Say “Cyber” again—Ars cringes through CSI: Cyber

Share this…

CBS endangered cyber-procedural: Plane hacking! Software defined radio! White noise! OMG!. There are lots of cringeworthy technology moments on television, especially when the words “hacking” and “cyber” are introduced into the plot. But of all the broadcast and cable networks, CBS is the biggest purveyor of techno-idiocy, proving again and again that none of the producers behind its stable of pseudo-procedural dramas has a clue about how anything on that crazy thing called the Internet works. NCIS set the benchmark with its two-people-on-one-keyboard-to-out-hack-a-hackerscene, but then the network doubled down and launched CSI:Cyber, which returned last night.

The future of Cyber is currently in doubt. CBS has pulled its timeslot to make room for a midseason replacement, so there may well be only a few more opportunities for the latest CSI franchise to cyber-scare network viewers with plots loosely based on something producers read about on Yahoo Answers. OK, to be fair, Cyber‘s writers are at least occasionally inspired by actual vulnerabilities that have been ripped from the headlines. It’s just often these headlines are several years old.

Throughout its run thus far, the show has offered hat-tips to real security researchers. An episode late last year involved a “jackpotting” hack of ATMs at “Barnaby Bank,” named for a security researcher who demonstrated that vulnerability—Barnaby Jack. Jack would afterward serve as director of embedded device security research at IOActive until his death in 2013. But the road to entertainment hell is paved with good intentions.

With the realization we might only have a few more months around Orbital HQ watercoolers with CSI: Cyber, we decided it would be a good idea for me to check in on the show formally. We considered doing so live, but from the very moment last night’s episode started, it was clear there was going to be no way to keep up with the technological errors in real-time—almost everything was wrong (and I’m not even counting the hoverboard product placement and throwaway Emmitt Smith cameo). Frankly, it just got worse and worse as the show rolled toward its howler of a conclusion.

Sunday’s episode, entitled “404:Flight Not Found,” opens with a plane over North Carolina losing contact with the FAA’s Washington control center during bad weather. Suddenly to the control center, it now appears that at least 50 different flights are headed in various directions before disappearing entirely. Of course, someone breached the flight plan system and submitted an “unsigned” flight plan into the aircraft. This action is what pushed the original flight in question out over the sea as it flies from Tampa to Providence.

All of this is the work of a cyber-assassin, who we learn has:

  • Hacked into the plane’s flight controls through the aircraft’s in-flight entertainment system.
  • Carried aboard an electronic jamming device that blocks all of the aircraft’s communications except for its in-flight entertainment system.
  • Had someone deploy a weather balloon with a software-defined radio that spoofs the plane’s transponder signals over and over, reporting false GPS data back to the FAA’s network.

“Every plane in the sky is vulnerable”

Moments after the plane has been cloned 50 times over then disappears, FBI Cyber Division chief Avery Ryan (Patricia Arquette) and her totally old-school-not-cyber FBI agent sidekick Elijah Mundo (James van der Beek) are at the FAA’s Washington center. There’s been an intrusion! “Someone assigned Flight 272 an unauthenticated flight plan right before take-off,” random FAA supervisor #1 tells Ryan. “The pilot couldn’t have known.”

Ryan replies that the hacker “may have a backdoor into the NAS (National Airspace System)” and “every plane in the sky could be vulnerable.” The reference is to the FAA’s NextGen air traffic control system, which sends re-routing information to planes in the sky to help them avoid bad weather.

The thing is, a flight plan uploaded right before takeoff would not have come from the FAA’s system. This system sends course adjustments to planes already in the air. Pre-flight plans get loaded by the airlines. In recent memory, there have been at least two cases of bad flight plans being pushed to planes by hacks of airlines’ networks. These real life hacks resulted in massive flight cancellations—not pilots flying 300 miles off-course and into a holding pattern over open ocean for the length of aCSI episode.

(We’ll also ignore the obvious aviation issues of the story. It’s a two hour and forty minute flight from Tampa to Providence, and the plane is 737-sized, but hey, it’s certainly carrying enough fuel to suspend disbelief and keep the plane in the air for what seems like an eternity, right?)

Meanwhile, former black hat hacker turned FBI asset Brody Nelson (played by “Lil Bow Wow” Shad Moss) is challenging former Cowboys running back Emmitt Smith to a race while he’s mounted on a “self-balancing scooter.” Nelson and fellow hacker/resident wunderkind neckbeard Daniel Krumitz (Charlie Koontz) end their strange interlude with the NFL legend when they are summoned by Mundo to the FAA flight center to help figure out where the plane went.

“It’s a Cyber-Hijacking!”

“It’s like Malaysia Air all over again!” Nelson exclaims as he looks at the FAA’s computers inside what CBS believes an FAA data center would look like. Wunderkind neckbeard Krumitz declares that the problem isn’t in the network—something has spoofed the GPS signals of the airplane. As such, all the phantom planes were reported by “a single GPS device” he declares. He taps a few keys to triangulate the last location of the GPS device’s signal and gets a location on the ground in North Carolina. “That elevation’s low—too low.”

Naturally, there’s no plane there. Krumitz and FBI Agent Dude Mundo are now stumbling through a meadow somewhere near Wilmington, North Carolina in the dark, where they find a huge mylar balloon wrapped around a tree. They take it back to the Cyber Batcave to analyze it, discovering that it’s an inflatable antenna connected to [dramatic music] a software defined radio.

“He’s a clever bastard,” Krumitz says. “He’s taking advantage of air traffic control’s reliance on GPS to monitor planes.”

“ADS-B, it’s the latest and greatest in air traffic surveillance,” Mundo gasps. Krumitz declares that the Automatic Dependent Surveillance-Broadcast (ADS-B) was designed “for convenience, and not security” and that it has a “massive vulnerability” that leaves it open to “spoofing.”

This is based at least partially on actual reports. In 2012, Brad “RenderMan” Haines did a demonstration of ADS-B spoofing at DefCon, showing that he could create a fake “aircraft” transmitting position data to the FAA’s network (under laboratory conditions) by feeding it data from a flight simulator. However, the FAA asserts that they have multiple ways of authenticating ADS-B signals.

Back in CSI-land, Mundo puts the pieces together. “This isn’t just a missing plane—this is a cyber-hijacking.”

Fortunately, Baltimore-based cyber security enthusiast Artie Sneed (played by Marcus Giamatti) shows up to be hassled by FBI headquarters security for altering his visitor credentials from his last reoccurring appearance (that one where the hospital was hacked from the beginning of this season). He bumps into and falls in love instantly with Ryan, who has once again bent the laws of physics to make it back to DC. Evidently, Sneed convinces her to let him be the episode’s deus ex machina generator. In a blink, he has created a mock-up of an airliner inside the FBI cyber operations center with police tape and a collection of circuit boards and antennae.

Enlarge / Let’s simulate an airplane with crime scene tape and some Arduinos!

Artie explains how a simple signal jammer wouldn’t have the strength from within the aircraft to jam all the signals. The engines would be out of range, and they send data wirelessly back to the manufacturer, he says.

(By this point, if this were a drinking game, I would have passed out. The engine diagnostic data from airliners is generally sent out over a satellite connection—not from some radio built directly into the engines. There’s no time to linger on this fact as it gets worse.)

Artie wheels in a box with a mass of antennas and electronics in it. He says it’s a “white noise generator” and turns it on—instantly taking everything in the operations center offline. The FBI relies exclusively on Wi-Fi these days.

Meanwhile, the rest of the Cyber Crew are looking up every passenger on social media. They pinpoint an attractive Chinese woman, identified as being in the US on a student visa, as having no social media footprint whatsoever. She’s immediately a suspect. Obviously, this woman turns out to be a hacker-assassin working for the Chinese “Triad” underworld. A federal marshal confirms that she must be targeting a teenage girl aboard the plane with her volleyball team—the girl witnessed a murder and is now in the witness protection program.

The team next reviews video of airport security. They realize the co-pilot has an insulin pump! And the white noise generator can jam it, causing a potentially fatal dose!  (Not really.) The hacker is sneaking on the white noise generator disguised as a respirator!

Luckily, with the aid of a security researcher from Baltimore and some major deus ex machina moments, the FBI Cyber Division saves the day. The flight lands safely, and the assassin is calmly arrested. Just how they arrive at such a happy ending? The Baltimore white hat told the FBI that the flight crew had to unplug the aircraft’s flight computer as it was in a steep dive initiated by the cyber-assassin. This information was relayed to the pilot by flashing light message from a fighter jet. (Maybe this would have been “more realistic” if they sent the message with a laser pointer.)

With that sort of realism, it’s hard to believe that CSI: Cyber isn’t getting picked up for another season. Set your DVRs while you still can.

Source:https://arstechnica.com/