NASA and University of Michigan researchers have found a security flaw that could pose a threat to spacecraft in the right (or rather, wrong) conditions. The team has discovered that time-triggered Ethernet (TTE), a feature that lets critical systems sit alongside minor ones on the same networking hardware, is vulnerable to a spoofing attack. An intruder can send fake sync messages by conducting electromagnetic interference through copper Ethernet cables into network switches, creating a “gap” in a switch’s activity that lets bogus data slide through. Over time, the TTE device will lose sync and behave erratically.
The attack requires placing a small device on the network, so remote breaches are unlikely. However, the consequences could be serious. The scientists tested the vulnerability using real NASA machinery to recreate a planned asteroid redirection test. In a simulation, the TTE exploit produced a knock-on effect severe enough that the crew capsule strayed from its course and missed a crucial docking procedure.
There are simple safeguards, if not necessarily problem-free. Vehicle designers could replace copper Ethernet with fiber optic cables or place optical isolators between switches and devices, so long as they’re willing to accept sacrifices in cost and performance. Engineers could also change the network layout to prevent fake sync messages from taking the same path as legitimate ones, although that will clearly take time.
NASA and the university stress that there’s no “current” known threat. However, the method could also be used to compromise aircraft, power plants and industrial control systems that rely on TTE. Theoretically, a saboteur with physical access could disrupt critical infrastructure in a way that might not be immediately obvious.