Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crashing an In-Flight Entertainment System

Posted by kdawson on from the stress-testing dept.

rabblerouzer writes "Hugh Thompson, who was interviewed by Slashdot on the dangers of e-voting, now has a cool blog entry on how he was able to bring down the gaming/movie console on an airplane. He calls it one of the most interesting examples of a software 'abuse case' he has ever seen." Fortunately the IFE system is totally disjoint from the avionics.

15 of 322 comments (clear)

  1. Profit? by delirium+of+disorder · · Score: 5, Funny

    0. Install wireless NIC to In-Flight Entertainment System
    1. Connect to wireless WAN and Internet
    2. Install web server and post link to slashdot
    3. Short sell airline stock
    4. ???
    5. Profit!

    --
    ------ Take away the right to say fuck and you take away the right to say fuck the government.
  2. Re:Slashdotted already? by linuxmop · · Score: 5, Funny

    So an article about hacking into insecure software is hosted on a site that displays information about its internals whenever there's high load... Fantastic.

  3. TFA? by Pikoro · · Score: 5, Funny

    Wow, 5 entire copies of TFA in the comments so far... Do you people not browse the comments before you post?

    Carefull, this may encourage people to actually RTFA...

    --
    "Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
  4. Re:Err by dxlts · · Score: 5, Informative

    No offense, but I don't think avionics are your run of the mill programmers
    I assume you meant "avionics programmers" aren't run of the mill. I hate to burst your bubble, but for the most part that's not true. I've been a programmer in the aerospace industry for 10 years. Seven of those years were at Boeing, doing (among other things) avionics programming. Unfortunately, from what I saw, avionics programmers for the most part are no smarter than your average programmer. There are a handful of really smart guys who do all the really hard (and high risk) parts of the code, and the remaining 99% of the programmers do the kind of simple, tedious code that you could (almost) train monkeys to do. Not surprisingly, most of them really aren't all that smart. I understand how you might have that misconception though. I used to have that misconception too. I remember when I got my first aerospace job, and I was really intimidated by the fact that I was going to be working with the "big dogs", the hardcore programmers who all had 180 IQ's, etc. I also remember the total shock and disappointment when it turned out to be just the opposite.
  5. Re:Not a big surprise by Detritus · · Score: 5, Insightful

    It doesn't have to be an "attack", it can be something as simple as a stuck switch or a book placed on top of a keyboard. On an airplane, you have to consider the two-year-old who wants to play with the pretty buttons.

    --
    Mea navis aericumbens anguillis abundat
  6. Re:Err by colfer · · Score: 5, Informative

    SwissAir 111 went down because the in-flight entertainment & gambling system had been rushed into service, and due to its design overheated and burned down the plane in-flight. This was its design: a separate computer for each seat. The computers (presumably single cards) were located in the ceiling near the front of the passenger compartment. So were the avionics wires. The entertainment/gambling devices overheated, caught fire and the plane crashed near Nova Scotia. Greed. SwissAir is no more.

  7. Avionics programmers by Okian+Warrior · · Score: 5, Informative

    Okay, I *am* an avionics programmer. Here's some background.

    FAA regulations categorize software in 5 different levels of criticality, depending on how a failure of the software would affect the safety of the plane. Level "A" software is reserved for things like the "low fuel" alarm, which could potentially knock the plane out of the air on failure, to level "C" for things like the cabin pressurization system where the pilots can take emergency actions to compensate, to level "E" for things like the microwave in the kitchen.

    (Beware: I gloss over a few details for clarity.)

    The higher levels of software criticality have progressively higher levels of standards for testing. In the case of level-A software, each individual line of code must be examined for correctness in the context of the rest of the code. Each line of code must be executed as part of testing and actively shown to be correct, and each line of code must be individually code reviewed by another engineer.

    At the higher levels of software, limit testing is required for all function arguments and if-statements. Multiple-clause if statements such as "if A and B but not C" must be tested for all combinations of the subject clauses, and so on.

    In addition to this, all avionics software I've worked on makes a distinction between showing erroneous information and showing *no* information (or, working incorrectly versus not working at all). If the digital altimeter goes blank, the pilots will notice and can take corrective action. If the altimeter is reading the wrong information, then that's a critical failure which could cause an accident.

    Thus, avionics software innards are heavily checked throughout execution to ensure proper operation, and any failure causes the system to immediately go offline. All function arguments are ASSERT'ed for correct range, all calculations are checked for range and accuracy, &c.

    The entertainment system, and in particular a game within the entertainment system, is almost certainly a level-E software component, and so is not required to go through such rigorous testing. The hardware has to be shown to not interfere with the avionics and that's about it.

    1. Re:Avionics programmers by Voice+of+Meson · · Score: 5, Interesting

      Interesting stuff this critical code. When I started out as a grad at a large Aerospace company we were given shiploads of Flight Control Computer code to unit test for a new(ish) fighter aircraft. Most of the stuff we worked with was what you have described as 'Level A' code but I didn't really understand what it all meant at the time.

      Anyway, the level of testing required was very, very high. I say that even though we were grads working on it, because it was not our choice what to test and what to leave, and they were done multiple times with different people, the the branches, lines run etc compared. It was the lowest level of the software tests and everything was in modules about 30 lines long that needed 100% coverage, every logical combination tested out etc. Plus the languages they used (ADA95, fortran(77?) and assembly) were cut down to remove anything too untestable. I think 'while' loops were out because, as opposed to 'for's, there is a chance of a infinite loop. That sort of stuff. Would be a nightmare to code in.

      In not sure how other FCC's usually are, but interestingly this one had 4 CPU's with a fifth 'controlling' one or something and basically each calculation would be performed on all 4 then the results correlated and the majority answer taken. I guess to protect it from a freakish glitch or maybe some deliberate interferance? Not sure, but surely accurate.

      Fly-By-Wire - It's not just the software that crashes.

      --
      Dammit! I had a good one.
  8. Some of these systems run Linux, and how I got bla by Samarian+Hillbilly · · Score: 5, Funny

    I was coming back from a conference wearing a hat with a promenent penguin on it, when our in-flight system crashed. As it was re-booting it was obvious to some of the more tech-minded passengers that it was running through the Linux boot sequence. I started hearing calls of "lynch the guy with the penguin hat", from the seats behind me...

  9. Re:There is a NAME for the bug... by AndroidCat · · Score: 5, Interesting

    And when you compile the code in release, where is your friend now?

    --
    One line blog. I hear that they're called Twitters now.
  10. cookie monster by Tablizer · · Score: 5, Funny

    "Today, Sesame Street was brought down by the number 5"

    --
    Table-ized A.I.
  11. Re:There is a NAME for the bug... by RAMMS+EIN · · Score: 5, Insightful

    ``Dam lazy programmers not using Assert() these days... :)''

    Because we all know that the constraint that you got wrong in the actual code will be correct in the assert. Right? Right?!

    --
    Please correct me if I got my facts wrong.
  12. Re:Err by iocat · · Score: 5, Interesting
    It sounds good. Too good in fact. In fact, it sounds like BS. It basically reads like an urban myth. Also, given that the max value was 4, its unlikely the field size onscreen would have been big enough to display a 3 digit number. I also can't think of any domestic carrier in 2005 that had a combo touch screen / telephone thingee in the back of every seat. The only one I can think of now is Thai in their Royal Thai section.

    Can anyone intuit the airline? Because without an airline name, I call bullshit on this story. I would guess it had to be business class, and probably a foriegn carrier, if the story is to be believed.

    --

    Dude, I think I can see my house from here.

  13. Re:Err by bigwave111 · · Score: 5, Informative

    Actually, no, it takes more inside information than that. My dad worked for Swissair for 30 years and its downfall was actually the acquisition of Sabena and the contractual agreement created in the acquisition. At the time, it was a solid investment, but as the overall financial state of Sabena fell apart, Swissair was legally obligated to have to try and save them, draining their resources. The in-flight entertainment was simply a last can of gasoline tossed on an intensely burning flame.

  14. Re:Err by Anonymous Coward · · Score: 5, Funny

    You forgot one more category

    IQ 70-85 - idiot that will buy what advertisers tell them to buy. #1 buyer of 4WD SUV's because they believe they will be safer. Believe that they really are the center of the universe. Prime candidates for Middle managenent, Sales and Marketing departments.