Researchers at NASA and the University of Michigan have discovered a vulnerability that might at some point pose a threat to spacecraft. A hacker vulnerable to a spoofing attack might send fake sync messages by conducting electromagnetic interference through copper Ethernet cables in network switches, creating a “hole” in switch activity that allows fake data to pass through. As reported by engadget, TTE will lose sync and behave erratically over time.
The attack requires a small device to be placed on the network, so remote hacking is unlikely, but the consequences might be severe. Scientists tested the vulnerability using real NASA machines to recreate a planned asteroid redirection test. The use of the TTE produced such severe damaging effect that the crew capsule derailed and a critical landing procedure was lost.
There are minor, if not necessarily hassle-free, security measures. Vehicle designers can replace copper Ethernet with optical cables or put optical isolators between switches and devices, as long as they are willing to accept sacrifices in cost and performance. Change the network layout to prevent false sync messages from spreading. Follow the same path, although it may take some time.
NASA and the university confirm that there is currently no known threat. However, the method can also be used to defeat aircraft, power plants and industrial control systems that rely on TTE. In theory, a vandal with physical access might disrupt critical infrastructure in a way that might not be immediately apparent.
