Σύμφωνα με έγγραφα, ο Chris Roberts, ερευνητής ασφαλείας με τα Εργαστήρια One World,
αποκάλυψε σε πράκτορα του FBI ότι τον Φεβρουάριο είχε χακάρει το
σύστημα ψυχαγωγίας των επιβατών -αποκαλείται και IFE- και στην συνέχεια
έγραψε έναν κώδικα στο σύστημα διαχείρισης ώθησης του αεροσκάφους. Με
αυτόν τον τρόπο κατάφερε για μικρό χρονικό διάστημα να κάνει το
αεροπλάνο να γείρει προς μια πλευρά, ενώ εκείνος βρισκόταν στην καμπίνα
των επιβατών. Ακόμα χρησιμοποίησε το λογισμικό Vortex για να αποκτήσει
πρόσβαση για να ελέγξει την κίνηση από το σύστημα του πιλοτηρίου.
Ο
πράκτορας του FBI Mark Hurley συμπλήρωσε την αίτηση της έρευνας της
συγκεκριμένης υπόθεσης τον προηγούμενο μήνα, μετά την απομάκρυνση του
Roberts από μια πτήση της United Airlines.
Ο άντρας είχε προηγουμένως αναρτήσει στο Twitter ότι ίσως να είχε
καταφέρει να χακάρει το σύστημα του αεροπλάνου. Μετά από αυτό το
περιστατικό δύο πράκτορες του FBI και δύο αστυνομικοί της περιοχής τον
συνόδευσαν έξω από το αεροπλάνο και τον ανέκριναν για πολλές ώρες.
Ακόμα, κατάσχεσαν δύο λάπτοπ, πολλούς σκληρούς δίσκους και στικάκια USB.
Παρόλο που οι πράκτορες δεν είχαν ένταλμα έρευνας όταν κατάσχεσαν τα
αντικείμενα, εκείνοι είπαν στον Roberts πως το ένταλμα ήταν σε αναμονή.
Στο
σημείο αυτό να αναφέρουμε πως ο Roberts είχε μιλήσει στο παρελθόν στο
δίκτυο Wired, όπου είχε αποκαλύψει ότι είχε καταφέρει να κάνει ένα
αεροπλάνο να πάρει ύψος κατά την διάρκεια μιας δοκιμής σε ένα ψηφιακό
περιβάλλον που είχε δημιουργήσει αυτός μαζί με έναν συνάδελφό του. Τότε
είχε διαψεύσει το γεγονός ότι ίσως να είχε εμπλακεί στο σύστημα ενός
αεροπλάνου ενώ εκείνος ήταν επιβάτης, όμως είχε ομολογήσει ότι είχε
καταφέρει να χακάρει το σύστημα διαφόρων αεροσκαφών τουλάχιστον 15
φορές.
Το περιστατικό κατά το οποίο ο ίδιος άλλαξε την κλίση του
αεροπλάνου το ομολόγησε τελικά ο ίδιος στους πράκτορες του FBI. Πιο
αναλυτικά, τους είπε πως κατάφερε να βάλει μια κεραία ethernet σε ένα
από τα κουτιά SEB που βρίσκονται κάτω από θέσεις επιβατών και στη
συνέχεια χρησιμοποίησε προεπιλεγμένους κωδικούς στο λάπτοπ του ώστε να
εισβάλει στο σύστημα ψυχαγωγίας των επιβατών. Από εκεί κατάφερε να
αποκτήσει πρόσβαση σε άλλα συστήματα του αεροσκάφους.
Μετά από αυτές τις δηλώσεις, η κοινότητα των εργαζομένων που ερευνούν τα συστήματα ασφαλείας έχουν
μείνει άφωνοι. Παρόλο που ο Roberts δεν κατηγορείται ακόμα για κάποιο
έγκλημα και χωρίς να είναι ακόμα σίγουρο πως όντως το αεροσκάφος έγειρε
για λίγο στο πλάι, πολλοί συνάδελφοί του θεωρούν πως πρέπει να του
επιβληθεί κάποια ποινή.
Όταν τελικά το Wired επικοινώνησε μαζί του μετά την αποκάλυψη των εγγράφων, εκείνος δήλωσε:
«Εκείνη η παράγραφος είναι μια παράγραφος που προέκυψε μετά από πολλές συζητήσεις, επομένως υπάρχει περιεχόμενο που προφανώς λείπει και δεν μπορώ να μιλήσω γι' αυτό».
«Εκείνη η παράγραφος είναι μια παράγραφος που προέκυψε μετά από πολλές συζητήσεις, επομένως υπάρχει περιεχόμενο που προφανώς λείπει και δεν μπορώ να μιλήσω γι' αυτό».
Στο σημείο αυτό να αναφέρουμε πως η
εταιρεία στην οποία εργάζεται ο Roberts έχασε ένα σημαντικό επενδυτή, με
αποτέλεσμα να δημιουργηθούν οικονομικά προβλήματα.
Το πολυσυζητημένο Tweet που τον απομάκρυνε από την πτήση της United Airlines:
Feds Say That Banned Researcher Commandeered a Plane
A security researcher kicked off a United Airlines flight last month after tweeting about security vulnerabilities in its system had previously taken control of an airplane and caused it to briefly fly sideways, according to an application for a search warrant filed by an FBI agent.
Chris Roberts, a security researcher with One World Labs, told the
FBI agent during an interview in February that he had hacked the
in-flight entertainment system, or IFE, on an airplane and overwrote
code on the plane’s Thrust Management Computer while aboard the flight.
He was able to issue a climb command and make the plane briefly change
course, the document states.
“He stated that he thereby caused one of the airplane engines to
climb resulting in a lateral or sideways movement of the plane during
one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application
(.pdf). “He also stated that he used Vortex software after
comprising/exploiting or ‘hacking’ the airplane’s networks. He used the
software to monitor traffic from the cockpit system.”
Hurley filed the search warrant application last month after Roberts
was removed from a United Airlines flight from Chicago to Syracuse, New
York, because he published a facetious tweet suggesting he might hack
into the plane’s network. Upon landing in Syracuse, two FBI agents and
two local police officers escorted him from the plane and interrogated
him for several hours. They also seized two laptop computers and several
hard drives and USB sticks. Although the agents did not have a warrant
when they seized the devices, they told Roberts a warrant was pending.
A media outlet in Canada obtained the application for the warrant today and published it online.
The information outlined in the warrant application reveals a far more serious situation than Roberts has previously disclosed.
Roberts had previously told WIRED that he caused a plane to climb
during a simulated test on a virtual environment he and a colleague
created, but he insisted then that he had not interfered with the
operation of a plane while in flight.
He told WIRED that he did access in-flight networks about 15 times
during various flights but had not done anything beyond explore the
networks and observe data traffic crossing them. According to the FBI
affidavit, however, when he mentioned this to agents last February he
told them that he also had briefly commandeered a plane during one of
those flights.
He told the FBI that the period in which he accessed the in-flight
networks more than a dozen times occurred between 2011 and 2014. The
affidavit, however, does not indicate exactly which flight he allegedly
caused to turn to fly to the side.
He obtained physical access to the networks through the Seat
Electronic Box, or SEB. These are installed two to a row, on each side
of the aisle under passenger seats, on certain planes. After removing
the cover to the SEB by “wiggling and Squeezing the box,” Roberts told
agents he attached a Cat6 ethernet cable, with a modified connector, to
the box and to his laptop and then used default IDs and passwords to
gain access to the inflight entertainment system. Once on that network,
he was able to gain access to other systems on the planes.
Reaction in the security community to the new revelations in the
affidavit have been harsh. Although Roberts hasn’t been charged yet with
any crime, and there are questions about whether his actions really did
cause the plane to list to the side or he simply thought they did, a
number of security researchers have expressed shock that he attempted to
tamper with a plane during a flight.
“I find it really hard to believe but if that is the case he deserves
going to jail,” wrote Jaime Blasco, director of AlienVault Labs in a
tweet.
Alex Stamos, chief information security officer of Yahoo, wrote in a
tweet, “You cannot promote the (true) idea that security research
benefits humanity while defending research that endangered hundreds of
innocents.”
Roberts, reached by phone after the FBI document was made public,
told WIRED that he had already seen it last month but wasn’t expecting
it to go public today.
“My biggest concern is obviously with the multiple conversations that
I had with the authorities,” he said. “I’m obviously concerned those
were held behind closed doors and apparently they’re no longer behind
closed doors.”
Although he wouldn’t respond directly to questions about whether he
had hacked that previous flight mentioned in the affidavit, he said the
paragraph in the FBI document discussing this is out of context.
“That paragraph that’s in there is one paragraph out of a lot of
discussions, so there is context that is obviously missing which
obviously I can’t say anything about,” he said. “It would appear from
what I’ve seen that the federal guys took one paragraph out of a lot of
discussions and a lot of meetings and notes and just chose that one as
opposed to plenty of others.”
History of Researching Planes
Roberts began investigating aviation security about six years ago
after he and a research colleague got hold of publicly available flight
manuals and wiring diagrams for various planes. The documents showed how
inflight entertainment systems one some planes were connected to the
passenger satellite phone network, which included functions for
operating some cabin control systems. These systems were in turn
connected to the plane avionics systems. They built a test lab using
demo software obtained from infotainment vendors and others in order to
explore what they could to the networks.
In 2010, Roberts gave a presentation about hacking planes and cars at
the BSides security conference in Las Vegas. Another presentation
followed two years later. He also spoke directly to airplane
manufacturers about the problems with their systems. “We had
conversations with two main airplane builders as well as with two of the
top providers of infotainment systems and it never went anywhere,” he
told WIRED last month.
Last February, the FBI in Denver, where Roberts is based, requested a
meeting. They discussed his research for an hour, and returned a couple
weeks later for a discussion that lasted several more hours. They
wanted to know what was possible and what exactly he and his colleague
had done. Roberts disclosed that he and his colleague had sniffed the
data traffic on more than a dozen flights after connecting their laptops
to the infotainment networks.
“We researched further than that,” he told WIRED last month. “We were
within the fuel balancing system and the thrust control system. We
watched the packets and data going across the network to see where it
was going.”
Eventually, Roberts and his research partner determined that it would
take a convoluted set of hacks to seriously subvert an avionics system,
but they believed it could be done. He insisted to WIRED last month,
however, that they did not “mess around with that except on simulation
systems.” In simulations, for example, Roberts said they were able to
turn the engine controls from cruise to climb, “which definitely had the
desired effect on the system—the plane sped up and the nose of the
airplane went up.”
Today he would not respond to questions about the new allegations
from the FBI that he also messed with the systems during a real flight.
The Tweet Heard Round the World
Roberts never heard from the FBI again after that February visit. His
recent troubles began after he sent out a Tweet on April 15 while
aboard a United Airlines flight from Denver to Chicago. After news broke
about a report from the Government Accountability Office revealing that
passenger Wi-Fi networks on some Boeing and Airbus planes could allow
an attacker to gain access to avionics systems and commandeer a flight,
Roberts published a Tweet that said, “Find myself on a 737/800, lets see
Box-IFE-ICE-SATCOM,? Shall we start playing with EICAS messages? ‘PASS
OXYGEN ON’ Anyone?” He punctuated the tweet with a smiley face.
The tweet was meant as a sarcastic joke; a reference to how he had
tried for years to get Boeing and Airbus to heed warnings about security
issues with their passenger communications systems. His tweet about the
Engine Indicator Crew Alert System, or EICAS, was a reference to
research he’d done years ago on vulnerabilities in inflight infotainment
networks, vulnerabilities that could allow an attacker to access cabin
controls and deploy a plane’s oxygen masks.
In response to his tweet, someone else tweeted to him “…aaaaaand you’re in jail. :)”
Roberts responded with, “There IS a distinct possibility that the
course of action laid out above would land me in an orange suite [sic]
rather quickly :)”
When an employee with United Airlines’ Cyber Security Intelligence
Department became aware of the tweet, he contacted the FBI and told
agents that Roberts would be on a second flight going from Chicago to
Syracuse. Although the particular plane Roberts was on at the time the
agents seized him in New York was not equipped with an inflight
entertainment system like the kind he had previously told the FBI he had
hacked, the plane he had flown earlier from Denver to Chicago did have
the same system.
When an FBI agent later examined that Denver-to-Chicago plane after
it landed in another city the same day, he found that the SEBs under the
seats where Roberts had been sitting “showed signs of tampering,”
according to the affidavit. Roberts had been sitting in seat 3A and the
SEB under 2A, the seat in front of him, “was damaged.”
“The outer cover of the box was open approximately 1/2 inch and one
of the retaining screws was not seated and was exposed,” FBI Special
Agent Hurley wrote in his affidavit.
During the interrogation in Syracuse, Roberts told the agents that he
had not compromised the network on the United flight from Denver to
Chicago. He advised them, however, that he was carrying thumb drives
containing malware to compromise networks—malware that he told them was
“nasty.” Also on his laptop were schematics for the wiring systems of a
number of airplane models. All of this would be standard, however, for a
security researcher who conducts penetration-testing and research for a
living.
Nonetheless, based on all of the information that agents had gleaned
from their previous interview with Roberts in February as well as the
Tweets he’d sent out that day and the apparent signs of tampering on the
United flight, the FBI believed that Roberts “had the ability and the
willingness to use the equipment then with him to access or attempt to
access the IFE and possibly the flight control systems on any aircraft
equipped with an IFE systems, and that it would endanger public safety
to allow him to leave the Syracuse airport that evening with that
equipment.”
When asked by WIRED if he ever connected his laptop to the SEB on his
flight from Denver to Chicago, Roberts said, “Nope I did not. That I’m
happy to say and I’ll stand from the top of the tallest tower and yell
that one.”
He also questions the FBI’s assessment that the boxes showed signs of tampering.
“Those boxes are underneath the seats. How many people shove luggage
and all sorts of things under there?,” he said. “I’d be interested if
they looked at the boxes under all the other seats and if they looked
like they had been tampered. How many of them are broken and cracked or
have scuff marks? How many of those do the airlines replace because
people shove things under there?”
Regardless of whether the authorities have a case against him,
however, there has already been some fallout from the incident. Roberts
told WIRED that today investors on the board of directors of One World
Labs, a company he helped found, decided to withdraw their investments
in the company. As a result, One World Labs had to lay off about a dozen
employees today, half of its staff.
Roberts said there were other factors contributing to the board’s
decision but his legal situation “was probably the final straw.”
“The board has deemed it a risk. So that was one factor in many that
made their decision,” he said. “Their decision was not to fund the
organization any further.”
0 σχόλια:
Δημοσίευση σχολίου