Aardvark Daily

Please visit the sponsor!

Hacker or hypster?

Imagine if you could hack into the onboard systems of the International Space Station -- or take-over the controls of an international jet-liner, using little more than a laptop and some smart thinking.

Sounds impossible?

Well one hacker claims to have done both these things and, according to reports, even considered hijacking one of the Mars Rover craft.

Chris Roberts is the guy who has made these claims which, if true, must surely be rather worrying for those who design and implement such complex systems -- and those of us who are totally reliant on their smooth operation for our safety when traveling internationally.

Despite Robers' confessions, there are plenty in the industry who consider his claims to be little more than hype however.

Is it really possible to hack into an aircraft's vital flight-control and engine management systems from the network which services the in-flight entertainment consoles?

I would certainly hope that the only connection shared between "critical" systems and the entertainment network would be a common power bus. If there really was any form of data-flow between the two then they might as well put a revolving door between the passenger cabin and the cockpit because, from a security perspective, they would become one and the same.

When Roberts allegedly hacked into the ISS systems and altered the environmental control settings so as to change the internal temperature he arrogantly (but quite rightly) claimed that if they were "going to leave open shit that's not encrypted then it's their own silly fault".

Sadly, we no longer live in a world when you can leave the keys in your ignition whilst your car is parked in the driveway. Neither can you leave your doors unlocked or the windows open in your house while you're away at work. The same situation exists with every potentially accessible network -- lock it or lose it.

If, as he claims, Roberts was able to hack into the thrust management computer of a commercial airliner and issue commands that caused the airliner to climb and yaw then we should all be very, very concerned. If a whitehat can do it, a blackhat will already be trying to do the same -- with far more evil intent.

I would like to see all the aircraft manufacturers and airlines issue verified statements that their entertainment systems are not just firewalled but actually have no data connection to more critical systems on their craft. Until such time we ought to assume the worst.

Of course there is always the chance that this guy is just a hypster; trying to make a name for himself by way of bold and frightening claims without any substance.

Can we really afford to take that risk though?

I'm thinking that sooner or later (probably the former), all life-critical computer systems will require certification that proves there is at least a verified minimum of protection against hacking from an external source.

Biomed systems such as insulin pumps, pacemakers and other embedded devices have already been proven vulnerable to external hacking via RF links -- with potentially fatal implications and certainly the flight-management system of an airliner must also be a prime candidate for such certification.

Then, or course, there are the driverless cars which are predicted to fill our roads in the not-too-distant future -- if not the ECUs of many modern cars which control a raft of safety-critical systems such as suspension, brakes, airbags, etc.

Have we now reached the point where we must ensure every window is shut firm and every door locked in the world of an "internet of things"?

Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column

Rank This Aardvark Page

Change Font