[constantcrying]

To be honest this is both unsurprising and IMO very irrelevant.

Spoofing a CAN or ARINC429 bus requires physical access. At that point an attacker has access to the physical systems of the plane, at which point the plane is compromised anyway. What he uses to take over the plane is essentially arbitrary and there is absolutely nothing that would give any protection.

[Vox_Leone]

>>Spoofing a CAN or ARINC429 bus requires physical access. At that point an attacker has access to the physical systems of the plane, at which point the plane is compromised anyway.

I gather a perp only has to access the right piece of equipment in any phase of the logistics.

These buses are employed mostly in the avionics industry, but they are also utilized in ground vehicles, weapons systems, and other commercial and military equipment industries.[1]

[1] https://www.logic-fruit.com/glossary/arinc-429-guide/

[numpad0]

That sounds like saying that one could potentially launch a nuke by walking into an operational nuclear submarine and pressing buttons in the right order.

[pixelfarmer]

> Spoofing a CAN or ARINC429 bus requires physical access.

I worked for ages in the automotive industry. Here is the thing: They don't have just one CAN bus, but multiple, connected via gateways that function both as message router and also firewall between these busses. At least that is the idea, the reality is ... commercial software development with all the issues that come with it (see various hacks where they broke through these gateways).

Someone posted a story as part of this subthread here, i.e. if a passenger is able to access an airplane bus and issue engine control commands that actually do something, the overall security setup is utterly broken. The infotainment units in the passenger cabin requiring access to some internal bus is actually ok, but issuing flight control commands from these should be (silently?) ignored, and this can only happen if you partition the busses via such gateways, for example.

Funnily enough, in this case it also helps safety, because you can be more relaxed about the overall (software) quality of these infotainment units (decomposition effect in safety systems).

[chinathrow]

Right, a simple wire cutter is more than enough once you have physical access to the avionics bay.

[lb1lf]

A wirecutter would presumably cause an issue which would manifest itself prior to takeoff.

Either that, or you must make your way into the bay while in flight with said wirecutters.

Now, a dongle quietly manipulating enough variables to make the plane uncontrollable in flight, on the other hand... (No idea if that is even possible given access to this bus, but I will read this paper with some interest tomorrow (As I fly AMS-EWR... :)

[AdamJacobMuller]

Manipulating actual flight controls is probably hard.

Manipulating sensors is probably comparably easy, and, if you can adjust the AOA sensors to make the plane think its in level flight while spoofing altitude data, you can probably manipulate the pilots (auto or not) into a CFIT.

It's happened on other flights where pilots became confused by conflicting information (AF447 and many others) so giving them consistently wrong data is going to cause a consistently bad output.

Anyway though I deeply agree that once you have physical access all bets are off. Sure, you can put a bug in which causes a complicated aircraft failure but you could also just put a time-delayed container of thermite or tannerite in the right place.

I'd be much more worried about a software update causing a major issue, either intentionally or even more likely and more worrying, accidentally ALA 737Max.

[constantcrying]

>Manipulating actual flight controls is probably hard.

Why? The flight sticks have an ADC, just control current/resistance there to get the desired digital values. Of course assuming fly by wire an symmetrical input on both sticks.

Probably far easier than manipulating the digital data downstream, which is subject to lots of checks.

[instagib]

There was a somewhat recent event of someone proving he could control an airplane from the passenger compartment. They went into the logs and he made minor course adjustments. They seized his equipment but it didn’t say he spent any time in jail.

https://www.cnn.com/2015/05/17/us/fbi-hacker-flight-computer...

[amelius]

Pretty easy to make a device that overvolts a bunch of cables after takeoff.

[BiteCode_dev]

With timer of 35 minutes.

[a3n]

I think it's better to take away options, rather than throw up your hands.

Just because someone can load up my car on a flat bed tow truck doesn't mean it's pointless for me to have locks on the doors and ignition.

[constantcrying]

>I think it's better to take away options, rather than throw up your hands.

No, wasting time, resources and money while increasing the inherent complexity and risk of a system to gain absolutely no benefit is a very bad idea.

>Just because someone can load up my car on a flat bed tow truck doesn't mean it's pointless for me to have locks on the doors and ignition.

Idiotic comparison, which makes me think you are just totally disingenuous. The point I made was that with the same amount of effort a plane is compromised, with or without a secure bus. This is fake security, it doesn't protect anything.

Just tell me an attack on the bus of an airplane which couldn't have just as easily been performed outside of the bus.

[henvic]

> Just tell me an attack on the bus of an airplane which couldn't have just as easily been performed outside of the bus.

Timed attacks on multiple aircrafts. Don't underestimate people with evil intentions...

[bilbo0s]

I was wondering why anyone would go through all that trouble if s/he already had that level of control of the plane?

Good to have someone more knowledgeable explain that I'm not necessarily crazy.

[Two4]

Imagine a scenario where a plane is carrying a person who is enemy to a certain nation state. A nation state who is not above, say, using umbrella air dart guns to poison their enemies with radioactive compounds - just to make it clear that we're solidly in the realm of using James Bond style bullshit to secure national interests in our particular scenario. If this nation state were to plant a device on the avionics bus that would spoof the airspeed readout and cause the pilot to nose up on takeoff before the plane has reached critical velocity, it would be very difficult to find this device in the aftermath of the fiery crash, and also very difficult to not blame this on a faulty sensor or pilot error. I say fiery, because there would likely be a full tank of fuel, further reducing survivability in this scenario. A scary thought.

[Veserv]

Maybe if it crashed in the ocean. If it crashed on land, then they would almost certainly find the device in the wreckage as in the Pan Am 103 bombing [1] where they found even scraps of disintegrated clothing in the suitcase carrying the bomb. The flight recorder would also almost certainly show the nonsensical inputs and outputs and the pilot confusion. And, unlike other industries, aviation does real root cause analysis to identify every factor involved in a crash so it would be exceedingly unlikely they would throw their hands up into the air and just blame the pilot or something as stupid like that.

The chances of a attack like this being undetectable are exceedingly low. You would likely need to compromise nearly every aspect of the plane to make sure you have suppressed every available cross-checking mechanism. Does not stop it from happening, but it would not, in any way, be some sort of magic assassin weapon.

[1] https://en.wikipedia.org/wiki/Pan_Am_Flight_103_bombing_inve...

[p_l]

A bit OT: The little remembered thing with Lockerbie is that they knew something was really weird before the debris hit the ground.

It wasn't the super deep check of the debris that pointed them to a bomb,it was a process that started with watching debris on primary radars fall away from a point where a moment before a transponder was squawking, it was finding the pressure spike on VCR and FDR, it was finding explicit explosion-affected parts, which guided which parts to reconstruct in 3D (very rare thing to do), and to finally find remains of the bomb itself.

[shiroiushi]

Depending on who the attacker is, the attack being undetectable might not matter. Russia has assassinated multiple people using polonium, and what was the response? Crickets. They could easily do the same thing to assassinate other people they don't like (along with plane-loads of other passengers), and the only result will be angry words and "condemnation".

[Zanfa]

I doubt those Russian assassinations were ever meant to be undetectable. Rather they were intentional spectacles, where there's no doubt in who was behind it. The goal is to make it obvious, but also deny it officially, while knowing that everybody knows they're lying, just to mock their opponents.

[shiroiushi]

Exactly. I can see them doing the exact same thing with an exploit like this. The point wouldn't be to be undetectable, but rather to be sure the assassination attempt will actually work as intended, and to cause a big spectacle (few things generate news headlines like big airplane crashes).

[mapt]

Both Poland and Iran have lost regionally inconvenient heads of state to crashes in fog.

I think there is concern there with undiagnosable crashes, but also a more pronounced concern with hijacking. If you have access to the plane you can just plant a bomb. With this you could capture the plane for hostage or turn it into a missile.

[Hypomixolydian]

In case of Polish crash, according to the official Polish government report, the Russian involvement is more than possible: https://www.smolenskcrashnews.com/pdf/2022-smolensk-crash-re...

[wil421]

Why wouldn’t you just mess with a mechanical component or simply murder someone without doing it while they are on an airplane?

Car bombings still happen sometimes but it’s much easier to just shoot someone or push them off a balcony.

[a3n]

Why wasn't Prigozhin killed on the ground?

[constantcrying]

Presumably because he was surrounded by troops reasonably loyal to him, making any assassination difficult.

That he was killed by manipulating the data bus seems entirely speculative and exceedingly unlikely. If you have that kind of access to the plane you can plant a bomb or if you just want to down the plane Russia has potent anti-air weapons which trivially can take down a sub sonic passenger jet.

[numpad0]

path of least resistance?

[constantcrying]

This can be accomplished just as easily by targeting the analog input for the actuators or the analog input of the stick. Or attack one of the other myriads safety critical systems outside of the bus.

[giantg2]

And... attacking manually gives more plausibility to it being an accident rather than having a dongle attached to the plane, or code potentially surviving on the system.

[PenguinCoder]

Sure, and hijacking the cockpit of a Plane also requires physical access...