I've not seen that in an airplane. I'd like a cite.
Interconnection of Three Previously Separated Networks in Boeing 737
Joe Loughry <joe.loughry@stx.ox.ac.uk>
Wed, 11 Jun 2014 19:06:37 +0000
"Special Conditions" refers to the fact that certification rules haven't
kept pace. The three network domains (aircraft control, operator
information, and passenger entertainment) used to run on physically separate
wires, primarily for historical reasons, but having obvious engineering
benefits as well. In recent years, first the computers and now the networks
have migrated to virtual machine separation on shared hardware, for the
equally obvious space, weight, and power savings. The *Federal Register*
rule published this week mentions interconnection between at least two of
the three domains; I hope they paid close attention to UC Berkeley's
"Experimental Security Analysis of a Modern Automobile" (2010).
https://federalregister.gov/a/2014-13244
Source: "Special Conditions: The Boeing Company, Models 737-700, -700C,
-800, -900ER, -7, -8, and -9 Series Airplanes; Airplane Electronic Systems
Security Protection From Unauthorized External Access" [*Federal Register*
vol. 79, no. 109, June 6, 2014, pp. 32640-32641].
Joe Loughry, Doctoral Student in the Department of Computer Science
St Cross College, Oxford
Banned Researcher Commandeered a Plane (Kim Zetter)"Peter G. Neumann" <neumann@csl.sri.com>Fri, 15 May 2015 21:12:42 PDT(Courtesy of Dan Farmer: Fly the unfriendly skies?)Kim Zetter, Feds Say That Banned Researcher Commandeered a Planehttp://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/A security researcher kicked off a United Airlines flight last month aftertweeting about security vulnerabilities in its system had previously takencontrol of an airplane and caused it to briefly fly sideways, according toan application for a search warrant filed by an FBI agent.Chris Roberts, a security researcher with One World Labs, told the FBI agentduring an interview in February that he had hacked the in-flightentertainment system, or IFE, on an airplane and overwrote code on theplane's Thrust Management Computer while aboard the flight. He was able toissue a climb command and make the plane briefly change course, the documentstates.FBI Special Agent Mark Hurley: “He stated that he thereby caused one of theairplane engines to climb resulting in a lateral or sideways movement of theplane during one of these flights, He also stated that he used Vortexsoftware after comprising/exploiting or hacking the airplane's networks. Heused the software to monitor traffic from the cockpit system.''Hurley filed the search warrant application last month after Roberts wasremoved from a United Airlines flight from Chicago to Syracuse, New York,because he published a facetious tweet suggesting he might hack into theplane's network. Upon landing in Syracuse, two FBI agents and two localpolice officers escorted him from the plane and interrogated him for severalhours. They also seized two laptop computers and several hard drives and USBsticks. Although the agents did not have a warrant when they seized thedevices, they told Roberts a warrant was pending.A media outlet in Canada obtained the application for the warrant today andpublished it online.http://aptn.ca/news/2015/05/15/hacker-told-f-b-made-plane-fly-sideways-cracking-entertainment-system/The information outlined in the warrant application reveals a far moreserious situation than Roberts has previously disclosed.Roberts had previously told WIRED that he caused a plane to climb during asimulated test on a virtual environment he and a colleague created, but heinsisted that he had not interfered with the operation of a plane while inflight.He told WIRED that he did access in-flight networks about 15 times duringvarious flights but had not done anything beyond explore the networks andobserve data traffic crossing them. According to the FBI affidavit, however,he mentioned this to agents as well last February but also added that he hadbriefly commandeered a plane during one of those flights. He told the FBI heaccessed the flights in which he accessed the in-flight networks more than adozen times occurred between 2011 and 2014, but the affidavit does notindicate exactly which flight he allegedly caused to turn to the side.He obtained physical access to the networks through the Seat Electronic Box,or SEB. These are installed two to a row, on each side of the aisle underpassenger seats, on certain planes. After removing the cover to the SEB by`wiggling and Squeezing the box', Roberts told agents he attached a Cat6ethernet cable, with a modified connector, to the box and to his laptop andthen used default IDs and passwords to gain access to the inflightentertainment system. Once on that network, he was able to gain access toother systems on the planes.Reaction in the security community to the new revelations in the affidavithave been harsh. Although Roberts hasn't been charged yet with anycrime, and there are questions about whether his actions really did causethe plane to list or he simply thought they did, a number of securityresearchers have expressed shock that he attempted to tamper with a planeduring a flight.“I find it really hard to believe but if that is the case he deserves goingto jail,'' wrote Jaime Blasco, director of AlienVault Labs in a tweet.Alex Stamos, chief information security officer of Yahoo, wrote in a tweet,“You cannot promote the (true) idea that security research benefitshumanity while defending research that endangered hundreds of innocents.''[Wonderful long item truncated for RISKS. PGN]