Researchers from the University of Michigan, the University of Pennsylvania, and NASA have discovered a major security vulnerability in networking technology used in spacecraft, aircraft, power generation systems, and industrial control systems.
University news portal michigans mentioned (Opens in a new tab) The flaw harms a network protocol and hardware system known as time-shifted ethernet, or TTE.
This system allows mission-critical devices, such as life support systems, to coexist on the same network devices as less important devices, such as passenger Wi-Fi or data collection systems.
PCspooF
TTE has been considered secure for more than a decade, because two types of network traffic are never allowed to interfere with each other at the same time. End point. The researchers said it was originally created in an effort to lower network costs while improving efficiency.
However, researchers have now managed to break this barrier with an attack dubbed PCspooF, and have discussed it extensively as part of paper (Opens in a new tab) PCspooF: Compromising the Security of Time-Out Ethernet.
The team explained the glitch by using real NASA hardware to simulate an asteroid reorientation test, specifically the stage at which the capsule must dock with a spacecraft.
When the pod attempts to dock, the attack fuses vital and abiotic communications together, disrupting messages passing through the system and creating a cascading effect. Eventually, the capsule veered off course and missed the dock completely.
Baris Kasikci, Morris Wellman Assistant Professor of Faculty Development in Computer Science and Engineering, disclosed the risks. “If someone performs this attack on a real space flight mission, what’s the harm?”
However, in order to successfully carry out a PCSpooF attack, the attacker needs to plant a small malicious device on the network, which means that remote attacks are not possible.
Another good news is that the flaw can be fixed relatively easily by replacing the copper ethernet with fiber optic cables or installing optical isolators between switches and untrusted devices.
This would eliminate the risk of electromagnetic interference, although it would affect performance, according to the researchers.
