Leave the World Behind, or don’t

I watched Leave the World Behind on Netflix recently. I was intrigued as the trailers showed an oil tanker crashing on to a beach. It was implied that it had been hacked and someone had taken control of it.

Shipping security is something we know quite a bit about, having been asked to hack a large number of ships by their owners, to help improve their security.

I love a good movie, but dislike narratives that fuel irrational fears, particularly those that play on misleading tropes about transport cyber security. Planes, cars, and ships: Can they be hacked by foreign powers?

So, let’s analyse the three major transport hacking scenes in the movie.

Tesla pile-up

Of all three hacking concepts in the movie, this is perhaps the least implausible. Brand new Teslas crash into each other, blocking roads. It becomes a little more plausible because the vehicles are all on the same back-end platform, all have similar operating systems, similar connectivity, and have autonomous capability. This commonality of systems makes the attack more plausible. One hack to affect thousands of vehicles.

Whilst very challenging, given Tesla and most other auto manufacturers and their Tier 1 suppliers are really quite good at vehicle cyber security nowadays, a complete breach of Tesla themselves could lead to this style of incident

Having the vehicles crash into each other does require an additional layer of compromise though. The data that ADAS sensors provide to the autopilot software will need to be discarded for the vehicles to crash into each other.

We reverse engineered the software update process for the Tesla Model S a few years ago. You can read the post to get a flavour of how difficult pushing new software to a vehicle might be.

I believe that Tesla run their own telematics service platform (TSP), but a compromise of another brand may also require a breach of the TSP they use. We’ve written about telematics platform security here.

Beached tanker

The opening scenes of the movie include a tanker that crashes on to a beach. Law enforcement characters comment that similar incidents had happened up and down the coast with a reference to navigation systems.

This isn’t really plausible, but for reasons you might not expect.

We spend a lot of time researching maritime security and pen testing ships. Several of our team are ex ships engineers and bridge officers (officers of the watch) and we give talks at international conferences about the practicalities of hacking vessels.

Is it possible to hack a ship? Absolutely. Is it also possible to hack a lot of ships at once and have them all do similar things? Yes, it’s implausible though.

Why?

At its simplest, every ship is different. Even sister ships from the same yard are different. The systems will be different. Each ship’s network will be different. As ships age, they are refitted and networks are modified, intentionally or not. They become even more different.  Whilst there may be some commonality between satellite systems, and even similarities in connected bridge systems, more will be different than common between ships.

As a result, hacking a ship remotely over internet via satcoms is usually a one-off exercise. The path to compromise on vessel A is likely to be completely different to vessel B because its systems and network are different.

That creates a huge overhead for both us and attackers to research and carry out similar attacks on different vessels, as is suggested in the movie.

Then there’s the fatal flaw in the ship hacking concept. The weather is clear and fine, so the crew would simply take manual control of the engine and rudder. We’ve argued before that relying on taking manual control is a flawed backup strategy for the crew in a ship hacking incident, but that applies in busy shipping lanes. The scene in the movie would have given the crew ample time to take manual control.

Manual control of a vessel is achieved by heading to the steering gear space and manually taking control of the hydraulics that move the rudder. No hack can overcome that. Taking manual control of the propulsion can also be achieved using local controls. It’s stressful, draws upon a limited number of crew, and communications are awkward, but it can’t be hacked.

So, unless the crew were already dead (how?) then the tanker scene simply doesn’t work.

Airplane crash

This was the scene that frustrated me most and compelled me to write this article. Many of the travelling public are already nervous about flying. We don’t need unhelpful, misleading stories to further unsettle nervous flyers.

In the movie, a plane has clearly crash landed on the beach. A second plane crashes in the same location, again on a fine and clear day. It’s not clear if they are the same plane type or even the same airline.

We’ve done plenty of aviation security research and there’s nothing I know of that would cause a double crash in the same location. Let’s assume that GPS and navigational systems had been tampered with. That’s plausible and achievable. But it was a fine day, so pilots would have simply resorted to the ‘mark one eyeball’ to land.

Even if major airports were out of action and runways were blocked for whatever reason, there are an enormous number of smaller airports and landing strips that a short haul airliner could squeeze in to relatively safely in an emergency. Even if they overran the runway, it would be at a low speed, so the resulting crash would be survivable.

The movie references foreign state hackers. Could the plane systems have been hacked and taken over remotely? We have several renowned experts in aviation cyber security on the team here. We say ‘highly implausible.’ Airplane networks are incredibly carefully designed to segregate the ACD or aircraft control domain from other less trusted networks, such as the PIESD or passenger information and entertainment services domain.

Would a remote hack be possible?

In a word, no. It would require deep compromise of airplane manufacturers, the aircraft operators, their supply chains and more.

Even if autopilot software could be tampered with, pilots would still have control of the aircraft. Pilots are able to pull circuit breakers that isolate the power to systems that are causing issues. Fly by wire doesn’t mean that it can be hacked! TV shows that speculate around this space such as the Netflix MH370 documentary series aren’t based on fact.

Let’s finally speculate that a compromise of some systems on a plane was somehow possible. Even then, the pilots would very likely be able to ditch the flight in the sea near the coast in a survivable ‘landing’. Even when virtually nothing on a plane is working, skilled pilots have proved that planes can be landed. The ‘Miracle on the Hudson’ and Air Transat Flight 236 type incidents should remind us why we need pilots in planes – when everything else has gone sideways, their skills come to the fore.

Conclusion

So, to reassure you, the hacks in the movie don’t stack up at all. That doesn’t mean we should be complacent about cyber security, but as the traveling public, we don’t need to be paranoid!