Armed Polite Society
Main Forums => The Roundtable => Topic started by: Fly320s on May 17, 2015, 06:19:38 AM
-
The link to the stupid: http://www.usatoday.com/story/tech/2015/05/16/chris-roberts-fbi-plane-hack-one-world-labs/27448335/
No. Just no. No effing way, im-effing-possible, total effing BS.
-
I read about that yesterday. It seemed implausible that an optional system like entertainment could possibly be interfaced with flight controls like the engine power settings.
Of course, the article I read said that increasing the power to one engine made the aircraft fly "sideways," and then later it said that increasing the power made the plane climb. I don't know anything about modern autopilot systems, but I would surmise that if the autopilot is set to maintain 30,000 feet, it will maintain 30,000 feet even if the engine power is kicked up a notch.
-
looks like almost anything is possible. One thing I noticed in the article, was the fellow saying he used published default passwords to hack the system. Looks like that is a standard procedure. One would think that everyone with a computer system would change the default password, since those are known. Had that been done, the hack would probably be much more difficult, or just plain impossible.
-
I read about that yesterday. It seemed implausible that an optional system like entertainment could possibly be interfaced with flight controls like the engine power settings.
Of course, the article I read said that increasing the power to one engine made the aircraft fly "sideways," and then later it said that increasing the power made the plane climb. I don't know anything about modern autopilot systems, but I would surmise that if the autopilot is set to maintain 30,000 feet, it will maintain 30,000 feet even if the engine power is kicked up a notch.
Correct. Increased thrust will result in increased speed, not a climb.
-
looks like almost anything is possible. One thing I noticed in the article, was the fellow saying he used published default passwords to hack the system. Looks like that is a standard procedure. One would think that everyone with a computer system would change the default password, since those are known. Had that been done, the hack would probably be much more difficult, or just plain impossible.
You'd be surprised.
-
Did not read this article, thanks to the comments about teh stoopidz it contains.
But IIRC this is not the first time someone has demonstrated how to hijack an aircraft via the ancillary systems. Pretty much the same way they hijack an automobile - for ease the desgners integrate everything. ("Heck, what could go wrong?" - motto of the dumb in every field of endeavor.)
stay safe.
-
I read about that yesterday. It seemed implausible that an optional system like entertainment could possibly be interfaced with flight controls like the engine power settings.
Hmmm...methinks not a matter of entertainment systems being deliberately or directly interfaced with flight control systems. More likely they simply share a common network. But that can be just as bad.
-
Did not read this article, thanks to the comments about teh stoopidz it contains.
But IIRC this is not the first time someone has demonstrated how to hijack an aircraft via the ancillary systems. Pretty much the same way they hijack an automobile - for ease the desgners integrate everything. ("Heck, what could go wrong?" - motto of the dumb in every field of endeavor.)
stay safe.
I'm a bit confused by your response.
Just to clarify my point: the act of hijacking control of the aircraft by tapping into the onboard TV system is impossible.
-
You are obviously part of the disinformation campaign to placate the masses. [tinfoil]
-
You are obviously part of the disinformation campaign to placate the masses. [tinfoil]
Shut up and breathe your chemtrails.
-
Shut up and breathe your chemtrails.
"Mmmmm. Yummy chemtrails..."
(https://armedpolitesociety.com/proxy.php?request=http%3A%2F%2Fcdn.meme.am%2Fimages%2F300x%2F5514414.jpg&hash=8964fb5d77da96b7686e804501b14768729bfb15)
-
The link to the stupid: http://www.usatoday.com/story/tech/2015/05/16/chris-roberts-fbi-plane-hack-one-world-labs/27448335/
No. Just no. No effing way, im-effing-possible, total effing BS.
Yeah, that was my take on that, as well.
Systems like that would be airgapped, period.
There would be no advantage to actually networking the passenger accessible entertainment system with flight control, in fact, it would be a net security loss.
-
Hmmm...methinks not a matter of entertainment systems being deliberately or directly interfaced with flight control systems. More likely they simply share a common network. But that can be just as bad.
Semantics, perhaps. To my simple-minded dinosaur brain, if they share a common network and one system can talk to another system, they "interface."
-
There would be no advantage to actually networking the passenger accessible entertainment system with flight control, in fact, it would be a net security loss.
How often is security the prime consideration in systems development?
-
Yeah, that was my take on that, as well.
Systems like that would be airgapped, period.
There would be no advantage to actually networking the passenger accessible entertainment system with flight control, in fact, it would be a net security loss.
That was essentially what I recall reading - that everything was networked because nobody bothered to think anybody would want to get into one segment from another, and because it was both easier and cheaper.
Kinda sorta like finding out the apple watch can be hacked by a 5-year old.
stay safe.
-
How often is security the prime consideration in systems development?
One would hope that something that depended on computers that weren't compromised to keep everyone alive wouldn't be configured in such an idiotic way. Why would you put something that can possibly control the aircraft or even cripple it on the same physical network as something passenger accessible?
It's not generally a primary concern in systems development, admittedly...but to completely ignore it?
That was essentially what I recall reading - that everything was networked because nobody bothered to think anybody would want to get into one segment from another, and because it was both easier and cheaper.
Kinda sorta like finding out the apple watch can be hacked by a 5-year old.
stay safe.
I can see it being a bit cheaper and easier....but it's nonsensical.
Where did you read that? I'd be interested in seeing that, if only for the eye-opener.
-
Another couple articles.
http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/
http://arstechnica.com/security/2015/05/fbi-researcher-admitted-to-hacking-plane-in-flight-causing-it-to-climb/
-
Where did you read that? I'd be interested in seeing that, if only for the eye-opener.
http://www.cnn.com/2013/04/11/tech/mobile/phone-hijack-plane/
2013. It's amazing what the mind can remember while still not knowing your own phone number after having it for more than 10 years.
stay safe.
-
How often is security the prime consideration in systems development?
In the airline world? All of the time, although the focus is on safety, not security.
The flight control systems need to be independent of non-essential systems so they will be more reliable and safe.
Now, I haven't looked at the installation diagrams for the IFE system, but I can tell you there is no reason for it to be networked to the flight control systems.
-
Something about this story stinks. There's no way those systems aren't air gapped. This screams "bullshit" to me
-
How often is security the prime consideration in systems development?
Sometimes.
https://en.wikipedia.org/wiki/OpenBSD (https://en.wikipedia.org/wiki/OpenBSD)
The project is also widely known for the developers' insistence on open-source code and quality documentation, uncompromising position on software licensing, and focus on security and code correctness. The project is coordinated from de Raadt's home in Calgary, Alberta, Canada. Its logo and mascot is a pufferfish named Puffy.
OpenBSD includes a number of security features absent or optional in other operating systems, and has a tradition in which developers audit the source code for software bugs and security problems.
(Never used it, myself. But it exists.)
-
How often is security the prime consideration in systems development?
Well, it was pretty well done back in the day.
Good luck hacking into this:
(https://armedpolitesociety.com/proxy.php?request=http%3A%2F%2Fpioneerflightmuseum.org%2Fimages%2F021231CubCockpit.jpg&hash=49e3522aa484bc19866cfe8d1f715356d8e6db86)
-
Now, I haven't looked at the installation diagrams for the IFE system, but I can tell you there is no reason for it to be networked to the flight control systems.
What's the point of all those MFDs if you can't watch Die Hard 2 on them?
-
Well, it was pretty well done back in the day.
Good luck hacking into this:
(https://armedpolitesociety.com/proxy.php?request=http%3A%2F%2Fpioneerflightmuseum.org%2Fimages%2F021231CubCockpit.jpg&hash=49e3522aa484bc19866cfe8d1f715356d8e6db86)
yeah just how the cockpit of a modern airliner should look. ;/
-
*scratches head*
Uhm. Never worked on fixed wing, but on rotary wing, yes, entertainment and control networks were airgapped. And not directly compatible either. Control runs over controller area network, usually called CAN bus. Started for cars. Aircraft are now using "ARINC Specification 825", but it's usually informally called CAN or CAN bus. Fixed wing are moving to it also, AFAIK.
It's not directly compatible with TCP/IP. I highly doubt that is the default. Because Sikorsky and I'm sure other folks made money selling support packages that included overpriced Panasonic ToughBooks with the maintenance/analysis software on it, that you had to plug into a designated CAN port.
If someone was dumb enough to plug the ethernet port of a CAN gateway onto the entertainment network and the hacker had the right software, sure.
-
yeah just how the cockpit of a modern airliner should look.
Seven instruments and a control system that doesn't argue with the user. Pretty sure I've spent as many hours as a passenger in various GA aircraft as commercial, and usually felt safer in a PA-18 than anything. Something about the "we can land darn near anywhere without having to call it a crash" aspect.
-
Seven instruments and a control system that doesn't argue with the user. Pretty sure I've spent as many hours as a passenger in various GA aircraft as commercial, and usually felt safer in a PA-18 than anything. Something about the "we can land darn near anywhere without having to call it a crash" aspect.
Your knowledge of aviation and what's "safe" is amusing. As an insider, I can tell you exactly where the higher percentage of accidents and fatalities are, and it's in GA.
And a PA18 will get you just as dead as anything else.
http://faadaily.com/2015/03/28/2-killed-in-crash-of-pipe-cub-single-engine-plane-near-pine-river-in-northern-minnesota/
Those 7 instruments work great in an airfame that is not much more complicated than a willys jeep and weighs less.
A Boeing or Airbus....? Multiple systems, life support, engines, navigation systems. Hands off landings in conditions that most people won't drive in? good luck with that *expletive deleted*it in a cub.
The fatality rate is about 12 per 100,000 flight hours in general aviation. Takes a million flight hours to hit that rate in commercial aviation. US accidents, while declining, is about 1200 a year for general aviation.
So your perception of feeling safer is false.
-
This thread reminds me that I haven't seen Tallpine around in too long. Anyone have a way to contact him IRL? I hope he's ok. =|
-
This thread reminds me that I haven't seen Tallpine around in too long. Anyone have a way to contact him IRL? I hope he's ok. =|
I imagine he is. I think that he decided to leave after a few disagreements. I'm largely to blame and accept responsibility for being an ahole without real cause to him more than once.
-
I imagine he is. I think that he decided to leave after a few disagreements. I'm largely to blame and accept responsibility for being an ahole without real cause to him more than once.
I look back on the way I've treated people on this forum and others over the years and I deeply regret what a jerk I've been, so I can definitely empathize with you on that. I know he and Ladypine were older and living in an isolated place with sketchy neighbors so it's a relief to know that it's most likely a voluntary absence and not a home invasion gone bad where no one has discovered the bodies yet.
-
http://faadaily.com/2015/03/28/2-killed-in-crash-of-pipe-cub-single-engine-plane-near-pine-river-in-northern-minnesota/
Two dead. In a plane he had restored himself, but not flown much. Probably doing something relatively dumb showing off for the girl, which tends to get you killed in any aircraft.
Mothball an A320 for 6 months to a year, load it up and go hotdogging for a cute nurse with no more maintenance than a load of fresh fuel and see how well it does.
-
Your knowledge of aviation and what's "safe" is amusing. As an insider, I can tell you exactly where the higher percentage of accidents and fatalities are, and it's in GA.
And a PA18 will get you just as dead as anything else.
http://faadaily.com/2015/03/28/2-killed-in-crash-of-pipe-cub-single-engine-plane-near-pine-river-in-northern-minnesota/
Those 7 instruments work great in an airfame that is not much more complicated than a willys jeep and weighs less.
A Boeing or Airbus....? Multiple systems, life support, engines, navigation systems. Hands off landings in conditions that most people won't drive in? good luck with that *expletive deleted*it in a cub.
The fatality rate is about 12 per 100,000 flight hours in general aviation. Takes a million flight hours to hit that rate in commercial aviation. US accidents, while declining, is about 1200 a year for general aviation.
So your perception of feeling safer is false.
This. GA is a flying graveyard compared to commercial. There's a reason why folks use the phrase "Going down like a Beechcraft filled with doctors."
A modern Boeing or Sikorsky aircraft is more complex, but more safer and more capable. Feeling secure is rarely the same as actually being secure. Outside of the movies, you can't haX0r an aircraft out of the sky. It's possible someone might be criminally stupid enough to allow it, but generally, not going to happen. Remember, aerospace engineers fly too.
-
This. GA is a flying graveyard compared to commercial. There's a reason why folks use the phrase "Going down like a Beechcraft filled with doctors."
A modern Boeing or Sikorsky aircraft is more complex, but more safer and more capable. Feeling secure is rarely the same as actually being secure. Outside of the movies, you can't haX0r an aircraft out of the sky. It's possible someone might be criminally stupid enough to allow it, but generally, not going to happen. Remember, aerospace engineers fly too.
And yet, GA is still safer than driving. 1/5 or 1/6 the accident rate per vehicle-mile
Funny how crotchety people will get about technology in airplanes, but dont seem to have a problem with it in cars.
-
And yet, GA is still safer than driving. 1/5 or 1/6 the accident rate per vehicle-mile
Funny how crotchety people will get about technology in airplanes, but dont seem to have a problem with it in cars.
Very much concur
-
Two dead. In a plane he had restored himself, but not flown much. Probably doing something relatively dumb showing off for the girl, which tends to get you killed in any aircraft.
Mothball an A320 for 6 months to a year, load it up and go hotdogging for a cute nurse with no more maintenance than a load of fresh fuel and see how well it does.
And fly the cub for a million hours and see how it does.
You're comparing a vespa to a Cadillac Escalade. And failing badly at making any kind of point. I've witnessed personally with my own damn eyes well maintained and regularly flown general aviation aircraft crash.
-
This. GA is a flying graveyard compared to commercial. There's a reason why folks use the phrase "Going down like a Beechcraft filled with doctors."
The Bonanza's record for opening up spots on hospital rosters is pretty much entirely due to pilot error. That is pretty easily controlled by the passenger in GA; you can see the guy and how he handles the aircraft. Not so easy when the captain is a disembodied voice with only a last name.
-
The Bonanza's record for opening up spots on hospital rosters is pretty much entirely due to pilot error. That is pretty easily controlled by the passenger in GA; you can see the guy and how he handles the aircraft. Not so easy when the captain is a disembodied voice with only a last name.
You can't even be reasoned with. Most US Commercial pilots will have more hours just to begin flying commercial than most GA pilots will have in their lifetime.
-
Most US Commercial pilots will have more hours just to begin flying commercial than most GA pilots will have in their lifetime.
And yet they still do stupid stuff.
-
How often is security the prime consideration in systems development?
Security? Eh, I dunno. But the reliability and safety practices for engineering these sorts of systems are... thorough. Anal-retentiviely, frustratingly, expensively thorough.
A place I used to work at considered bidding on a project to harden some embedded software in a commercial aircraft. The testing requirements for that software were so high that we basically just said "forget it, there's no amount of money that makes it worth our while." IIRC, it was for some sort of ancillary passenger entertainment thing, not even related to the operation of the plane. Onboard wifi or something. The airline wanted to protect the software and the obvious solution of airgapping everything didn't satisfy them.
-
You can't even be reasoned with. Most US Commercial pilots will have more hours just to begin flying commercial than most GA pilots will have in their lifetime.
This.
And yet they still do stupid stuff.
Not nearfuckinglyoften as GA pilots.
-
And yet they still do stupid stuff.
You just keep going for fun, dontcha?
-
This.
Not nearfuckinglyoften as GA pilots.
I'd wager Boomhauer alone does more stupid *expletive deleted*it than the entirety of commercial aviation :-D
-
This sorta stuff
https://youtu.be/KwLzhQkueFg
-
I didn't know having a guv issued amateur radio license made one an aviation expert. Then again, to hear some of those bozos speak, they're masters of anything remotely technical. ;/
Chris
-
I grew up in AK, Dad was a pilot in CAP. You ain't seen stupid 'till you've seen "GA in AK during sheep season" stupid. I sleep on commercial airliners because I know it's one of the safest ways to travel ever invented.
-
Funny how crotchety people will get about technology in airplanes, but dont seem to have a problem with it in cars.
Speak for yourself. There's a reason why my newest vehicle is a 14-year old Jeep Cherokee.
-
I am sure if the vast majority of people only traveled on roads in buses, there would be fewer vehicle accidents also. Not a good comparison unless you want to talk about everyone with a driver's license flying including daily commutes and trips to the store.
-
I didn't know having a guv issued amateur radio license made one an aviation expert. Then again, to hear some of those bozos speak, they're masters of anything remotely technical. ;/
Chris
He's an expert on everything, didn't you know?
-
I am sure if the vast majority of people only traveled on roads in buses, there would be fewer vehicle accidents also. Not a good comparison unless you want to talk about everyone with a driver's license flying including daily commutes and trips to the store.
Not sure i follow. the statistics are generally laid out adjusted for usage in some way
-
I'd wager Boomhauer alone does more stupid *expletive deleted*it than the entirety of commercial aviation :-D
This sorta stuff
https://youtu.be/KwLzhQkueFg
Saying Boomhauer would shoot vertical video is going too far, dude. :P
-
I sleep on commercial airliners because I know it's one of the safest ways to travel ever invented.
So do I, but only because it's so boring.
I prefer to drive myself to wherever I need to go. That way, even if I fall asleep, it's not boring!
-
I sleep on commercial airliners
Me too.
-
I am sure if the vast majority of people only traveled on roads in buses, there would be fewer vehicle accidents also. Not a good comparison unless you want to talk about everyone with a driver's license flying including daily commutes and trips to the store.
I don't think that's a fair comparison either. I can't imagine that the collective of private pilots (minus those who fly corporate jets) fly anywhere near the collective number of miles nor hours that commercial aviation flies.
When comparing accidents per flight hour, commercial aviation blows away private aviation.
-
Me too.
Well NOW I won't.
-
Me too.
Very glad I had just put my water down before reading that.
Honestly, I sleep on airliners once we are in the air. I'm well aware the most dangerous times are landing and take-off.
I'm also well aware those are still safer than driving, but my logical brain still loses out the emotional on the illusion of control you have in a car.