Aerosec: Cracking the Comms in Commercial Crafts
One of the things that I love about research it that I'm always learning about new projects in my field. I am always interested in finding new applications for my skills, and looking for ways to learn new skills in areas that are relevant to my overall research interests. This project was one of those that was presented to me. It sounded interesting, but I wasn't totally sure what I was getting in to.
This project is an ongoing collaboration between UIUC and UCSD with the goal of finding vulnerabilities in key airplane computing systems, proving the concept works in simulations, and then showing that those concepts also work in hardware. I joined the project after airplane computer emulators were used to show firmware vulnerabilities, and we were in the process of trying to show that these vulnerabilities existed in real hardware. I was given the code that took advantage of a vulnerability in update procedures to extract firmware. Having never worked with this kind of low level code before, or ever done anything with firmware extraction, understanding this code and making the necessary changes to make it work on the actual hardware was quite a challenge for me. It was made more challenging by the fact that it had been awhile since the author of the code had worked on it, and he was located in a different state, so he could never look directly at the same reactions from the hardware that I was.
This was the first project where I felt the payoff of long hours in the lab where I wasn't sure I was making progress. It took a lot of self-motivation to schedule time for myself in the lab, alone, and try again and again to make the code run, debug the errors, and analyze the output to see why we weren't getting the results we expected.
It took several months, but I eventually was able to get the firmware extracted, and send it on to our team to reverse engineer. After accomplishing this goal, the next steps of the project had lots of people already working on them, and I was ready to take a step back and focus on other projects.
What I appreciate most about this project was the experience it's given me in the gritty details of debugging low level code, reverse engineering, and stepping in on the middle of projects spread across many institutions. It gave me the skills to put together information from weekly meetings that talked about different parts of the project to slowly build a full understanding of the goals and progress on the project.
I am excited to see the progress that this project has made over the last few months. I've seen some very interesting commercial partnerships develop. I've learned a lot about hardware emulators, and I've learned a lot about working with teammates across the country. I hope that I find ways to make my skills useful as the project continues, and if my existing skills aren't applicable, I look forward to learning new skills.