Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1418 posts

Uber Geek
+1 received by user: 382


Topic # 173281 18-May-2015 08:46
Send private message

Personally I think the claims of this guy are a load of poo! Mainly because I can't believe any sane manufacturer would link the main cabin to any aircraft systems never mind the in flight entertainment system!

http://m.nzherald.co.nz/world/news/article.cfm?c_id=2&objectid=11450408  


Create new topic
Glurp
9707 posts

Uber Geek
+1 received by user: 4636

Subscriber

  Reply # 1306928 18-May-2015 08:56
Send private message

You must not know much about the history of computing in business, then.





I reject your reality and substitute my own. - Adam Savage
 


13872 posts

Uber Geek
+1 received by user: 6630

Trusted
Subscriber

  Reply # 1306932 18-May-2015 09:12
Send private message

This bit is ridiculous ...

"'It is disappointing that United refused to allow him to board, and we hope that United learns that computer security researchers are a vital ally, not a threat,' said Nate Cardozo, a staff attorney with the San Francisco-based Electronic Frontier Foundation, which represents Roberts."

They are pissed that United didn't let a neck beard mess or attempt to mess with planes electronics in flight with a cabin full of passengers, how dammed inconsiderate of United.

I think this persons reward for trying to gain 15 minutes should be a World wide airline travel ban.




Mike
Retired IT Manager. 
The views stated in my posts are my personal views and not that of any other organisation.

 

Using empathy takes no energy and can gain so much. Try it.

 

 


 
 
 
 


483 posts

Ultimate Geek
+1 received by user: 286

Trusted

  Reply # 1306933 18-May-2015 09:19
Send private message

MikeB4: I thinks this persons reward for trying to gain 15 minutes should be a World wide airline travel ban. 


I think a bright orange suit and a one way trip to Gitmo would be more appropriate.

2091 posts

Uber Geek
+1 received by user: 849


  Reply # 1306934 18-May-2015 09:22
Send private message

Yeah conflicting stories suggest he ripped open part of the seat to get at the ethernet cabling for the entertainment system.

I would really really really hope that entertainment and flight control systems had an air gap.

But who knows.

Scary if true - sounds like media bollocks.

2231 posts

Uber Geek
+1 received by user: 695

Subscriber

  Reply # 1306944 18-May-2015 09:31
Send private message

If this is an actual issue then personally I'd prefer a white hat found it and went public with it. 

Has anyone seen any actual evidence that he did hack the plane? 

1889 posts

Uber Geek
+1 received by user: 317


  Reply # 1307119 18-May-2015 12:35
Send private message

lxsw20: If this is an actual issue then personally I'd prefer a white hat found it and went public with it.


Absolutely agree!  The man should get a damn medal.

Not sure I believe the claim right away.  But I guess all interconnected systems could lead to an undiscovered back door in to other more important aircraft systems.





Sometimes what you don't get is a blessing in disguise!

2091 posts

Uber Geek
+1 received by user: 849


  Reply # 1307143 18-May-2015 13:03
Send private message

DravidDavid:
lxsw20: If this is an actual issue then personally I'd prefer a white hat found it and went public with it.


Absolutely agree!  The man should get a damn medal.

Not sure I believe the claim right away.  But I guess all interconnected systems could lead to an undiscovered back door in to other more important aircraft systems.


There is a MASSIVE difference between finding he had access and actually sending commands.

I have seen dispute as to what he actually did.

If he actively sent commands/attempted to then that is incredibly irresponsible and he deserves prison time for endangering the other passengers.

If he saw he had access, documented it and reported it, then fine.

19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 1307151 18-May-2015 13:08
Send private message

Sounds like BS to me!

2706 posts

Uber Geek
+1 received by user: 1307

Lifetime subscriber

  Reply # 1307192 18-May-2015 13:56
2 people support this post
Send private message

I'm calling this BS too...

 

'He stated that he successfully commanded the system he had accessed to issue the "CLB" or climb command,' the affidavit says. 'He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights.'


Aircraft don't "climb" by increasing an engine's power -- they climb by changing the elevator position and increasing all engines' power. They certainly don't climb with one engine at a time. So it absolutely does not make sense that a "Climb" command could be addressed to one engine. If it existed at all, it would most likely go to the Flight Management System computer, which would adjust the power settings on both engines and the elevator position. I imagine that there could be commands like "Increase Power" that would go to one engine independently of the other(s). But he didn't say that... he said he sent a climb command and only one engine responded.

But maybe this is all a mistake by the agent who took down that statement.

But then, I would expect the crew to report an anomaly where there was an (apparently) uncommanded increase in power on one engine, long and strong enough to cause the aircraft to noticeably yaw. I wonder where that report is?

And another example:

Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)
This was reported as a command to make the oxygen masks drop.

AFAIK, the oxygen masks don't have any electronic mechanism to make them drop... they have a simple mechanical mechanism which opens a flap when the cabin pressure drops below some threshold. The oxygen for each mask is supplied by an individual "oxygen generator" which is triggered by the passenger. I can't imagine why you would want to command them to drop, or to turn on all the oxygen generators. Flooding the cabin with oxygen in the case of some kind of emergency would be hugely dangerous. So I'm betting that there is no wiring at all to each and every oxygen mask, nor to all the oxygen generators, and consequently no "PASS OXYGEN ON" command exists. So this is a complete misrepresentation by the "hacker".

And another from the FBI agent's affidavit:

He [Chris Roberts] stated that he used Vortex software... [on his laptop]...  to monitor traffic from the cockpit system


A swift Google search for "Vortex software Ethernet" finds that Vortex is a hardware thing that connects to Ethernet:

 

About the Vortex DTS

 

Unlike competing systems that use proprietary memory devices, Vortex DTS uniquely uses commercial off-the-shelf 2.5” SATA solid state drives. This data transport system is built rugged as required for use in aircraft, ground vehicles, and ships. It’s easily integrated into Network Centric systems, providing a SWaP-optimized NFS. It is ideal for rugged applications that require the storage, removal, and transport of critical data such as cockpit data (mission, map, maintenance), ISR (camera, I&Q, sensors), mobile applications (ground radar, ground mobile, or airborne ISR pods), heavy industrial (steel, refinery), and video/audio data collection (flight test instrumentation).

 

- See more at: http://www.cwcdefense.com/media-center/press-release/cw-announces-pcap-software-option-for-dts.html#sthash.uhewizWY.dpuf





4513 posts

Uber Geek
+1 received by user: 875

Trusted
Lifetime subscriber

  Reply # 1307295 18-May-2015 16:26
Send private message

If you guys happen to read the whole story, you'll understand that the media story is based on one summary of affidavit.

Apparently he has done this for over 5 years - with the exact details not privy to us at this time.

It's worth to actually read the story.


(edit: affidavit is written by someone who will have no idea on how the plane works)





Create new topic


Donate via Givealittle


Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Orcon announces new always-on internet service for Small Business
Posted 18-Apr-2019 10:19


Spark Sport prices for Rugby World Cup 2019 announced
Posted 16-Apr-2019 07:58


2degrees launches new unlimited mobile plan
Posted 15-Apr-2019 09:35


Redgate brings together major industry speakers for SQL in the City Summits
Posted 13-Apr-2019 12:35


Exported honey authenticated on Blockchain
Posted 10-Apr-2019 21:19


HPE and Nutanix partner to deliver hybrid cloud as a service
Posted 10-Apr-2019 21:12


Southern Cross and ASN sign contract for Southern Cross NEXT
Posted 10-Apr-2019 21:09


Data security top New Zealand consumer priority when choosing a bank
Posted 10-Apr-2019 21:07


Samsung announces first 8K screens to hit New Zealand
Posted 10-Apr-2019 21:03


New cyber-protection and insurance product for businesses launched in APAC
Posted 10-Apr-2019 20:59


Kiwis ensure streaming is never interrupted by opting for uncapped broadband plans
Posted 7-Apr-2019 09:05


DHL Express introduces new MyDHL+ online portal to make shipping easier
Posted 7-Apr-2019 08:51


RackWare hybrid cloud platform removes barriers to enterprise cloud adoption
Posted 7-Apr-2019 08:50


Top partner named at MYOB High Achievers Awards
Posted 7-Apr-2019 08:48


Great ideas start in Gisborne with hackathon event back for another round
Posted 7-Apr-2019 08:42



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.