A major vulnerability in a networking technology widely used in critical infrastructures such as spacecraft, aircraft, energy generation systems and industrial control systems was exposed by researchers at the University of Michigan and NASA.

It goes after a network protocol and hardware system called time-triggered ethernet, or TTE, which greatly reduces costs in high-risk settings by allowing mission-critical devices (like flight controls and life support systems) and less important devices (like passenger WiFi or data collection) to coexist on the same network hardware. This blend of devices on a single network arose as part of a push by many industries to reduce network costs and boost efficiency.

That coexistence has been considered safe for more than a decade, predicated on a design that prevented the two types of network traffic from interfering with one another. The team's attack, called PCspooF, was the first of its kind to break this isolation.

In one compelling demonstration, the team used real NASA hardware to recreate a planned Asteroid Redirection Test. The experimental setup controlled a simulated crewed capsule, specifically at the point in the mission when the capsule prepared to dock with a robotic spacecraft.

"We wanted to determine what the impact would be in a real system," said Baris Kasikci, the Morris Wellman Faculty Development Assistant Professor of Computer Science and Engineering. "If someone executed this attack in a real spaceflight mission, what would the damage be?"

With one small malicious device, the team was able to seamlessly introduce disruptive messages to the system, creating a cascading effect that ended in the capsule veering off course and missing its dock entirely.

Here's how it works: The attack emulates the network switches, which are high-stakes traffic controllers in TTE networks, by sending out fake synchronization messages. These messages are normally intended to keep network devices running on a shared schedule, allowing the most important devices to communicate quickly.

"Normally, no device besides a network switch is allowed to send this message, so in order to get the switch to forward our malicious message, we conducted electromagnetic interference into it over an Ethernet cable," said Andrew Loveless, U-M doctoral student in computer science and engineering and subject matter expert at the NASA Johnson Space Center.

That interference serves as an envelope for the fake synchronization message. The noise causes just enough of a gap in the switch's normal operation to allow the message to pass through. An easily concealed bit of circuitry on a malicious device, connected to the network via Ethernet, can inject these messages as many times as necessary to throw everything out of whack.

"Once the attack is underway, the TTE devices will start sporadically losing synchronization and reconnecting repeatedly," Loveless said.

This disruption will gradually lead to time-sensitive messages being dropped or delayed, causing systems to operate unpredictably and, at times, catastrophically. But the researchers explain how to prevent this attack, too.

Replacing copper Ethernet with fiber optic cables or installing optical isolators between switches and untrusted devices would eliminate the risk of electromagnetic interference, though this would come with cost and performance tradeoffs. Other options involve changes to the network layout, so that malicious synchronization messages can never access the same path taken by the legitimate ones.

"Some of these mitigations could be implemented very quickly and cheaply," Kasikci said.

The team disclosed their findings and proposed mitigations to major companies and organizations using TTE and to device manufacturers in 2021.

"Everyone has been highly receptive about adopting mitigations," Loveless said. "To our knowledge, there is not a current threat to anyone's safety because of this attack. We have been very encouraged by the response we have seen from industry and government."

Research Report:PCspooF: Compromising the Safety of Time-Triggered Etherne

Related Links
University of Michigan
Cyberwar - Internet Security News - Systems and Policy Issues

Tweet

Thanks for being here; We need your help. The Space Media Network continues to grow but revenues have never been harder to maintain. With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords. Our news coverage takes time and effort to publish 365 days a year. If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceMediaNetwork Contributor $5 Billed Once credit card or paypal		SpaceMediaNetwork Monthly Supporter $5 Billed Monthly paypal only

India fact-checkers face threats, jail in misinformation fight
Mumbai (AFP) Nov 16, 2022
Hunched over laptops in small office cubicles, a group of Indian fact-checkers is on the frontlines of a war against misinformation, braving online abuse and legal threats. India has the world's largest number of certified fact-checking organisations, but many feel outnumbered and outgunned in a country with hundreds of millions of internet users and a climate of growing religious intolerance, hate speech and declining press freedom. BOOM Live is among the organisations methodically debunking so ... read more