Security News > 2022 > November > PCSpoof: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft

PCSpoof: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft
2022-11-15 16:33

A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft.

Dubbed PCspooF by a group of academics and researchers from the University of Michigan, the University of Pennsylvania, and the NASA Johnson Space Center, the technique is designed to break TTE's security guarantees and induce TTE devices to lose synchronization for up to a second, a behavior that can even lead to uncontrolled maneuvers in spaceflight missions and threaten crew safety.

TTE is one among the networking technologies that's part of what's called a mixed-criticality network wherein traffic with different timing and faults tolerance requirements coexist in the same physical network.

On top of that, while critical devices in the network are subjected to thorough vetting, the non-critical counterparts are not only commercial-off-the-shelf devices but also lack the same rigorous process, leading to possible avenues for supply chain compromises that could be weaponized to activate the attack by integrating a rogue third-party component into the system.

"In PCspooF, we uncovered a way for a malicious non-critical device to break this isolation guarantee in a TTE network," Baris Kasikci, an assistant professor in the electrical engineering and computer science department at the University of Michigan, told the publication.

Such an "Electrical noise" generation circuit can take up as little as 2.5cm 2.5cm on a single-layer printed circuit board, requiring only minimal power and which can be concealed in a best-effort device and integrated into a TTE system without raising any red flags.


News URL

https://thehackernews.com/2022/11/pcspoof-new-vulnerability-affects.html