Boeing 787 May Be Vulnerable to Hacker Attack 332
palegray.net writes "An article posted yesterday on Wired.com notes that 'Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.' They're already working on solutions to the problem - including placing more physical separation between aircraft networks and implementing more robust software-based firewalls."
Restriction on software during flight? (Score:5, Funny)
Re:Restriction on software during flight? (Score:4, Funny)
Re:Restriction on software during flight? (Score:5, Funny)
Bluetooth alert: New device detected, Boeing 787 Dreamliner, install?
Re: (Score:3, Insightful)
I don't get it... (Score:5, Insightful)
Re:I don't get it... (Score:4, Insightful)
Re:I don't get it... (Score:5, Informative)
The 787 is fly by wire, like most new aircraft designs. It's all computer controlled, not mechanical.
My guess is this [aviationtoday.com] - the "common core system" designed by Honeywell - has something to do with the various systems being connected. This is a system designed to simplify the airplane's various systems and reduce the number of separate systems (which means fewer failure points - usually a good thing in engineering). I do believe Boeing when they say that there are built-in separations and that the two systems are not completely tied together, but obviously it wasn't enough for the FAA. So they're fixing it. Nothing really all that unusual about a new airplane design; there are always various issues that need to be addressed before first flight.
Re:I don't get it... (Score:5, Insightful)
My guess is it has to do with controlling the actual system for the passenger use. Pilots gotta have access to the No Smoking sign switch for example. So without any real technical background in how these systems work, I'd say they were simply given a switch to turn access on or off etc, and that simply meant some sort of basic connection had to be issued between the cockpit systems and passenger entertainment systems.
The FAA report doesn't say exactly what the connection is between the systems, it just says there is a connection. My guess is it's the FAA over-hyping a situation, or someone else, to try and get these birds as safe as possible. Although I would agree that the passenger system should be as isolated as possible, and if control of these systems is needed, just run separate lines that link only to that system, even if it is basically pointless if the connection I assume it is really is that simple. I guess i welcome my first post to /. too after reading it for a year or so and keepin my thoughts to myself =D
Re:I don't get it... (Score:5, Insightful)
The pilots certainly do need access to some of the cabin systems, for the seatbelt sign, for example. They may also need to be able to turn the cabin network off altogether. But those switches should have no signal connection of any kind to the maintenance and monitoring/control systems. The two networks should be physically partititioned.
The way I read the article, there really are some connections between the networks (my guess is that it was simply cheaper or more convenient to link them), and the FAA's not happy with that state of affairs. I can't say I blame them.
Somehow I have a suspicion that someone will crack this sooner or later, and the TSA will react by banning use of laptops or something equally foolish, rather than addressing the more basic fact that the plane's systems have not been hardened appropriately (in this case, by being physically partitioned).
Re: (Score:3, Informative)
"Not completely connected" is a very strange phrase... either there's a connection between the two networks or there isn't. I don't know what it means to be connected at some points and not at others.
There could be a data diode between them. That would allow the passengers to see flight path and sensor statistics and hear the cabin radio, and allow the cabin lights and indicators to be controlled from the cockpit side without being physically isolated, but nothing on the cabin side could influence the cockpit side. They might also want to electrically isolate the two sides to block power surges from reaching the avionics (although they should already be hardened enough to handle that, because lightni
Re: (Score:3, Insightful)
Why does there have to be a "network" for this at all? What happened to a simple *switch*, *light bulbs*, and wires to connect them to the battery? It's reliable, works well, and cheap. And you don't have to worry about passengers hacking the jet through the seatbelt light.
Why are companies so obsessed with making things needlessly complicated these days? I'm a geek, and love computers. But there are som
Re: (Score:3, Insightful)
Uh, OK.
Re:I don't get it... (Score:5, Funny)
Uh, OK.
--- Welcome to Flight United Airlines 435 to Tokyo
--- Please read the safety card in the back of the seat on fron of you
<seat44G> HOW DOES THIS THING WORK?
<seat112A> LOL n00b !!!
<Pilot> Please fasten your seatbelts
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
Re:I don't get it... (Score:4, Insightful)
There, I've just done three hundred man-hours of six-figure-salary engineering... in 5 minutes. I'll wait by my mailbox for the check. Thanks!
Re: (Score:3, Insightful)
Because the cabin systems directly affect resource usage.
- An enterprising hijacker could use this to drain the available electrical energy and make operating the aircraft difficult to impossible
- A pilot needs to be able to shutdown systems in case of emergency (like, we only have 50% generator capacity becaus
Re: (Score:3, Insightful)
This way, the pilot has an quick and easy chance of turning everything off in an emergency and the layer separation between avionics and utilitiy systems is as good as it can be. No hacker and hijacker can then drain the
Re: (Score:3, Informative)
A little perspective (Score:5, Insightful)
This is not a "Windows vs Linux" thing. These are highly specialized data networks designed specifically for aircraft. The typical running life of a big jet is some 40 years or more - the idea of a consumer O/S such as Windows (or even Linux) being suitable for such a situation is simply stupid. Everything is coded in firmware, micro-processor based, with a likelyhood of actually crashing accidentally being somewhat less likely than getting struck by lightning on a sunny day while sitting in the cellar of your 4-story house.
Not bloody likely.
But, actual, malicious attack? Possible - and if there was *ANY* connection between the passenger data networks and the main control networks, that's an issue that must be addressed.
Most likely, the FAA found some part that was connected to both networks, that itself was not capable of actually transmitting data. But they're being car eful, as is their job, since lives are on the line.
Go FAA!
Smith's not Honeywell (Score:2)
The 787 common core system is designed by Smith's Areospace [aviationtoday.com], not Honeywell. Honeywell performed so badly on the 777 program that they were relegated to the 2nd tier. I have heard that their FMS is late for the 787 as well.
Re: (Score:2)
Re: (Score:2)
Re:So the military/industrial complex can pull 9/1 (Score:2)
The system worked.
The fact that not only did it never happen, but that we also heard about the plan, shows GOOD, GOOD things about our country.
Re:I don't get it... (Score:4, Insightful)
Re:I don't get it... (Score:4, Interesting)
Re: (Score:2)
Re: (Score:2)
Re:I don't get it... (Score:5, Funny)
Re: (Score:3, Funny)
-
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
Re:I don't get it... (Score:5, Funny)
Oh wait I got it, what if terrorist took over the cabin, but then a passenger(Justin Long) who is a master hacker controls the plane from his seat using his cell phone, and safely lands the plane but after he flipped it a few times so the terrorist would be knocked unconscious. Who has Bruckheimer's phone number I have an idea.
Re: (Score:2, Funny)
Now, maybe, if the cell phone is a iPhone... It may be plausible....
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
Re:I don't get it... (Score:4, Insightful)
(stupid NDA...)
Re:I don't get it... (Score:5, Funny)
Then I saw your sig and realized you must be a college student studying engineering/networking/compsci. Sorry I ever doubted you.
Re:I don't get it... (Score:5, Insightful)
Actually, we try pretty hard to make sure that when it does happen, it is an accident.
Re: (Score:3, Insightful)
[extreme sarcasm] Routers and switches have never had vulnerabilities before... I'm not worried at all!!![/e]
Please leave the mission-critical security analysis to the rest of us, okay NEWB?
Re:I don't get it... (Score:5, Interesting)
However, the system integrators are Boeing engineers at the manufacturing plant in Everett, WA. The decision to connect internal subnets to a live network would most likely be done at that level, by people who are not security minded, but have to make things as easy as possible for the people who buy these systems and have to use them, the airlines. The amount of users that have legitimate purposes for accessing these systems and communicating with them from the airline's network at the airport (another security risk) is very diverse. Many of which have to be assumed to be completely technologically illiterate.
This combined with the fact that everything is ALWAYS LATE, so its rushed rather than designed correct the first time, leaves a non-zero probability that the network can become compromised from an attack which exploits vulnerabilities in these machines segregating the plane's systems from the passenger systems. Odds are its either a common industrial partitioned operating system (fancy talk for sandboxes, which may or may not be escapable), or a common one like a licensed and modified embedded windows, or embedded linux or BSD, depending on the vendor.
I know for a fact though that some of those systems are embedded linux and advertised as such. What if one of those systems were designed on a 2.5 kernel? Impossible you say? There is a risk, dismissing it as FUD does not make it less of a risk.
Re:I don't get it... (Score:5, Interesting)
Reading the story, it seemed like they wanted the airplane's maintenance systems to communicate with ground crews over the Internet, as well the aircraft reporting status to the airline while in flight. Personally, I'm uncomfortable with any part of the aircraft's vital systems being on the Internet.
DHCP (Score:5, Funny)
Re:I don't get it... (Score:5, Funny)
Re: (Score:3, Interesting)
Why aren't both networks physically completely seperated from each other?
You want some kind of bridge from one to the other - lots of aircraft can show a whole range of flight data to passengers ("ooh, we've got a headwind over Greenland today! Guess we won't be early after all.") - but that should be strictly one-way. Which is probably the problem; there shouldn't be any way for anyone in the passenger cabin to issue instructions to the plane contrary to those from the flight deck, but I bet they found they couldn't prove it...
Act of Faith (Score:3, Insightful)
"Sure, Boeing's spent a decade designing this plane with thousands of engineers, but I read a short Slashdot story summary and now I'm going to decree I know more than them!"
The only totally secure network (Score:5, Interesting)
Yeah, WTF!? (Score:5, Interesting)
I recall reading about MS stuffing their software into cars (that probably evolved into Ford's SYNC) and even there the MS crap and the engine management systems were completely separate.
Re: (Score:2)
Accessing current position/altitude/velocity/flight direction/weather information/outboard camera images from the flight entertainment system (not sure that's a "good" reason, but it's a reason...).
On the plus side, no passenger has to install flight simulator programs on his/her laptop anymore when he or she can just as well use the real thing.
Re: (Score:2)
But it would make more sense if the FAA could just take over the planes controls from the ground.
Re: (Score:3, Informative)
... is one that's physically isolated.
I work in ATC and I have to say it is difficult to do that in a totally thorough way. For example your flight control system might need information on the flight plans being used by the aircraft. These might be generated off line by a variety of people using different sources of information. You don't want type that stuff in again to get it into the aircraft so you might have some kind of interface for doing that. The interface will be made deliberately crude, and thus less subject to the transmission of
Two seperate networks (Score:4, Informative)
Re:Two seperate networks (Score:5, Interesting)
Re: (Score:2, Insightful)
I am a Military Avionics Technician and I must admit that I find this report confusing.
The only thing that is being suggested is that the passenger system could corrupt the flight systems which I find unlikely - it's chalk and cheese with regard to how these systems communicate. The only way I can see a problem is if one of the Avionic bus controllers is swamped by requests from one of the passenger systems.
I know this isn't a military design but surely the flight systems such as flight management and nav
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Interesting)
I'm not an avionics engineer - however, even in a small hotel I service, we keep the guest network and the hotel/admin network seperate. The only common hardware is the AC power and the modem that has a /28 assigned to it.
Yes, but you are competent.
Re: (Score:2)
Which means that if a customer in his room hacks the modem, he has access to your admin network.
No doubt this is the problem with Boeing's system. The radio is on the safety network but there's a gateway attached to both the safety and passenger networks that rebroadcasts the radio traffic so the passengers can listen in. If devices on the passenger network can send packets to that gateway then it is a potential point of br
WHAT?!? (Score:2, Interesting)
And now this? What does that mean? I won't be able to board a plane with my laptop again, that's what that means. And who can I blame? The frightened Homeland Security officers who try to no end to sani
Re: (Score:3, Informative)
Re: (Score:2)
Where your flying car is... (Score:3, Funny)
GEORGE: When are they gonna have the flying cars, already?
JERRY: Yeah, they have been promising that for a while..
GEORGE: Years. When we were kids, they made it seem like it was right around the corner.
JERRY: I think Ed Begley Jr. has one.
GEORGE: No. That's just electric.
JERRY: What about Harrison Ford? He had one in, uh, Blade Runner. That was a cool one.
GEORGE: (Sarcastic) What's the competition, Chitty Chitty Bang Bang?
JERRY: Well, what do you think the big holdup is?
GE
Re: (Score:2)
Madness (Score:2, Insightful)
who cares? (Score:5, Insightful)
Madness, and probably a violation of safety regs (Score:4, Insightful)
My thought is that some asshole at boeing decided to save some money on cable runs and ginned up an explanation of how software segregation would serve as an adequate barrier between flight critical systems and passenger systems. They never learn.
Re:Madness, and probably a violation of safety reg (Score:2, Insightful)
While I completely agree, designers are always under pressure to reduce the amount of wiring looms - they add a surptising amount of weight thereby decreasing fuel economy.
Re: (Score:3, Insightful)
Re: (Score:2)
Doesn't say how the networks are connected.... (Score:3, Insightful)
Re: (Score:2)
I seriously doubt they put the passenger internet access on the same packet-switched network as flight control.
One thing which might happen is that they will have (say) five networks for carrying their critical data. They design them to be independent, run them along different paths etc. Then they say you know, there is this other network which is used to carry the sat phones or something, wouldn't it be good if we could use that as a kind of ultimate fallback? So then you have a dependency on a network which is used for something else. Not really an important dependency because you don't intend to rely on it. But
Someone should get fired for this (Score:3, Insightful)
The control and navigation system of an airplane is one of the most critical networks possible; the lives of hundreds of passengers (and potentially of thousands of people on the ground) depend on its correct functioning. There are not many more critical networks than that, except maybe control systems for weapons, nuclear plants and some factory control systems.
Even the worst sysadmin out there knows that you do not physically connect such a highly sensitive, highly critical network to something crappy like the in-flight passenger entertainment network.
Why should the two networks should be connected at all? To tell the passengers the current speed of the plane?
The XBox was hacked. The playstation was hacked. DVDs were hacked. HD-DVD was hacked. Pretty much anything out there was hacked if someone had an interest in it (and mostly the interest wasn't commercial, just "for fun"). Even if they do aren't "completely connected" as Boeing claims, the danger of it being hacked is very real. On one hand you are not allowed to use your mobile phone on a plane, and on the other you can play with a network which is attached to the navigation and control system? Come on.
Re: (Score:2)
Actually you can scratch nuclear plants off that list. While it is perhaps possible to imagine compromised software to result in damage to a nuclear plant ( and even that is a stretch since operators could still shut it down by cutting the power to electromagnetically suspended controll rods ), it is extremely unlikely to result in harm to humans, since even a meltdo
Re: (Score:2)
What's worse... (Score:2)
What is worse is that after 7+ hours on a transatlantic flight just about anything will look interesting.
Re: (Score:2)
If you meant that in an 'out of a cannon' sense, then I'd agree. But there's a weakness at the FAA as well. I checked the FAA doc linked from TFA (the cryptome.org mirror, actually), and found this:
"Because of this new passenger connectivity, the proposed
data network design and integration may result in security
vulnerabilities from intentio
The best firewall (Score:2)
Re: (Score:2)
rj
Pilots access to Internet (Score:4, Funny)
Re: (Score:2)
Aviation software (Score:5, Informative)
The concern is that a separate network of maintenance and some limited flight information data share the same up/down links as the passenger network. The FAA notice is to demonstrate to the FAA that there can be no interference between the maintenance and flight information data and the passenger network.
Even if the maintenance and flight information data were compromised, at worst this would mean that the operating history of the aircraft is not accurate. This is a big deal but not something that will lead to in flight failure.
An additional requirement of the FAA notice is to prohibit future passenger services without testing for interference and security.
Source on Partition Requirements (Score:2)
[[WARNING!!! PDF!!]]
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The Equipment in Question (Score:4, Informative)
With 2 of those in the cockpit, one for pilot, one for copilot, each running 2 Operating Systems Linux/Windows, and all networked together since each box has 6 network interfaces on it. The thing would be a field day for hackers. While they were designing it a bunch of the consultants helping with the coding were ranting about possible security, but were ignored.
I can't go into specifics because of my NDA, but considering it was 4 years ago I worked on it, I doubt that is still in force. Though I believe I can say I worked on it, and that information is all publicly available.
Incredible. (Score:2)
Re: (Score:2)
I just saw a trailer for "Untraceable". What really bothered me was the voice-over saying that the things in there were really possible.
I'm willing to go along with a lot for the sake of a story, such as believing in the Tron de-rezzing machine, or that any hacker in the world looks like Sandra Bullock.
Just don't go scare-mongering like that, or I'll have to sic my velociraptors on you.
It's not UNSAFE it's uncompliant to CFR 14 regs (Score:5, Informative)
Like any other IT security audit - compliance doesn't mean security it means compliance. And in the cases where there are deviations from the standard, the system has to be able to speak to that deviation and address it or contest it.
Re: (Score:2)
Do even need hackers? the on-board entertainment.. (Score:2)
http://blogs.csoonline.com/node/151 [csoonline.com]
http://it.slashdot.org/article.pl?sid=07/02/20/2231228 [slashdot.org]
http://www.gregladen.com/wordpress/?p=1134 [gregladen.com]
Doesn't this make Boeing sound stupid? (Score:2, Interesting)
The choice quotes to me were the article's quote that the solution involves some separation of networks, known as 'air gaps', and software firewalls. And the choice quote straight from the spokewoman from Boeing: "There are places where the networks are not touching, and there are places where they are".
OK, so what
Hi There ... (Score:4, Funny)
Or, for a more unix-y flavour...
# cat
Cylons! (Score:2)
Oh my God they did it... (Score:3, Interesting)
So there definitely was some notion already back then to tie the passenger networking into the same system as the fly-by-wire. Needless to say, the group (including yours truly, an undergraduate college student) responded with disbelief, and until today I thought they would have scrapped that idea ten times over before ever getting close to an aircraft. Apparently that optimistic view was totally wrong.
(Note: it is possible to have *one-way* airgap security, which would provide, say, navigation information to the passenger network while physically eliminating the possibility of interference in the other direction. All it takes is one-way communications hardware. Needless to say, it's pretty obvious from the vagueness that they're not doing that -- they would have stated so in no uncertain terms.)
Re: (Score:3, Insightful)
If that worries you, then I look into Airbus - at least Boeing beleives the pilot should always have the last say, not the computer [ncl.ac.uk]
Re: (Score:3, Informative)
Actually the reason why Airbus uses computers so extensively is that computers know better what the airplane can take and can't take in a any given situation. The problem with airplanes, especially big jets and super jumbos is that they are very delicate and very fragile machines, and if you do something with them, that goes over their capacity, then you will have with very high probability plane coming down. Like in example American Airlines Flight 587 [wikipedia.org] that came down because the pilot made too aggressive i
Re: (Score:3, Informative)
The world's most popular short/medium range airliner, the Boeing 737, has control cables (and hydraulic boost). It's entirely possible to control a 737 with no electricity and no hydraulics (only the rudder won't function).
All those little regional jets like the CRJ and ERJ are all cable controlled. The DC9 series (DC9, MD80, Boeing 717) don't even have hydraulic boost, it's pure old fashioned steel cable. Every bizjet you might meet - steel cables (or hyd