well-trained professionals. It's not that easy."