Cyber vulnerability in networks used by spacecraft, aircraft and energy generation systems: 'We wanted to determine what the impact would be in a real system'

A new attack discovered by the University of Michigan and NASA exploits a trusted network technology to create unexpected and potentially catastrophic behavior.

“We wanted to determine what the impact would be in a real system,” said Baris Kasikci, the Morris Wellman Faculty Development Assistant Professor of Computer Science and Engineering. 

Researchers from the University of Michigan and NASA have exposed a significant vulnerability in a popular networking technology that is extensively employed in high-risk settings such as spacecraft, aircraft, energy generation systems and industrial control systems. The research team uncovered the vulnerability in the time-triggered ethernet (TTE) protocol and hardware system, which has been used for over a decade to minimize costs and enhance network efficiency by paving the way for mission-critical and less important devices to coexist on the same network hardware.

The researchers' attack, named PCspooF, is the first of its kind to break the isolation that has been assumed between mission-critical devices and less important devices. The attack can introduce disruptive messages into the system using a malicious device that is connected to the network via Ethernet. The attack emulates the network switches, which are the high-stakes traffic controllers in TTE networks, by sending out fake synchronization messages, causing systems to operate unpredictably and at times, catastrophically.

The researchers demonstrated the attack using NASA hardware, recreating a planned Asteroid Redirection Test. The setup controlled a simulated crewed capsule, which veered off course and missed its dock entirely due to the attack. The researchers explain that the attack can be prevented by replacing copper Ethernet with fiber optic cables or installing optical isolators between switches and untrusted devices. Alternatively, changes can be made to the network layout to prevent malicious synchronization messages from accessing the same path taken by legitimate ones.

The vulnerability has been disclosed to major companies and organizations using TTE and to device manufacturers. According to Andrew Loveless, a U-M doctoral student in computer science and engineering and subject matter expert at the NASA Johnson Space Center, everyone has been highly receptive to adopting mitigations. He added that to their knowledge, there is not a current threat to anyone's safety because of this attack. The research was supported in part by the NSF Graduate Research Fellowship.