NASA and University of Michigan researchers discovered a security hole that could endanger spacecraft under the right (or incorrect) conditions. The team uncovered a vulnerability in time-triggered Ethernet (TTE), a feature that allows essential systems to coexist with small ones on the same networking hardware. An intruder can send bogus sync messages by sending electromagnetic interference through copper Ethernet cables into network switches, causing a “gap” in the activity of the switch and allowing bogus data to pass through. The TTE gadget will eventually lose sync and behave unpredictably.
The attack requires placing a small device on the network, so remote breaches are unlikely. However, the consequences could be serious. The scientists tested the vulnerability using real NASA machinery to recreate a planned asteroid redirection test. In a simulation, the TTE exploit produced a knock-on effect severe enough that the crew capsule strayed from its course and missed a crucial docking procedure.
There are simple safeguards, if not necessarily problem-free. Vehicle designers could replace copper Ethernet with fiber optic cables or place optical isolators between switches and devices, so long as they’re willing to accept sacrifices in cost and performance. Engineers could also change the network layout to prevent fake sync messages from taking the same path as legitimate ones, although that will clearly take time.
NASA and the university stress that there’s no “current” known threat. However, the method could also be used to compromise aircraft, power plants and industrial control systems that rely on TTE. Theoretically, a saboteur with physical access could disrupt critical infrastructure in a way that might not be immediately obvious.