Published Date: 2015-05-15
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident involving the security researcher hacking into a plane's in-flight entertainment system and causing it to veer slightly off course happened between 2011 and 2014 [Article 36227]. 2. The incident where the security researcher was removed from a United Airlines flight and detained by the FBI after tweeting about hacking the plane's inflight entertainment system occurred in April 2015 [Article 36230]. |
| System | 1. In-flight entertainment system (IFE) on certain aircraft models [Article 36227, Article 36230] 2. Thrust Management Computer on an aircraft [Article 36227, Article 36230] 3. Satellite communication system (SATCOM) on aircraft [Article 36230] |
| Responsible Organization | 1. Chris Roberts, a security researcher, was responsible for causing the software failure incident by allegedly hacking into the in-flight entertainment system and potentially manipulating the aircraft's systems [Article 36227, Article 36275]. 2. The Government Accountability Office (GAO) report highlighted the vulnerability of commercial planes to having their onboard computers hacked, raising concerns about the security of aircraft systems [Article 36239]. |
| Impacted Organization | 1. Airlines - The software failure incident impacted airlines as the FBI and TSA issued an alert to airlines advising them to be vigilant about potential hacking vulnerabilities in passenger Wi-Fi networks [35817]. 2. One World Labs - The software failure incident impacted One World Labs, a security intelligence firm, as the FBI investigated Chris Roberts, a security researcher associated with the company, for allegedly hacking into a plane's systems [36272, 36227, 36275, 36230]. 3. Passengers - The software failure incident potentially impacted passengers as there were concerns raised about the security vulnerabilities in in-flight entertainment systems that could be exploited by hackers [36239, 36275, 36230]. |
| Software Causes | 1. The software cause of the failure incident was related to vulnerabilities in the in-flight entertainment systems (IFE) on certain aircraft models, which allowed a security researcher to access and manipulate the systems [36227, 36230]. 2. The failure incident involved the exploitation of vulnerabilities in the IFE systems by physically accessing the Seat Electronic Box (SEB) beneath passenger seats and using default IDs and passwords to gain unauthorized access to the systems [36227]. 3. The failure incident also involved potential hacking attempts to access the avionics system through the IFE system, although experts and Boeing representatives suggested that such manipulation of critical systems from the IFE was technically impossible due to design safeguards and restrictions [36230]. 4. The failure incident highlighted concerns about the security of aircraft systems, including the potential for unauthorized access to critical components like the Thrust Management Computer, which could impact the operation of the plane [36230]. |
| Non-software Causes | 1. Physical tampering with the Seat Electronic Box (SEB) beneath passenger seats to gain access to the in-flight entertainment system and other systems on the planes [36227]. 2. Unauthorized connection of a Cat6 ethernet cable with a modified connector to the SEB and laptop to access the inflight entertainment system [36227]. 3. Use of default IDs and passwords to gain access to the inflight entertainment system [36227]. 4. Potential manipulation of the Thrust Management Computer by overwriting code while aboard a flight [36227]. 5. Attempted access to the avionics system through the inflight entertainment system [36230]. |
| Impacts | 1. The software failure incident involving the alleged hacking of a plane's systems by a security researcher, Chris Roberts, led to his detainment by the FBI, seizure of his computer equipment, and being prevented from boarding another United Airlines flight [36272]. 2. The incident caused a significant backlash in the security community, with initial outrage directed at the FBI for their handling of the situation shifting to criticism towards Roberts for potentially putting passengers at risk by attempting to hack into a plane's network while in flight [36230]. 3. The FBI investigation into Roberts' claims and actions resulted in the publication of a search warrant application that detailed Roberts' alleged actions of accessing the in-flight entertainment system and the Thrust Management Computer of an aircraft, potentially causing the plane to veer off course [36275]. 4. The incident raised concerns about the vulnerabilities of commercial planes to cyber attacks, as highlighted in a Government Accountability Office report that stated hundreds of planes could be remotely taken over through their onboard computers via the passenger Wi-Fi network or even by someone on the ground [36239]. 5. The software failure incident led to investors withdrawing their funding from One World Labs, the company co-founded by Roberts, resulting in layoffs and financial difficulties for the organization [36227]. |
| Preventions | 1. Properly isolating critical systems from non-critical systems on the aircraft to prevent unauthorized access and manipulation [36230]. 2. Implementing secure communication protocols and access controls within the aircraft's systems to prevent unauthorized connections and commands [36230]. 3. Conducting thorough security assessments and penetration testing of in-flight entertainment systems to identify and address vulnerabilities [36230]. 4. Ensuring strict adherence to industry standards and regulations for aviation system security to mitigate potential risks [36230]. |
| Fixes | 1. Properly implementing and enforcing software firewalls to separate the Wi-Fi networks from critical systems on airplanes, as suggested by the GAO report [Article 36239]. 2. Enhancing certification of aircraft avionics by the FAA to address vulnerabilities and remove threats to commercial aviation, as recommended in the GAO report [Article 36239]. 3. Ensuring strict programming and testing of avionics systems to reject unauthorized communication attempts from non-critical systems like in-flight entertainment systems, as explained by aviation experts [Article 36230]. | References | 1. FBI and TSA [Article 35817] 2. Chris Roberts [Article 35817, Article 36272, Article 36227, Article 36275, Article 36230] 3. Government Accountability Office (GAO) [Article 36239] 4. Boeing [Article 36275, Article 36230] 5. Airbus [Article 36275] 6. Security researchers and experts in the security community [Article 36230] 7. Electronic Frontier Foundation [Article 36275] 8. Airlines Electronic Engineering Committee's Aircraft Data Networks Working Group [Article 36230] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | multiple_organization | (a) In the articles, there is no specific mention of a software failure incident happening again within the same organization or with its products and services. (b) The articles discuss the case of security researcher Chris Roberts who claimed to have hacked into airplane systems multiple times, including in-flight entertainment systems, and even allegedly caused a plane to veer off course by issuing a climb command to an engine [36227]. The incident raised concerns about the vulnerabilities in airplane systems and the potential risks associated with hacking into critical systems on aircraft. The FBI investigated Roberts' claims and the aviation industry's response to such security threats [36275]. The incident highlighted the potential risks associated with cybersecurity vulnerabilities in commercial airplanes, as reported by the Government Accountability Office [36239]. The articles also delve into the technical aspects of the alleged hacking incident and provide insights from experts in the aviation industry regarding the feasibility of such actions and the security measures in place to prevent unauthorized access to critical systems [36230]. |
| Phase (Design/Operation) | design, operation | (a) In the articles, there are indications of a software failure incident related to the design phase. The incident involves a security researcher, Chris Roberts, who claimed to have hacked into in-flight entertainment systems aboard aircraft and even overwrote code on the plane's Thrust Management Computer while aboard a flight, causing the plane to veer off course [Article 36227]. Roberts accessed the systems through vulnerabilities in the in-flight entertainment systems made by Panasonic and Thales, indicating a failure related to the design and security of these systems [Article 36230]. (b) Additionally, there are aspects of a software failure incident related to the operation phase. The incident involves the FBI investigating Roberts for allegedly hacking into airplane systems during flights, including accessing the in-flight entertainment system and potentially the avionics system [Article 36230]. Roberts accessed the systems by physically connecting to the Seat Electronic Box beneath passenger seats, indicating a failure related to the operation or misuse of the system during flights [Article 36227]. |
| Boundary (Internal/External) | within_system, outside_system | (a) within_system: - The software failure incident involving the hacking of airplane systems by security researcher Chris Roberts was primarily due to vulnerabilities within the in-flight entertainment (IFE) systems on certain planes [36227]. - Chris Roberts accessed the IFE systems on airplanes by physically connecting to the Seat Electronic Box (SEB) beneath passenger seats and exploiting default IDs and passwords to gain access to the IFE system [36227]. - Roberts claimed to have overwritten code on the airplane's Thrust Management Computer through the IFE system, enabling him to issue a climb command and cause a lateral or sideways movement of the plane during a flight [36227]. - The FBI affidavit indicated that Roberts accessed the avionics system through the IFE system, but experts like Peter Lemme and David Soucie stated that the avionics and IFE systems are typically isolated and have one-way data communication only, making it unlikely for Roberts to manipulate the aircraft's controls through the IFE system [36230]. (b) outside_system: - The software failure incident was also influenced by external factors such as the vulnerabilities in the airplane systems themselves, which allowed Roberts to exploit the IFE systems and potentially access other critical systems on the planes [36230]. - The Government Accountability Office (GAO) report highlighted the vulnerability of commercial planes to having their onboard computers hacked through the passenger Wi-Fi network or even by someone on the ground, indicating external threats to the system security [36239]. - The FBI investigation into Roberts' claims of hacking airplane systems was triggered by his tweets about potentially hacking the plane's systems, indicating external scrutiny and response to the reported incident [36275]. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: - The software failure incident in the articles is primarily related to potential vulnerabilities in airplane systems that could be exploited by hackers. The incident involves a security researcher, Chris Roberts, who claimed to have accessed in-flight entertainment systems aboard aircraft and even overwritten code on the airplane's Thrust Management Computer while onboard, causing lateral or sideways movement of the plane [Article 36227]. - The Government Accountability Office (GAO) report highlighted that commercial planes could be vulnerable to having their onboard computers hacked and remotely taken over through the passenger Wi-Fi network or even by someone on the ground [Article 36239]. (b) The software failure incident occurring due to human actions: - Chris Roberts, the security researcher, admitted to hacking into in-flight entertainment systems aboard aircraft multiple times between 2011 and 2014, and even claimed to have caused a plane to veer off course by issuing a climb command through the Thrust Management Computer [Article 36230]. - The FBI affidavit mentioned that Roberts exploited/gained access to the in-flight entertainment system and overwrote code on the Thrust Management Computer, causing the engine to climb and resulting in a lateral or sideways movement of the plane during one of the flights [Article 36230]. |
| Dimension (Hardware/Software) | hardware, software | (a) The software failure incident occurring due to hardware: - The incident involving the security researcher, Chris Roberts, hacking into airplane systems and allegedly causing a plane to veer off course was related to hardware vulnerabilities. Roberts accessed the in-flight entertainment system through physical access to the Seat Electronic Box (SEB) beneath passenger seats, where he connected his laptop to the system using an ethernet cable [36227]. - The FBI affidavit mentioned Roberts exploiting vulnerabilities in the in-flight entertainment systems made by Panasonic and Thales, which are hardware components installed in the planes. Roberts accessed the Thrust Management Computer by physically accessing the SEB and connecting his laptop to the system [36230]. (b) The software failure incident occurring due to software: - The incident involving Chris Roberts hacking into airplane systems and allegedly causing a plane to veer off course was also related to software vulnerabilities. Roberts used Vortex software after compromising the airplane's networks to monitor traffic from the cockpit system, indicating a software-based intrusion [36227]. - The FBI affidavit mentioned Roberts overwriting code on the airplane's Thrust Management Computer while aboard a flight, issuing a climb command, and causing the plane to move laterally. This manipulation of the airplane's systems was done through software exploits [36230]. |
| Objective (Malicious/Non-malicious) | malicious | (a) In the articles, the software failure incident can be categorized as malicious. Chris Roberts, a security researcher, claimed to have hacked into airplane systems during flights, including accessing the in-flight entertainment system and even the Thrust Management Computer, which controls engine power. He allegedly issued commands that caused the plane to move laterally or sideways during a flight [36227]. The FBI investigated Roberts for these claims, and he was detained and questioned by authorities [36272]. The incident raised concerns about the potential vulnerabilities in airplane systems that could be exploited by hackers, leading to serious safety risks [36239]. (b) Additionally, the software failure incident can be seen as non-malicious. Some experts and sources, including Boeing representatives and independent aviation experts, have cast doubt on the technical feasibility of Roberts' claims. They stated that the design of airplane systems, such as the avionics and in-flight entertainment systems, includes safeguards and isolation mechanisms to prevent unauthorized access and manipulation of critical functions [36230]. Boeing emphasized that their systems are designed to be secure and isolated from potential threats, with strict standards and safeguards in place to ensure safe airplane operations [36230]. |
| Intent (Poor/Accidental Decisions) | unknown | (a) The intent of the software failure incident: - The incident involving security researcher Chris Roberts hacking into airplane systems was not due to accidental decisions but rather intentional actions taken by Roberts to explore vulnerabilities in the in-flight entertainment systems and potentially access other critical systems on the planes [36227]. - Roberts admitted to accessing in-flight networks multiple times and even connecting to the Seat Electronic Box beneath passenger seats to observe data traffic and uncover vulnerabilities [36227]. - Roberts' actions were intentional as he had been researching aviation security for years and had discussions with airplane manufacturers about vulnerabilities in their systems [36227]. - The FBI affidavit indicated that Roberts claimed to have accessed the Thrust Management Computer on an airplane and issued a climb command, causing a lateral movement of the plane, which was a deliberate action [36230]. - Despite some doubts and conflicting statements, the overall narrative suggests that the software failure incident was driven by intentional actions taken by Roberts to explore and potentially exploit vulnerabilities in airplane systems [36227, 36230]. |
| Capability (Incompetence/Accidental) | development_incompetence | (a) The software failure incident occurring due to development incompetence: - The incident involving the hacking of a plane's systems by a security researcher, Chris Roberts, was attributed to his actions of exploiting vulnerabilities in the in-flight entertainment system and accessing the Thrust Management Computer, causing the plane to veer off course [Article 36230]. - Roberts accessed the in-flight entertainment system through physical access to the Seat Electronic Box (SEB) beneath passenger seats and used default IDs and passwords to gain access to the system [Article 36230]. - Roberts claimed to have identified vulnerabilities in the in-flight entertainment systems of specific aircraft models, such as Boeing 737-800, 737-900, 757-200, and Airbus A320 [Article 36230]. (b) The software failure incident occurring accidentally: - The incident involving Chris Roberts hacking into a plane's systems was initially perceived as a joke, but it escalated when the FBI investigated his claims and detained him after a United Airlines flight [Article 36275]. - Roberts denied specific allegations of hacking the United flight but admitted to infiltrating in-flight networks around 15 times for observation purposes [Article 36275]. - The FBI affidavit highlighted Roberts' actions of accessing the in-flight entertainment system and the Thrust Management Computer, but there were doubts raised by experts about the technical feasibility of his claims [Article 36230]. |
| Duration | temporary | The software failure incident described in the articles can be categorized as a temporary failure. Chris Roberts, a security researcher, claimed to have hacked into in-flight entertainment systems aboard aircraft multiple times between 2011 and 2014, including accessing the Thrust Management Computer and issuing a climb command to an engine, causing a lateral movement of the plane during one of the flights [Article 36227]. However, there are doubts and technical explanations provided by experts that suggest it would be technically impossible for Roberts to have manipulated the aircraft systems as he claimed [Article 36230]. Boeing, for example, stated that their entertainment systems are isolated from flight and navigation systems, and there are strict safeguards in place to prevent unauthorized access to critical systems [Article 36230]. Additionally, the FBI affidavit filed to obtain a search warrant for Roberts' computers highlighted his claims of hacking into the in-flight entertainment system and the Thrust Management Computer, but there are discrepancies and skepticism regarding the feasibility of his actions [Article 36230]. The incident sparked debates within the security community about the veracity of Roberts' claims and the potential risks associated with unauthorized access to aircraft systems [Article 36230]. |
| Behaviour | crash, omission, other | (a) crash: The articles describe a scenario where a security researcher, Chris Roberts, claimed to have hacked into an airplane's systems, specifically the Thrust Management Computer, and issued a "climb command" which caused one of the airplane engines to climb, resulting in a lateral or sideways movement of the plane during a flight. This incident can be considered a crash as the system lost control and performed unintended functions [36230]. (b) omission: The articles mention that Chris Roberts accessed in-flight entertainment systems on multiple flights by physically accessing the Seat Electronic Box (SEB) beneath passenger seats and connecting his laptop to the system. He used default IDs and passwords to gain access to the IFE system but claimed to have only explored the networks and observed data traffic without taking any further actions. This can be seen as an omission where the system omitted to perform its intended functions at instances where unauthorized access was gained [36227]. (c) timing: There is no specific instance mentioned in the articles where the software failure incident was related to timing issues. (d) value: The articles do not provide information about the software failure incident being related to the system performing its intended functions incorrectly. (e) byzantine: The behavior of the software failure incident does not align with a byzantine failure scenario as described in the articles. (f) other: The other behavior observed in the software failure incident is related to unauthorized access and potential tampering with the airplane's systems by a security researcher, Chris Roberts. This behavior involves exploiting vulnerabilities in the in-flight entertainment systems and attempting to access critical components of the aircraft's systems, which can be considered as unauthorized and potentially dangerous actions [36227, 36230]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | actuator, processing_unit, network_communication, embedded_software | (a) sensor: Failure due to contributing factors introduced by sensor error - The articles do not specifically mention a sensor error as a contributing factor to the software failure incident. (b) actuator: Failure due to contributing factors introduced by actuator error - The incident involved a security researcher who claimed to have hacked into the in-flight entertainment system and the Thrust Management Computer of an airplane, which could potentially lead to actuator errors [36230]. (c) processing_unit: Failure due to contributing factors introduced by processing error - The security researcher accessed the in-flight entertainment system and the Thrust Management Computer by exploiting vulnerabilities in the Seat Electronic Box and using a Cat6 ethernet cable, indicating potential processing errors [36230]. (d) network_communication: Failure due to contributing factors introduced by network communication error - The incident involved accessing the airplane's networks through the in-flight entertainment system and potentially the satellite communication system, which could involve network communication errors [36230]. (e) embedded_software: Failure due to contributing factors introduced by embedded software error - The security researcher exploited vulnerabilities in the in-flight entertainment system's software to gain access to the Thrust Management Computer, suggesting potential embedded software errors [36230]. |
| Communication | link_level, connectivity_level | [a36230] The failure was related to the communication layer of the cyber physical system. The security researcher accessed the inflight entertainment system (IFE) aboard an aircraft and obtained access to the Thrust Management Computer (TMC) by exploiting vulnerabilities in the IFE system. He overwrote code on the TMC and issued a "climb command," causing one of the airplane engines to climb, resulting in a lateral or sideways movement of the plane during one of the flights. The researcher used Vortex software after compromising the airplane's networks to monitor traffic from the cockpit system. The connection between the avionics system and the IFE system was accessed through the Seat Electronic Box (SEB) installed beneath passenger seats, allowing physical access to the networks. However, experts and Boeing representatives have stated that the claims made by the researcher are technically impossible, as the avionics systems are designed with strict standards and safeguards to prevent unauthorized access and manipulation of critical functions. |
| Application | TRUE | The failure incident reported in the articles was related to the application layer of the cyber physical system. Chris Roberts, a security researcher, claimed to have hacked into in-flight entertainment systems aboard aircraft and even overwrote code on the plane's Thrust Management Computer while aboard a flight, causing the plane to veer off course [Article 36227]. Roberts accessed the inflight entertainment system through the Seat Electronic Box (SEB) installed beneath passenger seats, where he attached a cable to his laptop and used default IDs and passwords to gain access to the system [Article 36230]. Despite Roberts' claims, experts like David Soucie and Peter Lemme stated that it was technically impossible for Roberts to manipulate the plane's engine thrust or avionics system through the in-flight entertainment system [Article 36230]. Boeing also emphasized that their entertainment systems are isolated from flight and navigation systems, with multiple security measures in place to ensure safe airplane operations [Article 36230]. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | non-human, theoretical_consequence, other | (a) death: There were no reports of people losing their lives due to the software failure incident described in the articles. (b) harm: The software failure incident did not result in physical harm to individuals. (c) basic: The software failure incident did not impact people's access to food or shelter. (d) property: The software failure incident did not result in the loss of material goods, money, or data for individuals. (e) delay: The software failure incident did not cause people to postpone any activities. (f) non-human: The software failure incident involved potential impacts on airplane systems, such as the in-flight entertainment and avionics systems. (g) no_consequence: The articles did not mention any real observed consequences of the software failure incident. (h) theoretical_consequence: The articles discussed theoretical consequences of the software failure incident, such as the potential for a hacker to gain access to airplane systems and control navigational functions. (i) other: The software failure incident led to investigations by the FBI and TSA, as well as the grounding of the security researcher involved in the incident. |
| Domain | transportation, finance, other | (a) The failed system was related to the transportation industry, specifically affecting passenger planes and their onboard networks [35817, 36272, 36227, 36239, 36275, 36230]. (h) The incident also had implications for the finance industry, as it involved a security researcher hacking into a plane's systems, potentially impacting the safety and security of flights [36230]. (m) The incident could be categorized under the "other" industry as it involved the security and cybersecurity sector, with a focus on vulnerabilities in airplane networks and potential risks associated with hacking into critical systems [36230]. |
Article ID: 35817
Article ID: 36272
Article ID: 36227
Article ID: 36239
Article ID: 36275
Article ID: 36230