Boeing 787 May Be Vulnerable to Hacker Attack

palegray.net writes "An article posted yesterday on Wired.com notes that 'Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.' They're already working on solutions to the problem - including placing more physical separation between aircraft networks and implementing more robust software-based firewalls."

The only totally secure network

[Iphtashu Fitz]

... is one that's physically isolated. I can't think of one good reason why passengers should have any access whatsoever to command/control networks used by the airplane.

Re:I don't get it...

[__aaclcg7560]

Maybe because their network designer has a civilian background instead of a military background?

WHAT?!?

[koh]

Nowadays you cannot get on a plane carrying any kind of gel or liquid. Hell, you there are places where you can't even get on board with a lighter. However, I've always been able to travel with my laptop (don't want "luggage management" to break it), provided that I prove it's a real laptop (i.e. turn it on).

And now this? What does that mean? I won't be able to board a plane with my laptop again, that's what that means. And who can I blame? The frightened Homeland Security officers who try to no end to sanitize flights with the Stupid Fear Of The Month, of the inept engineers who let that security flaw slip into production on a flying aircraft?

And where's my flying car?

Re:Two seperate networks

[Ethanol-fueled]

Note: IAAFMAT(I am a former military avionics technician) and I ask, "why the hell did that happen?" The flight control subsystems should share only a power bus with the non-critical subsystems(if even that). My tinfoil-hat theory is that the control system was made to be hackable so that the government could take control of a hijacked aircraft to prevent another 9/11 (or to cause another 9/11, depending on your point of view).

Yeah, WTF!?

[mobby_6kl]

What kind of an idiot would put the flight control systems and the on-board entertainment/voip/net/pr0n on the same physical network? Were they trying to save weight/money by running only one cable through the plane?
I recall reading about MS stuffing their software into cars (that probably evolved into Ford's SYNC) and even there the MS crap and the engine management systems were completely separate.

Re:I don't get it...

[pchan-]

Modern cars have two or more control networks. The class-1 network controls things vital to the car operation and safety such as the anti-lock brakes, air bags, and steering. The class-2 network(s) are for things such as rolling down your windows, controlling your CD changer, and turning on your headlights. NOTHING is allowed on the class-1 net without rigorous validation. If your satellite radio module goes bad, it won't stop you from being able to safely control your vehicle. And these are just control networks, they are not allowing hundreds of users to bring in their personal computers and an Internet connection.

Reading the story, it seemed like they wanted the airplane's maintenance systems to communicate with ground crews over the Internet, as well the aircraft reporting status to the airline while in flight. Personally, I'm uncomfortable with any part of the aircraft's vital systems being on the Internet.

Re:Two seperate networks

[canuck57]

I'm not an avionics engineer - however, even in a small hotel I service, we keep the guest network and the hotel/admin network seperate. The only common hardware is the AC power and the modem that has a /28 assigned to it.

Yes, but you are competent.

Re:I don't get it...

[jamstar7]

More like, the 12 year old kid with his pocket videogame accidently hacking the network while playing a flight sim game and doing some stunt flying with the plane. Can you say ''ooppss!'?

Doesn't this make Boeing sound stupid?

[Anonymous Coward]

Is it just me, or does this make Boeing (or at least this spokeswoman in the article) sound like a real grade A moron?

          The choice quotes to me were the article's quote that the solution involves some separation of networks, known as 'air gaps', and software firewalls. And the choice quote straight from the spokewoman from Boeing: "There are places where the networks are not touching, and there are places where they are".

          OK, so what, having the networks only connected at some points should reassure me somehow? It only takes a single interconnection to have these logically be a single network as far as hacking into it is concerned. I'm also DEEPLY troubled by the statement about using a software firewall. (Any firewall is really some box running software; the term "software firewall" typically implies a windows box running software.. which would be deeply troubling.) It is also troubling to me that they are even willing to imply that adding air gaps at *SOME* points amounts to anything. Sorry, saying a network has an air gap means that it is NOT connected to insecure networks.. not that it's connected at fewer points. (Although, I suppose they cold be confusing things, adding air gaps in the electrical sense, so an etherkiller on the entertainment network doesn't blow out the control network.)

Re:I don't get it...

[dkf]

Why aren't both networks physically completely seperated from each other?

You want some kind of bridge from one to the other - lots of aircraft can show a whole range of flight data to passengers ("ooh, we've got a headwind over Greenland today! Guess we won't be early after all.") - but that should be strictly one-way. Which is probably the problem; there shouldn't be any way for anyone in the passenger cabin to issue instructions to the plane contrary to those from the flight deck, but I bet they found they couldn't prove it...

Re:ARINC 653

[VE3MTM]

ARINC 653? Um, no. 653 is an operating system interface specification, analogous to POSIX in the consumer market. It says nothing about interconnect mechanisms.

Oh my God they did it...

[hpa]

Back in college, 15 years ago now, I was hanging out on one of the networking Usenet groups when someone asked whether or not laptops supported Token Ring. The answer, from many sources, was that you could get PCMCIA cards for them (built-in networking wasn't common in that era), but that they would be much more expensive than Ethernet. We got the response that the original poster was an engineer with Boeing, he was researching passenger networking, and "we can't use Ethernet because it is not real-time enough for fly by wire." (The fly-by-wire system of the 777 is indeed based on Token Ring; since then the aviation industry has developed a spec fly-by-wire-capable Ethernet which the 787 uses.)

So there definitely was some notion already back then to tie the passenger networking into the same system as the fly-by-wire. Needless to say, the group (including yours truly, an undergraduate college student) responded with disbelief, and until today I thought they would have scrapped that idea ten times over before ever getting close to an aircraft. Apparently that optimistic view was totally wrong.

(Note: it is possible to have *one-way* airgap security, which would provide, say, navigation information to the passenger network while physically eliminating the possibility of interference in the other direction. All it takes is one-way communications hardware. Needless to say, it's pretty obvious from the vagueness that they're not doing that -- they would have stated so in no uncertain terms.)

Re:I don't get it...

[nonsequitor]

The article is not FUD, I don't know where you worked, but having worked on embedded systems for several planes, this one included, though indirectly since I ended up writing about 1/3 of the code base for the electronic flight bag for the 777, which is being used in the 787. I've also worked on systems for the new A380, all at various companies which Boeing and or EADS subcontract to for the various widgets that make up a plane.

However, the system integrators are Boeing engineers at the manufacturing plant in Everett, WA. The decision to connect internal subnets to a live network would most likely be done at that level, by people who are not security minded, but have to make things as easy as possible for the people who buy these systems and have to use them, the airlines. The amount of users that have legitimate purposes for accessing these systems and communicating with them from the airline's network at the airport (another security risk) is very diverse. Many of which have to be assumed to be completely technologically illiterate.

This combined with the fact that everything is ALWAYS LATE, so its rushed rather than designed correct the first time, leaves a non-zero probability that the network can become compromised from an attack which exploits vulnerabilities in these machines segregating the plane's systems from the passenger systems. Odds are its either a common industrial partitioned operating system (fancy talk for sandboxes, which may or may not be escapable), or a common one like a licensed and modified embedded windows, or embedded linux or BSD, depending on the vendor.

I know for a fact though that some of those systems are embedded linux and advertised as such. What if one of those systems were designed on a 2.5 kernel? Impossible you say? There is a risk, dismissing it as FUD does not make it less of a risk.

Re:A little perspective

[stickystyle]

I wouldn't discount the idea of boeing using some COTS operating system, that always cheaper.
Lest us not forget the USS Yorktown [wired.com]

Re:I don't get it...

[rtb61]

Now that is a complete furphy. Data flow network can be completely separate from a control system. If hardware can only detect an single increase in power that is all that it is capable of, it can not magically mystically accept digital data transmission. For a laptop if you connect it to a power point even when it is possible to send digital transmission down that power cable there is no way in hell that laptop will be able to accept that signal unless the transformer in the laptop has additional specific hardware to accept and decode that signal.

As for that earlier post that having more systems connected means fewer failure points that is a lie it mores more failure points not less in the system and it is harder to discover the actuall failure point and when one part of the system suffers a catastrophic failure often the whole system fails. Higher cost of maintenance, far higher replacement costs but far cheaper initial installation that is all that is provided by a fully interconnected system, and strangely enough it all adds together for greater profits for the aircraft manufacturer.

Air gap is the only real security in a hard wired network and there can be no guarantee of security in a wireless network (as dollars will always gain you access in a world of greed).

Re:I don't get it...

[LMariachi]

The pilots certainly do need access to some of the cabin systems, for the seatbelt sign, for example.

Why should cabin systems be the pilot's responsibility at all? Let the flight attendants attend to seatbelts and lighting and climate control, and let the pilot keep his attention on flying the plane.

But what's the problem.

[musther]

I've got a question. Has anybody ever (outside of a movie) managed to hack into a system behind a completely locked down firewall. This laptop has every port closed, with the exception of 22. As I see it the only source of attack is to try to hack in through SSH. Assuming all ports are closed, it should be impossible to get in, that's the whole point. So my question is whether anybody, in the history of the firewall, has ever managed to get in through a firewall like that? I don't see how it's possible, where would you start.

Just thought I'd challenge the knee-jerk reaction of "WTF, who would do that!"

Hum...

[felipekk]

When I flew Delta from Atlanta to San Diego, the seat's TV showed me the route, current altitude and speed. How would it get that data if it were on a separate network?

I don't remember the model of the airplane, but it was big. If I recall correctly, it was 2 columns of 3 seats each.