Back to Squawk list
  • 35

Hacker on a Plane: FBI Seizes Researcher’s Gear

Übermittelt
 
The FBI seized equipment from noted security researcher Chris Roberts on Wednesday, alleging that Roberts may have tampered with the systems aboard a United flight to Chicago, based upon a tweet he made about purportedly being able to access the aircraft's EICAS system. Roberts denies the claim. (securityledger.com) Mehr...

Sort type: [Top] [Newest]


tzollars
Thomas Zollars 8
Y'all are overlooking the obvious, 737's have never had an EICAS system. “PASS OXYGEN ON” is a simple light activated via an electrical circuit in no way connected to a network! Therefore, this guy is seeking publicity and a contract for his vaporware.
Jack370
Jack370 3
Thomas, if that's true then this guy is about the dumbest hacker I've ever heard of and should be charged with threatening a commercial flight at the minimum.
But this hacker is closely monitored by the FBI because of his claims and it would surprise me if he is really that much of a quack.
tzollars
Thomas Zollars 3
Jack, I don't know him, or any hacker. But if he had asked any Mechanic, Engineer or Pilot with 737 experience he would have learned they don't have EICAS as he directly claimed! He also could have learned that the relatively recent addition of WiFi to the aircraft means it is an isolated system with no interconnection with the aircraft systems. While there are digital data busses between boxes, they are not networked to anything with WiFi capability. Give Boeing Engineers some credit!
All I know is his claim was specific to 737's and their EICAS system and I know 737's don't have EICAS. I also know that "pass oxygen on" is a light message with a very simple, directly wired circuit. Therefore, I know he's full of shit. Res ipso facto.
Jack370
Jack370 1
Maybe this guy is a complete hack or maybe it was just his sense of humor but he was on his way to a security convention where he was scheduled as a speaker.
The technical specifics of what this guy is hacking through the wifi may have been obscured but the FBI is obviously taking it seriously.
It will be interesting to what the facts are that emerge from the investigation.
RECOR10
RECOR10 1
You are a spy trying to defer the attention away from the obvious hysteria that is so well deserved ;-)
jchen18
Jeremy Chen 2
The obvious answer would be that the 737 does not have an EICAS systems. Even if it does, it is not necessarily a network. I highly doubt you can start messing with an EICAS without some serious action that will be noticed QUICKLY.
ZX1100F1
David Aaron 3
The guy made some bogus claims and the FBI seized the opportunity to check him out further, teach him a lesson and investigate his actual capabilities.
You cannot sit back in the passenger cabin of an airliner and gain access to the gear up in the cockpit via your laptop, although for some reason there are those that want people to believe otherwise.
joelwiley
joel wiley 0
NSA has long had ove-air content analysis capability. Has the FBI duplicated that or did NSA feed it to them?
RECOR10
RECOR10 2
As a conmputer person who has done forensic anlysis of networks for everything from Sar-Ox to HIPAA to County Govt's (clerks, courts, police)...the level of access to ISP's that "The Man" has is simply crazy. They can simply install something as basic as "WebSense" at an ISP and see every little thing you do. No hiding behind Tor (et al) or spoofing your MAC.

Want to do something illegal? Steal a device and DONT use a McDonals WiFi (as you will be on their cameras). No matter what you are on, or where you are at - they can find you if hey so wish.
joelwiley
joel wiley 2
As Gleaton's Law states "no matter how paranoid you are, they are always doing more than you realize"
aragogando
Eric Merillat 2
Before you start making judgements about what Mr. Roberts can or can't do from the cabin you should probably educate yourselves on the research that is out there in this field and what Mr. Roberts motives really are. I saw Mr. Roberts presentation two years ago at a security conference on this very subject and I can tell you his initial research had nothing to do with WiFi and everything to do with the fact that all of the planes critical and non-critical systems were interconnected. All of the research findings were turned over to the manufacturers at least two years ago and they have not fixed this.
joelwiley
joel wiley 1
Ignore the man behind the curtain! is not a valid security protocol. Neither is security by obscurity.
RECOR10
RECOR10 2
He should have called an hour before and let them know where he was going...oh, wait, that only works for gyrocopters...
WilliamBarnes
William Barnes 1
Typical ham-fisted approach I'd expect from US cops.
Why not research and investigate THEN act and detain and search.
MattHauke
Matt Hauke 1
Yes, the old let's wait and see approach has worked really good in the past. The guy tweeted that he was going to attempt to hack into the planes systems. What more research should the "US cops" have done?
Jack370
Jack370 1
Tweet: "“Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? :)”

Obviously this guy wanted to be detained or arrested in order to force the security issue. Hopefully something will be done about these vulnerabilities now instead of just ignoring the issues. The FAA should be contracting guys like this to fix the security problems.
Jack370
Jack370 4
They should check this guy out and if his claims are valid, simply turn off the wifi access until the problems are fixed. That has no cost to anyone except for reduced amenities. This guy claims that he can take over control systems thru the wifi and if there is any possibility of that, it needs to be addressed now and not later.

As for the FBI detaining him, hats off to the FBI for spotting that activity. It's not any different from someone threatening to hijack an airliner in flight.
thecohorts
Matt LaMay 1
I ask you; what control system can he take control of? What system is connected via satcom that is a vital system on a 737-800? ACARS? Every other system is controlled by onboard computers that are incapable of receiving commands via wifi or any other method other than direct interface.
Jack370
Jack370 2
The hacker claims that he can affect the status of indicators. While this is not direct control of the flight surfaces, it still constitutes taking over control of indicators with extremely serious implications. If he can do that, what else could he do?

It's not likely that this flaw was known when the new wifi systems were integrated and the security weakness need to be addressed sooner rather than later. wifi on commercial planes is a new luxury and if it's possible to interfere with anything in the cockpit it should be completely turned off until the problems are fixed.
DHRGOLF
Daniel Ramos 1
For the no so much computer expert or for the computer expert as well, what about if a guy just simply say at loud in the middle of the flight, hey I HAVE A SCREW DRIVER IN MY POCKET AND I AM GOING TO FIDLE AROUND WITH THIS AIRCRAFT AND SEE WHAT CAN I FIND, AND THEN, WHILE IN THE BATHROOM YOU HEAR, I FOUND SOME WIRES THAT THINK CONTROLS THE PLANE SO IM GOING TO PULL ON THEM, what would you Do? Sitting while in the same flight with your family, even if you know or assume that critical flight controls do not go through the the bathroom, you know it's not good, or may do some damage that you were not expected., so may as well restricted until you are sure it is safe, just saying.........
thecohorts
Matt LaMay -1
Yet another "expert" feeding his pocket book off of the fear and ignorance of the general public (just read some of the comments on here.) There is no way to bring down a modern commercial airliner with a competent crew via wifi. The only thing this guy (or anybody else) would do is to screw up the wifi.
MattHauke
Matt Hauke 1
Because the general public should be experts on modern aircraft systems and computer hacking?
tzollars
Thomas Zollars 1
No Matt, the general public shouldn't feel bad about their ignorance. However the news media should! They always trot out their "experts", who are generally pilots. Pilots are good to interview on the subject of flying, but are not the best to go to when the systems need explaining. Get a good Mechanic or Engineer from Boeing to make the public know this guy is a lying shitheel!
pjt008
Paul Thomas 0
A big part of "hacking" is "social engineering" - convincing people that you've done, or are able to, things that seem plausible, regardless of feasibility or ability. It's a great way to get attention, which is pretty much what he was looking for, and got - just maybe not the kind for which he hoped.
ebenz618
Edmund Benz 0
There may be an obvious answer to this but I don's see any scheduled 737 service into KSYR from Chcago. Only regional jets. CRJ, Embraer. UAL 737s connect with regionals in Newark. Possible that tweets originated while on the ground?
egnilk66
egnilk66 0
The guy's just looking for a network security contract. Brills.

grinch59
Gene Nowak 0
“It feels like this industry is going through the same issues. The problem is, if I break a F5 device or a Cisco device, I’m not harming anybody. I screw around with an airplane, I’m taking 100 to 400 people out of the sky and you’re not recovering from that.” And now we are talking about drone cargo/passenger airplanes without pilots. Someone better start rethinking that one.
flyingcookmosnter
(Duplicate Squawk Submitted)

Aviation security researcher tweets about "playing" with onboard systems, get visit from FBI

I guess it's just another one if those things you can't say (or tweet) on a plane. . .

http://www.forbes.com/sites/thomasbrewster/2015/04/17/hacker-tweets-about-hacking-plane-gets-computers-seized/

Anmelden

Haben Sie kein Konto? Jetzt (kostenlos) registrieren für kundenspezifische Funktionen, Flugbenachrichtigungen und vieles mehr!
Wussten Sie schon, dass die Flugverfolgung auf FlightAware durch Werbung finanziert wird?
Sie können uns dabei helfen, FlightAware weiterhin kostenlos anzubieten, indem Sie Werbung auf FlightAware.com zulassen. Wir engagieren uns dafür, dass unsere Werbung auch in Zukunft zweckmäßig und unaufdringlich ist und Sie beim Surfen nicht stört. Das Erstellen einer Positivliste für Anzeigen auf FlightAware geht schnell und unkompliziert. Alternativ können Sie sich auch für eines unserer Premium-Benutzerkonten entscheiden..
Schließen