Back to Squawk list
  • 35

Hacker on a Plane: FBI Seizes Researcher’s Gear

제출됨
 
The FBI seized equipment from noted security researcher Chris Roberts on Wednesday, alleging that Roberts may have tampered with the systems aboard a United flight to Chicago, based upon a tweet he made about purportedly being able to access the aircraft's EICAS system. Roberts denies the claim. (securityledger.com) 기타...

Sort type: [Top] [Newest]


tzollars
Y'all are overlooking the obvious, 737's have never had an EICAS system. “PASS OXYGEN ON” is a simple light activated via an electrical circuit in no way connected to a network! Therefore, this guy is seeking publicity and a contract for his vaporware.
Jack370
Jack370 3
Thomas, if that's true then this guy is about the dumbest hacker I've ever heard of and should be charged with threatening a commercial flight at the minimum.
But this hacker is closely monitored by the FBI because of his claims and it would surprise me if he is really that much of a quack.
tzollars
Jack, I don't know him, or any hacker. But if he had asked any Mechanic, Engineer or Pilot with 737 experience he would have learned they don't have EICAS as he directly claimed! He also could have learned that the relatively recent addition of WiFi to the aircraft means it is an isolated system with no interconnection with the aircraft systems. While there are digital data busses between boxes, they are not networked to anything with WiFi capability. Give Boeing Engineers some credit!
All I know is his claim was specific to 737's and their EICAS system and I know 737's don't have EICAS. I also know that "pass oxygen on" is a light message with a very simple, directly wired circuit. Therefore, I know he's full of shit. Res ipso facto.
Jack370
Jack370 1
Maybe this guy is a complete hack or maybe it was just his sense of humor but he was on his way to a security convention where he was scheduled as a speaker.
The technical specifics of what this guy is hacking through the wifi may have been obscured but the FBI is obviously taking it seriously.
It will be interesting to what the facts are that emerge from the investigation.
RECOR10
RECOR10 1
You are a spy trying to defer the attention away from the obvious hysteria that is so well deserved ;-)
jchen18
The obvious answer would be that the 737 does not have an EICAS systems. Even if it does, it is not necessarily a network. I highly doubt you can start messing with an EICAS without some serious action that will be noticed QUICKLY.
ZX1100F1
The guy made some bogus claims and the FBI seized the opportunity to check him out further, teach him a lesson and investigate his actual capabilities.
You cannot sit back in the passenger cabin of an airliner and gain access to the gear up in the cockpit via your laptop, although for some reason there are those that want people to believe otherwise.
joelwiley
NSA has long had ove-air content analysis capability. Has the FBI duplicated that or did NSA feed it to them?
RECOR10
RECOR10 2
As a conmputer person who has done forensic anlysis of networks for everything from Sar-Ox to HIPAA to County Govt's (clerks, courts, police)...the level of access to ISP's that "The Man" has is simply crazy. They can simply install something as basic as "WebSense" at an ISP and see every little thing you do. No hiding behind Tor (et al) or spoofing your MAC.

Want to do something illegal? Steal a device and DONT use a McDonals WiFi (as you will be on their cameras). No matter what you are on, or where you are at - they can find you if hey so wish.
joelwiley
As Gleaton's Law states "no matter how paranoid you are, they are always doing more than you realize"
aragogando
Before you start making judgements about what Mr. Roberts can or can't do from the cabin you should probably educate yourselves on the research that is out there in this field and what Mr. Roberts motives really are. I saw Mr. Roberts presentation two years ago at a security conference on this very subject and I can tell you his initial research had nothing to do with WiFi and everything to do with the fact that all of the planes critical and non-critical systems were interconnected. All of the research findings were turned over to the manufacturers at least two years ago and they have not fixed this.
joelwiley
Ignore the man behind the curtain! is not a valid security protocol. Neither is security by obscurity.
RECOR10
RECOR10 2
He should have called an hour before and let them know where he was going...oh, wait, that only works for gyrocopters...
WilliamBarnes
Typical ham-fisted approach I'd expect from US cops.
Why not research and investigate THEN act and detain and search.
MattHauke
Yes, the old let's wait and see approach has worked really good in the past. The guy tweeted that he was going to attempt to hack into the planes systems. What more research should the "US cops" have done?
Jack370
Jack370 1
Tweet: "“Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? :)”

Obviously this guy wanted to be detained or arrested in order to force the security issue. Hopefully something will be done about these vulnerabilities now instead of just ignoring the issues. The FAA should be contracting guys like this to fix the security problems.
Jack370
Jack370 4
They should check this guy out and if his claims are valid, simply turn off the wifi access until the problems are fixed. That has no cost to anyone except for reduced amenities. This guy claims that he can take over control systems thru the wifi and if there is any possibility of that, it needs to be addressed now and not later.

As for the FBI detaining him, hats off to the FBI for spotting that activity. It's not any different from someone threatening to hijack an airliner in flight.
thecohorts
I ask you; what control system can he take control of? What system is connected via satcom that is a vital system on a 737-800? ACARS? Every other system is controlled by onboard computers that are incapable of receiving commands via wifi or any other method other than direct interface.
Jack370
Jack370 2
The hacker claims that he can affect the status of indicators. While this is not direct control of the flight surfaces, it still constitutes taking over control of indicators with extremely serious implications. If he can do that, what else could he do?

It's not likely that this flaw was known when the new wifi systems were integrated and the security weakness need to be addressed sooner rather than later. wifi on commercial planes is a new luxury and if it's possible to interfere with anything in the cockpit it should be completely turned off until the problems are fixed.
DHRGOLF
For the no so much computer expert or for the computer expert as well, what about if a guy just simply say at loud in the middle of the flight, hey I HAVE A SCREW DRIVER IN MY POCKET AND I AM GOING TO FIDLE AROUND WITH THIS AIRCRAFT AND SEE WHAT CAN I FIND, AND THEN, WHILE IN THE BATHROOM YOU HEAR, I FOUND SOME WIRES THAT THINK CONTROLS THE PLANE SO IM GOING TO PULL ON THEM, what would you Do? Sitting while in the same flight with your family, even if you know or assume that critical flight controls do not go through the the bathroom, you know it's not good, or may do some damage that you were not expected., so may as well restricted until you are sure it is safe, just saying.........
thecohorts
Matt LaMay -1
Yet another "expert" feeding his pocket book off of the fear and ignorance of the general public (just read some of the comments on here.) There is no way to bring down a modern commercial airliner with a competent crew via wifi. The only thing this guy (or anybody else) would do is to screw up the wifi.
MattHauke
Because the general public should be experts on modern aircraft systems and computer hacking?
tzollars
No Matt, the general public shouldn't feel bad about their ignorance. However the news media should! They always trot out their "experts", who are generally pilots. Pilots are good to interview on the subject of flying, but are not the best to go to when the systems need explaining. Get a good Mechanic or Engineer from Boeing to make the public know this guy is a lying shitheel!
pjt008
A big part of "hacking" is "social engineering" - convincing people that you've done, or are able to, things that seem plausible, regardless of feasibility or ability. It's a great way to get attention, which is pretty much what he was looking for, and got - just maybe not the kind for which he hoped.
ebenz618
There may be an obvious answer to this but I don's see any scheduled 737 service into KSYR from Chcago. Only regional jets. CRJ, Embraer. UAL 737s connect with regionals in Newark. Possible that tweets originated while on the ground?
egnilk66
egnilk66 0
The guy's just looking for a network security contract. Brills.
grinch59
“It feels like this industry is going through the same issues. The problem is, if I break a F5 device or a Cisco device, I’m not harming anybody. I screw around with an airplane, I’m taking 100 to 400 people out of the sky and you’re not recovering from that.” And now we are talking about drone cargo/passenger airplanes without pilots. Someone better start rethinking that one.
flyingcookmosnter
(Duplicate Squawk Submitted)

Aviation security researcher tweets about "playing" with onboard systems, get visit from FBI

I guess it's just another one if those things you can't say (or tweet) on a plane. . .

http://www.forbes.com/sites/thomasbrewster/2015/04/17/hacker-tweets-about-hacking-plane-gets-computers-seized/

로그인

계정을 가지고 계십니까? 사용자 정의된 기능, 비행 경보 및 더 많은 정보를 위해 지금(무료) 등록하세요!
이 웹 사이트는 쿠키를 사용합니다. 이 웹 사이트를 사용하고 탐색함으로써 귀하는 이러한 쿠기 사용을 수락하는 것입니다.
종료
FlightAware 항공편 추적이 광고로 지원된다는 것을 알고 계셨습니까?
FlightAware.com의 광고를 허용하면 FlightAware를 무료로 유지할 수 있습니다. Flightaware에서는 훌륭한 경험을 제공할 수 있도록 관련성있고 방해되지 않는 광고를 유지하기 위해 열심히 노력하고 있습니다. FlightAware에서 간단히 광고를 허용 하거나 프리미엄 계정을 고려해 보십시오..
종료