Feds Say That Banned Researcher Commandeered a Plane

[HardOCP News]

Why in the world would anyone mess around with an in-flight plane full of people? Thanks to Railhaus for the link.

Reaction in the security community to the new revelations in the affidavit have been harsh. Although Roberts hasn’t been charged yet with any crime, and there are questions about whether his actions really did cause the plane to list to the side or he simply thought they did, a number of security researchers have expressed shock that he attempted to tamper with a plane during a flight.

 

[c3141hf]

"Hacking" the thrust (and, btw, there is no such thing as a "thrust management computer") wouldn't enable you to make the plane climb; you'd need to take control of the plane's elevator.

 

[c3141hf]

More specifically, thrust is controlled by the flight management computer. And the "entertainment system" is on a completely separate physical network.

 

[DeathFromBelow]

"Hacking" the thrust (and, btw, there is no such thing as a "thrust management computer") wouldn't enable you to make the plane climb; you'd need to take control of the plane's elevator.

I'm wondering if that was just confusion on the part of the journalists. Part of the article says he caused an actual plane to list to the side (which you could do by varying the thrust), another part says he caused a plane to climb in a simulation.

More specifically, thrust is controlled by the flight management computer. And the "entertainment system" is on a completely separate physical network.

Roberts began investigating aviation security about six years ago after he and a research colleague got hold of publicly available flight manuals and wiring diagrams for various planes. The documents showed how inflight entertainment systems on some planes were connected to the passenger satellite phone network, which included functions for operating some cabin control systems. These systems were in turn connected to the plane avionics systems. They built a test lab using demo software obtained from infotainment vendors and others in order to explore what they could to the networks.

 

[ZenDragon]

I'm more concerned that this might be possible, than I am about this the possibility of this guy messing with the flight slightly. Either the news is exaggerating the story for ratings, or the air line is trying to avoid criticism, something just seems really odd about this story.

 

[c3141hf]

I'm wondering if that was just confusion on the part of the journalists. Part of the article says he caused an actual plane to list to the side (which you could do by varying the thrust), another part says he caused a plane to climb in a simulation.

Listing to the side would require access to the ailerons. Thrust would only be able to alter horizontal attitude (i.e. the plane's heading).

I read the affidavit and it is basically 100% based on what he told the FBI. The only evidence that he made the plane climb is his own word. It's bullshit. There is no "climb" command for thrust management.

 

[Gman1979]

Listing to the side would require access to the ailerons. Thrust would only be able to alter horizontal attitude (i.e. the plane's heading).

I read the affidavit and it is basically 100% based on what he told the FBI. The only evidence that he made the plane climb is his own word. It's bullshit. There is no "climb" command for thrust management.

You actually can use thrust to control climbing. For a given aircraft attitude, increasing the speed of air flowing over the lifting surfaces causes an increase in lift.

The problem with the story is the part they left out. Most commercial craft let the autopilot do all the work during a majority of the flight. The Autopilot would have either corrected for the increase in thrust canceling the climb or it would have disengaged the autopilot and sounded an alarm due to an equipment error being detected.

 

[Gman1979]

You actually can use thrust to control climbing. For a given aircraft attitude, increasing the speed of air flowing over the lifting surfaces causes an increase in lift.

The problem with the story is the part they left out. Most commercial craft let the autopilot do all the work during a majority of the flight. The Autopilot would have either corrected for the increase in thrust canceling the climb or it would have disengaged the autopilot and sounded an alarm due to an equipment error being detected.

Actually just asked a pilot about this. He's got about 12,000 hours in multi engine commercial craft. He stated the moment a throttle command was sent to the engine, the autopilot would have detected it as pilot input and disengaged.

 

[amddragonpc]

In any case, his company is now shit. The investors withdrew their money.

 

[Deleted member 108676]

How many here have actually worked on airplanes and actually knows what they're talking about aside from what they've seen on NatGeo or Netflix?

 

[Cr4ckm0nk3y]

And the "entertainment system" is on a completely separate physical network.

Correct, on all Boeing and Airbus A/C the PES is separate from avionics. About the only thing they "share" is electrical bus on older aircraft that were not initially designed to have PES on board.

More specifically, thrust is controlled by the flight management computer.

The FMC/FMS does not control thrust. It is primarily navigational computer that controls routes and profiles. They added FMS' after getting rid of FEs and Navigators to lessen the workload on both pilots.

Thrust is controlled by the Engine Control Unit (ECU or ECC) which is part of the FADEC system. The ECU receives input commands from either the throttles or auto-throttle system of the autopilot (if equipped).

In order for Roberts to create asymmetrical thrust he would have had to hack into one of the ECU's directly. The auto-throttle cannot be set to asymmetrical thrust.

I'm wondering if that was just confusion on the part of the journalists. Part of the article says he caused an actual plane to list to the side (which you could do by varying the thrust), another part says he caused a plane to climb in a simulation.

Roberts is simply full of shit and trying to avoid jail time. He got caught, due to his own ego, hacking into the Personal Entertainment System and is now facing prison.

I would imagine he is trying to claim whistle blower or "trying to help" card to minimize his sentence. Watch any Chris Hansen "To Catch" show and many of the perps immediately go to "I was just trying to help/protect."

Even if he did successfully hack the PES he wouldn't have had access to any aircraft systems bysides the cabin management system. So he could, depending on the system, turn of the fasten seatbelt sign, activate the PA system, or on newer models monitor waste water. But he could not take over the aircraft flight or engine controls.

Actually just asked a pilot about this. He's got about 12,000 hours in multi engine commercial craft. He stated the moment a throttle command was sent to the engine, the autopilot would have detected it as pilot input and disengaged.

Correct, the autopilot system automatically disengages when the pilot(s) manipulate the flight controls or throttle. If a disagreement of either control or throttle input is detected it will also disengage.

 

[Jagger100]

Listing to the side would require access to the ailerons. Thrust would only be able to alter horizontal attitude (i.e. the plane's heading).

I read the affidavit and it is basically 100% based on what he told the FBI. The only evidence that he made the plane climb is his own word. It's bullshit. There is no "climb" command for thrust management.

Its to go medieval on his ass starting with this warrant. Considering his work it won't take much to keep him in court for years and deplete any savings or possessions.

He could have handled it better but he either is an attention whore or afraid to lose credit for this issue or and idiot. That being said, when you have a king, you don't embarrass him or his agents.

 

[Ur_Mom]

You actually can use thrust to control climbing. For a given aircraft attitude, increasing the speed of air flowing over the lifting surfaces causes an increase in lift.

I've learned that thrust controls your climbing and descending and you use your elevators to control your speed (generally - they can work either way). That was for a small Cessna, though.

 

[lcpiper]

I'm more concerned that this might be possible, than I am about this the possibility of this guy messing with the flight slightly. Either the news is exaggerating the story for ratings, or the air line is trying to avoid criticism, something just seems really odd about this story.

Well, if he did do this, then it did actually occur, not just possible, it happened. And this bozo needs to feel the blunt end of the stick for it if He did it. His motivations are immaterial.

This guy runs One World Labs, a Security Consulting Firm and if I read it correctly He wants to, or claims to, be heavily involved in Airline Security. So why does this guy have to resort to "Field Research" and hacking aircraft systems? Why is it the Aircraft Manufacturers don't use his service?

I think the Airlines see this guy as small time and He is trying to bully his way into the Industry that doesn't want him and maybe doesn't need him. This guy is going to get himself jacked up big time if He keeps this up. In fact He might have already succeeded and the Feds just haven't dropped the charges yet while they finish putting together their case.

Now it's always possible this guy didn't actually hack anything or commit any crime, but if there is truth to his messing with equipment then it starts looking really bad.

 

[Ur_Mom]

Why is it the Aircraft Manufacturers don't use his service?
.

And extremely doubtful they ever will now. His methods are shit. I wouldn't trust this guy doing anything for my company or home network.

 

[pavementeater]

Well, if he did do this, then it did actually occur, not just possible, it happened. And this bozo needs to feel the blunt end of the stick for it if He did it. His motivations are immaterial.

This guy runs One World Labs, a Security Consulting Firm and if I read it correctly He wants to, or claims to, be heavily involved in Airline Security. So why does this guy have to resort to "Field Research" and hacking aircraft systems? Why is it the Aircraft Manufacturers don't use his service?

I think the Airlines see this guy as small time and He is trying to bully his way into the Industry that doesn't want him and maybe doesn't need him. This guy is going to get himself jacked up big time if He keeps this up. In fact He might have already succeeded and the Feds just haven't dropped the charges yet while they finish putting together their case.

Now it's always possible this guy didn't actually hack anything or commit any crime, but if there is truth to his messing with equipment then it starts looking really bad.

The Wired article lacks a lot of info on what did and didn't happen. It is almost a complete cut and paste job from what is on the FBI's warrant and the warrant does not have much detail on anything which is typical for any kind of warrant.
It just sucks to be this guy because if he did gain access to the any of the networks with out permissions while on the plane at any given time before ,during or after one of his flights the FBI can go after him.
I find it pretty scary that the airlines are still sitting /actively using default passwords and logins for their intel systems... :|

 

[lcpiper]

And extremely doubtful they ever will now. His methods are shit. I wouldn't trust this guy doing anything for my company or home network.

Does sorta send a message when they won't take you as a customer don't it?

 

[Cr4ckm0nk3y]

Now it's always possible this guy didn't actually hack anything or commit any crime, but if there is truth to his messing with equipment then it starts looking really bad.

They will get him on destruction of aircraft if they can't get him on anything else. Evidence was found after his tweet flight, of him willfully tampering with the seat electronics unit under his seat. Even if it was him removing the cover to the Ethernet port.

That carries a nice fine and up to 20 years in prison.

 

[Methadras]

This story has all kinds of bullshit surrounding it. This guy makes the claim that he made the plane do things that are frankly, aerodynamically not possible.

 

[McFry]

I've learned that thrust controls your climbing and descending and you use your elevators to control your speed (generally - they can work either way). That was for a small Cessna, though.

Pitch for airspeed, power for altitude

 

[McFry]

^which goes contrary to peoples assumption about how airplanes work

 

[fixedmy7970]

so this is why my town got shit on

 

[DocSavage]

This is like the fourth thread here I've seen on the same story. I do like how quotes from the article itself use the words "he stated that..." That's far different from the headline "Feds Say That Banned Researcher Commandeered a Plane"

“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application (.pdf). “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.”

 

[lcpiper]

This story has all kinds of bullshit surrounding it. This guy makes the claim that he made the plane do things that are frankly, aerodynamically not possible.

Sure it is, planes can fly sideways, of a sort. In fact they actually have to adjust to the wind pushing them sideways as it is.

And although someone else said thrust couldn't make a plane fly upwards that is not altogether true either. increased thrust generally increases speed, speed effects the airflow over the wings which can make a plane gain altitude even if the plane doesn't actually change it's direction of flight, it's still climbing.

 

[Spidey329]

The real question is .. How many [H] members are going to check under their seat for the Ethernet port. Pay for WiFi? I'll plug in!

 

[lcpiper]

I love this comment by a really smart guy.

http://www.nytimes.com/aponline/2015/05/18/us/ap-us-flight-hacking-investigation.html?_r=0

The fact that passengers on flights with in-seat video monitors can shift between television and a map showing the plane's real-time location indicates a link between the flight control and passenger entertainment networks, said Steven Bellovin, a computer science professor at Columbia University.

So by this same logic, when I am home and I switch channels on my TV, if one of the channels is showing a live Doppler Radar weather feed then I am connected to the National Weather Services systems, it's proof of a link

 

[defunctdoormat]

I saw this on /. yesterday. It seems there's much that's missing. The FBI made it sound like everything in their report happened in one day all in the flight. It actually occurred over 4-5 years. However, the FBI has an agenda; to make this guy into a terrorist, even though some research may have occurred on the ground, no where near any aircraft. Of course, if they said that, it would make a good case, so they can't say that.

 

[c3141hf]

Well, if he did do this, then it did actually occur, not just possible, it happened. And this bozo needs to feel the blunt end of the stick for it if He did it. His motivations are immaterial.

This guy runs One World Labs, a Security Consulting Firm and if I read it correctly He wants to, or claims to, be heavily involved in Airline Security. So why does this guy have to resort to "Field Research" and hacking aircraft systems? Why is it the Aircraft Manufacturers don't use his service?

I think the Airlines see this guy as small time and He is trying to bully his way into the Industry that doesn't want him and maybe doesn't need him. This guy is going to get himself jacked up big time if He keeps this up. In fact He might have already succeeded and the Feds just haven't dropped the charges yet while they finish putting together their case.

Now it's always possible this guy didn't actually hack anything or commit any crime, but if there is truth to his messing with equipment then it starts looking really bad.

He is a con artist. Why would they want his service? He either doesn't know or lies about the fact that the in-flight entertainment system is on a physically separated network. It is IMPOSSIBLE to control the engines from the in-flight entertainment system, no matter how many holes are in the software, because they are on PHYSICALLY separate networks.

He got caught hacking into the entertainment system and now he is just spinning shit to try and avoid going to Federal PMITA prison.

 

[c3141hf]

I love this comment by a really smart guy.

http://www.nytimes.com/aponline/2015/05/18/us/ap-us-flight-hacking-investigation.html?_r=0



So by this same logic, when I am home and I switch channels on my TV, if one of the channels is showing a live Doppler Radar weather feed then I am connected to the National Weather Services systems, it's proof of a link

The in flight location is not fed from the flight computer, it is fed from a dedicated GPS receiver and it is a one way link.

 

[lcpiper]

Without adding the specific details I was sorta saying the same thing, that this Computer Science Expert is a dumbass.

Still, this is what we get for responsible journalism these days. Some writer gets a story he want's to right and they grab some guy and bill him as knowledgeable on the subject when he really doesn't know anything about the subject at all.

The news isn't informative anymore, it's just a morbid form of entertainment. It's the modern application of Reality TV principles applied to the News Media Industry.

We're so boned