According to the researchers, vulnerabilities in network technology widely used in space and aircraft, if successfully exploited, could have catastrophic effects on these vital systems, including disrupting NASA missions.
a she studies Researchers from the University of Michigan and NASA published a description of the attack, which they dubbed “PCspooF,” and simulated it using NASA software and hardware components. Asteroid deflection test Orion capsule about to dock with robotic spacecraft.
Spoiler alert: PCspooF causes Orion to drift, completely lose dock, and float in (simulated) space.
There is a glitch in the technology Ethernet runtime (TTE), which the study authors describe as the “backbone of the network” for spacecraft, including NASA’s Orion capsule, the Lunar Gateway space station and ESA’s Ariane 6 launcher. TTE is also used in aircraft and power generation systems and is seen as a “leading competitor” to replace Standard Control Area Network and FlexRay communication protocols.
TTE allows time-critical (TT) network traffic – devices that send scheduled messages that are tightly synchronized on a predetermined schedule – to share the same keys with non-critical traffic, such as passenger Wi-Fi on airplanes.
Furthermore, TTE is compatible with the Ethernet standard, which is commonly used by these complex systems. TTE isolates time-sensitive traffic from “best effort” traffic: non-critical systems send their traffic messages at critical times. This type of design connects devices to a single network, allowing mission-critical systems to run on low-cost network hardware while preventing the two types of traffic from interfering with each other.
Break the barrier of isolation
PCspooF was, according to the researchers, the first attack to break this isolation.
At the highest level, the attack works by disabling a synchronization system called the Control Framework (PCF) protocol. These are the messages that enable devices at a common table and ensure they communicate quickly.
Researchers have determined that complex machines that don’t make the best effort can infer unique information about the time-inducing part of the network. The devices can then be used to generate malicious sync messages.
Thus, the better compromised voltage device can conduct electromagnetic interference to the transformer, sending spurious sync messages to other TTE devices.
“Normally, no device other than a network switch would be allowed to broadcast this message, so we did electromagnetic interference with an Ethernet cable to make the switch send our malicious message.” Description Andrew Lovelace is a computer science doctoral candidate and subject matter expert at NASA’s Johnson Space Center.
“Once the attack is over, TTE devices will periodically go out of sync and start reconnecting,” Lovelace said.
A successful attack could cause TTE devices to go out of sync for up to a second, causing “dozens” of triggered messages to fail to forward over time and cause critical systems to malfunction. ‘In the worst case, PCspooF causes these effects to all TTE devices in the network simultaneously,’ the researchers wrote.
After successfully testing the attack, the researchers exposed the vulnerabilities to organizations that use TTE, including NASA, ESA, Northrop Grumman Space Systems and Airbus Defense and Space. Building on the research, NASA is also rethinking how it tests and validates off-the-shelf commercial hardware. ®
