New flaw identified in aerospace networking tech

The Register reports that exploitation of the novel PCspooF flaw in Time-Triggered Ethernet technology commonly leveraged in aerospace systems could result in significant compromise. University of Michigan and NASA researchers conducted an Asteroid Redirection Test and discovered that the PCspooF attack has prompted NASA's Orion capsule to go off course. Attacks using the vulnerability, which was identified within TTE used by NASA for its Orion capsule and Lunar Gateway space station, as well as ESA's Ariane 6 launcher, were found to break the isolation barrier between time-triggered traffic and "best-effort" traffic through protocol control frame disruption. The study noted that private time-triggered network information could be collected by the best-effort devices to enable the delivery of malicious synchronization messages to other TTE devices through electromagnetic interference. "Normally, no device besides a network switch is allowed to send this message, so in order to get the switch to forward our malicious message, we conducted electromagnetic interference into it over an Ethernet cable," said researcher Andrew Loveless.