Slashdot Mirror
Boeing 787 May Be Vulnerable to Hacker Attack
palegray.net writes "An article posted yesterday on Wired.com notes that 'Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.' They're already working on solutions to the problem - including placing more physical separation between aircraft networks and implementing more robust software-based firewalls."
No more playing MS Flight Sim.
Why aren't both networks physically completely seperated from each other?
... is one that's physically isolated. I can't think of one good reason why passengers should have any access whatsoever to command/control networks used by the airplane.
I'm not an avionics engineer - however, even in a small hotel I service, we keep the guest network and the hotel/admin network seperate. The only common hardware is the AC power and the modem that has a /28 assigned to it.
Just more anti-American FUD spread by Airbus.
:)
Also, Windows is better than Linux
There are dozens of landing patterns in America where a couple hundred feet to the right or left and you have another 9/11. I sure hope they get this fixed before this thing flies anywhere.
Nowadays you cannot get on a plane carrying any kind of gel or liquid. Hell, you there are places where you can't even get on board with a lighter. However, I've always been able to travel with my laptop (don't want "luggage management" to break it), provided that I prove it's a real laptop (i.e. turn it on).
And now this? What does that mean? I won't be able to board a plane with my laptop again, that's what that means. And who can I blame? The frightened Homeland Security officers who try to no end to sanitize flights with the Stupid Fear Of The Month, of the inept engineers who let that security flaw slip into production on a flying aircraft?
And where's my flying car?
Karma cannot be described by words alone.
on the design team?
This is pretty much the exact type of situation they invented red/black networks for. I can't imagine how any design for a passenger accessible network wouldn't use completely segregated networks for a)passenger use, b)flight logistics and maintenance, and c)actual flight control operations. And given the giant nightmarish spiderweb that aircraft wiring harnesses tend to be I'm guessing it will be a non-trivial task to implement it now, even ignoring the software and systems redesigns that would be required.
What kind of an idiot would put the flight control systems and the on-board entertainment/voip/net/pr0n on the same physical network? Were they trying to save weight/money by running only one cable through the plane?
I recall reading about MS stuffing their software into cars (that probably evolved into Ford's SYNC) and even there the MS crap and the engine management systems were completely separate.
There are a few million easier ways to bring down an aircraft (or kill thousands and cause panic if that's your thing). Yes this is idiocy in engineering, but considering all the other threats I don't think it's way up the list. Ultimately, we aren't dead yet because there just aren't that many intelligent people that want to kill us, cause it just isn't that hard to pull off.
I am not an avionics engineer, but I worked with electrical and electronic systems on nuclear power plants, and we had a pretty strict segregation between different types of systems--and with 0 connection between a critical system (power sensing, for example) and a non-critical system (Some water level management). That's not even COUNTING peripheral systems (computers on the local netowrk for email/ppt/xls).
My thought is that some asshole at boeing decided to save some money on cable runs and ginned up an explanation of how software segregation would serve as an adequate barrier between flight critical systems and passenger systems. They never learn.
The article doesn't specify how the networks are connected. It could be something fairly innocuous like sharing the same power source. I seriously doubt they put the passenger internet access on the same packet-switched network as flight control. But who knows...
If what TFA claims is really true, i.e. that the passenger network is physically connected to the control and navigation system, then someone should get fired for this.
The control and navigation system of an airplane is one of the most critical networks possible; the lives of hundreds of passengers (and potentially of thousands of people on the ground) depend on its correct functioning. There are not many more critical networks than that, except maybe control systems for weapons, nuclear plants and some factory control systems.
Even the worst sysadmin out there knows that you do not physically connect such a highly sensitive, highly critical network to something crappy like the in-flight passenger entertainment network.
Why should the two networks should be connected at all? To tell the passengers the current speed of the plane?
The XBox was hacked. The playstation was hacked. DVDs were hacked. HD-DVD was hacked. Pretty much anything out there was hacked if someone had an interest in it (and mostly the interest wasn't commercial, just "for fun"). Even if they do aren't "completely connected" as Boeing claims, the danger of it being hacked is very real. On one hand you are not allowed to use your mobile phone on a plane, and on the other you can play with a network which is attached to the navigation and control system? Come on.
The best hardware firewall is air. Air between the electrical conductors of each network.
- If the plane deviates from the flight plan, access to Google Maps may become handy to plan a new route
- While on autopilot, access to certain web sites may provide some entertainment to the captain, who usually is a lonely man
- Given the bad quality of many onboard speakers, announcements from the cockpit can be emailed or IM'ed to passengers
- Hacker intrusion may be a better excuse than malfunctioning engine as the reason for a plane crash
- No more planes grounded due to lack of pilot operating manual, as it could be easily downloaded from the Internet
I am sure there are many other good reasons to connect the navigation network to the Internet, so this list is not exhaustive.Most aircraft haven't been controlled by cables in a long long time. Between weight, undependability and cost, hydraulic-assisted cable operated controls were replaced by (to pull a term out ancient history) fly by wire a long time ago. The problem isn't that they use wire to route control signals through the plane. The problem is that the two arn't properly isolated.
the clock on the wall says 4 til 7
The flight control and avionics networks as well as the hardware are separate from the passenger network.
The concern is that a separate network of maintenance and some limited flight information data share the same up/down links as the passenger network. The FAA notice is to demonstrate to the FAA that there can be no interference between the maintenance and flight information data and the passenger network.
Even if the maintenance and flight information data were compromised, at worst this would mean that the operating history of the aircraft is not accurate. This is a big deal but not something that will lead to in flight failure.
An additional requirement of the FAA notice is to prohibit future passenger services without testing for interference and security.
Nuff Said.
This[PDF] seems to be a document developed in order to address software/hardware partition requirements AMONG flight critical components. It is interesting to see how much is able to be shared, even on a single processor.
:)
[[WARNING!!! PDF!!]]
With 2 of those in the cockpit, one for pilot, one for copilot, each running 2 Operating Systems Linux/Windows, and all networked together since each box has 6 network interfaces on it. The thing would be a field day for hackers. While they were designing it a bunch of the consultants helping with the coding were ranting about possible security, but were ignored.
I can't go into specifics because of my NDA, but considering it was 4 years ago I worked on it, I doubt that is still in force. Though I believe I can say I worked on it, and that information is all publicly available.
"There are places where the networks are not touching, and there are places where they are," she said.
Translation: The networks are touching.
How cute.
I used to think this was the kind of thing that could only happen in crappy tech-horror movies like that new "Untraceable" flick. I'm going to get a smarmy "told you so" call from my cousin if she hears about this--I'd told her that no (automobile) control system in the real world would be reachable through standard networking protocols.
The 787 common core system is designed by Smith's Areospace, not Honeywell. Honeywell performed so badly on the 777 program that they were relegated to the 2nd tier. I have heard that their FMS is late for the 787 as well.
an ill wind that blows no good
Did you READ the report? I did. It doesn't say anything is unsafe. What it says is there are unique architectures in the systems that put them at odds with CFR 14 regulations compliance whether they present an actual or potential danger or not. Furthermore there's a comment in the report which states that Airbus objects to the regulatory findings on the basis that the 'standard' is too high level to offer any concrete value for implementation or compliance.
Like any other IT security audit - compliance doesn't mean security it means compliance. And in the cases where there are deviations from the standard, the system has to be able to speak to that deviation and address it or contest it.
Do even need hackers? the on-board entertainment system on some plans have very poor software on them and there have been story on Slashdot about how easy it is to crash them.
http://blogs.csoonline.com/node/151
http://it.slashdot.org/article.pl?sid=07/02/20/2231228
http://www.gregladen.com/wordpress/?p=1134
While I completely agree, designers are always under pressure to reduce the amount of wiring looms - they add a surptising amount of weight thereby decreasing fuel economy.
A thistle is a fat salad for an ass's mouth...
Is it just me, or does this make Boeing (or at least this spokeswoman in the article) sound like a real grade A moron?
The choice quotes to me were the article's quote that the solution involves some separation of networks, known as 'air gaps', and software firewalls. And the choice quote straight from the spokewoman from Boeing: "There are places where the networks are not touching, and there are places where they are".
OK, so what, having the networks only connected at some points should reassure me somehow? It only takes a single interconnection to have these logically be a single network as far as hacking into it is concerned. I'm also DEEPLY troubled by the statement about using a software firewall. (Any firewall is really some box running software; the term "software firewall" typically implies a windows box running software.. which would be deeply troubling.) It is also troubling to me that they are even willing to imply that adding air gaps at *SOME* points amounts to anything. Sorry, saying a network has an air gap means that it is NOT connected to insecure networks.. not that it's connected at fewer points. (Although, I suppose they cold be confusing things, adding air gaps in the electrical sense, so an etherkiller on the entertainment network doesn't blow out the control network.)
Great news that the 787 may not be vulnerable to hacking!
Pretty much anything out there was hacked if someone had an interest in it (and mostly the interest wasn't commercial, just "for fun").
What is worse is that after 7+ hours on a transatlantic flight just about anything will look interesting.
Operation Northwoodses, and so on.
And it's justifiable. Think of it from the perspective of a SimCity player rather than an individual or a citizen. Morality changes with scale.
Right. I also posted a link later that showed that I was overestimating the seperation required between critical systems and non-critical systems and among critical systems. That being said, I don't feel that most of the decisions to skimp on safety measures are taken by engineers, they are taken by management over the protests of engineers. In my experience, engineers tend to overdo it. :)
... It looks like you're trying to take over the flight controls ...
/dev/random > /dev/aileron
Or, for a more unix-y flavour...
# cat
That's true to a degree, but the aviation industry is not like any other - right from day one of training , integrity is drummed into you. The vast majority of engineers I work with, myself included would never shut up about something we perceived as dangerous.
Fortunately the law and the huge number of regulations, combined with anonymous reporting systems make it difficult to keep this sort of thing quiet.
Of course I'm not saying it doesn't happen - just that it's not as easy as in other industries, especially given the industries proclivity for managers ahving been technicians.
A thistle is a fat salad for an ass's mouth...
The most important thing about Operation Northwoods is that IT NEVER HAPPENED.
The system worked.
The fact that not only did it never happen, but that we also heard about the plan, shows GOOD, GOOD things about our country.
Blue Sky of Death
You don't even need a security hole, see:
1. Get on a plane
2. Find two unused Ethernet ports
3. Connect them with a cable, forming a loop
4. The flight control box, running Vista, cannot cope with the traffic due to 10000 packets/second limit
</sarcasm>
throw new SuccessException("Sig read successfully");
As described on a Seinfeld episode:
GEORGE: When are they gonna have the flying cars, already?
JERRY: Yeah, they have been promising that for a while..
GEORGE: Years. When we were kids, they made it seem like it was right around the corner.
JERRY: I think Ed Begley Jr. has one.
GEORGE: No. That's just electric.
JERRY: What about Harrison Ford? He had one in, uh, Blade Runner. That was a cool one.
GEORGE: (Sarcastic) What's the competition, Chitty Chitty Bang Bang?
JERRY: Well, what do you think the big holdup is?
GEORGE: The government is very touchy about us being in the air. Let us run around on the ground as much as we want. Anything in the air is a big production.
JERRY: Yeah, right. And what about the floating cities?
GEORGE: And the underwater bubble cities?
JERRY: It's like we're living in the '50s here!
Get your Unix fortune now!
Geez, don't you people watch BSG? I can't believe I was the only one to get the reference.
meh
Die Hard 5 plot. CONFIRMED!
The decision not to run with Northwoods proves nothing about America's goodness or the system working. Get serious. There are likely thousands more similar programs whose status you will never become aware of. Northwoods only came to light because of James Bamford's weird and unique persistence during his book research, and it happened at a golden time - immediately post-FOIA.
No, the most important thing we can take away from Operation Northwoods is that our top brass are so-named because of the quality of their balls. It proves we have - or at least had, in the '60s - leaders with teeth, true strength, people willing to make hard decisions when necessary.
The sissies that spout off about Northwoods being proof of evil or the potential for evil within the USG simply do not understand how government works today, how it has historically worked, or what is necessary to make it work and keep it surviving. Northwoods did not just spring from the Joint Chiefs like Athena from Zeus' head. Cuba was an incredibly serious threat to the USA's safety and possibly its very existence. If it took a lie to the public (Northwoods does not call for the killing of any American citizens, contrary to what most of the more wishy-washy conspiracy theorists insinuate) and some property damage to take out a country 90 miles away striving to become a nuclear threat and help destroy the USA... so what?
I see the aviation industry as akin to the aerospace contractors working with NASA in the 1980's. Trained to have integrity, but pressured by deadlines in order to reduce safety margins. Just because people are under enormous pressure doesn't indicate moral failure.
There's no reason at this point for the control and passenger information systems to interact at all. It's perfectly feasible to implement a strict, one way transfer of any pertinent data (e.g. location, speed, height info) from the control system to the passenger system. We have optical couplers which allow a strict, one way transfer of information with no possibility of an attack from the insecure side.
Software firewalls just won't do for this situation, the security requirements are *WAY* too high.
Apart from power obviously, I see no real benefit from having any systems on the plane shared between the public / passenger network and the planes flight / control systems, considering the risks at least. Ok so it would make it easy for passengers to view data about the flight (like you currently can now i.e. airspeed altitude location etc) but surely there must be some way of transmitting this pretty simple data to the passenger network without physically connecting them. At worse the cost of the aircraft may have to go up a bit since some systems may have to be doubled up (one for the plane, one for the passengers etc) but this is just such a huge nightmare of a security risk I cannot see why anyone would think this is a good idea. Even in a purely pragmatic sense, i'm sure the planes systems would be very safe and hard to affect or hack into if they did use a properly designed network like this, but how many people (customers) are going to be put off flying in these things in a post 9/11 world?
Maybe it's an ARINC 653 solution?
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Considering Boeing is the world's leader in passenger aircraft, how about we just give them the benefit of the doubt that they aren't retards?
"Sure, Boeing's spent a decade designing this plane with thousands of engineers, but I read a short Slashdot story summary and now I'm going to decree I know more than them!"
Comment of the year
There is an easy solution for solving this. Have a read-only device that sends signals from the avionics/pilots network to the passenger's network. That device can only transmit one way. Think of it like a laser on the avionics/pilots network transmitting data to a light receptor on the passenger network. This way, no hacker could never get access into the avionics/pilots network, while the pilots and some avionic systems could transmit messages/signals to the passengers.
Of course, the device should be electronic and cheap, not built with a laser as I suggested; I used this example only to make the picture easier to understand.
Remember the year 2000? They promised us flying cars. They delivered the PT Cruiser...
This should not be.
These novel or unusual design features are associated with connectivity of the passenger domain computer systems to the airplane critical systems and data networks.
Yes, very true regarding the isolation. Additionally, planes' rigorous inspection and freedom from interference allows planes to be fly-by-wire, but we do not have this luxury with cars yet...
No production car has a total steer-by-wire system yet; every car still has an absolute mechanical linkage between the steering column and the wheels. A LOT of manufacturers have been looking into alternatives -- BMW in particular (I know this car manufacturer the best) has some completely "steer-by-wire" systems are in concept cars. They have a hybrid system currently called "active steer" since '04, which I think all BMWs have, which basically increases the angle to the wheels at lower speeds.
Numerous cars now have complete "throttle-by-wire", present in BMWs though since about 2004, so there is no mechanical gas pedal linkage, and this is now relatively common, but not universal among cars. Apparently there were some complaints about it early, but now the programming is very similar to the mechanical linkage. If you lose your throttle control due to a computer malfunction, it is simply not as bad as completely losing your steering.
For some really good articles on the issues involved, check out:
http://findarticles.com/p/articles/mi_hb078/is_200311/ai_hibm1G1110736640
http://www.autofieldguide.com/columns/1103pb.html
And some guy's Stanford Ph.D. thesis -- actually a pretty good read, summarizing issues nicely.
http://www-cdr.stanford.edu/dynamic/bywire/dissertation.pdf
http://auto.howstuffworks.com/steering5.htm
Slashdotter, ID #101. UIDs are in binary, right?
My car uses totally different physical wires for the CD player and for the brakes. In fact the braking system is redundant. So WHY wouldn't a f*cking Boeing have at least the same kind of separation!?
Try Ubuntu GNU/Linux, it's great!!!
IIRC, the aviation industry uses Fibre Channel for all flight controls. What may be the issue in this case is a fibre channel switch whose ethernet management port is connected to the local area network. It's just an educated guess based on the scant details, but this may explain the people saying "it's connected but not really."
And the reason why I'm posting AC is I don't want retaliation for suggesting that these switches can be easily hacked into, and, although the modification of FC frames might be difficult, bricking the switch for the duration of the flight is not hard (yes, I do mean bricking). I don't know which manufacturer these switches come from, but I don't think it would make a difference. FC switches rely on a physical security model for the most part.
echo 255 > /proc/flight/control/elevator
(screaming kid suddenly thrown into ceiling)
The FAA document in question is basically saying that there needs to be some previously unneeded standards for certification for the 787 just to make sure that the electronics can't be used to do what the Wired artcle and the headline of this thread threatens.
Is buying a Harley Davidson as your first motorcycle since you were 16 at age 49 a midlife crisis issue?
I can see the made for TV movie of the week now... The pilots in the cabin can't land the plane so air traffic control talks Timmy in seat 42C through the hack as he lands the plane safely using a ThinkPad from some Marketing VP in first class.
Say hello to my little sig.
http://www.heise.de/ct/schlagseite/03/01/gross.jpg
Sorry German only.
Nice Megatokyo reference in the "dept" line.
Queue up 11,000 A/C posts about H4X0RZ Cr45h1n6 for REALZ Do0DEZ!.
This is not a "Windows vs Linux" thing. These are highly specialized data networks designed specifically for aircraft. The typical running life of a big jet is some 40 years or more - the idea of a consumer O/S such as Windows (or even Linux) being suitable for such a situation is simply stupid. Everything is coded in firmware, micro-processor based, with a likelyhood of actually crashing accidentally being somewhat less likely than getting struck by lightning on a sunny day while sitting in the cellar of your 4-story house.
Not bloody likely.
But, actual, malicious attack? Possible - and if there was *ANY* connection between the passenger data networks and the main control networks, that's an issue that must be addressed.
Most likely, the FAA found some part that was connected to both networks, that itself was not capable of actually transmitting data. But they're being car eful, as is their job, since lives are on the line.
Go FAA!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Back in college, 15 years ago now, I was hanging out on one of the networking Usenet groups when someone asked whether or not laptops supported Token Ring. The answer, from many sources, was that you could get PCMCIA cards for them (built-in networking wasn't common in that era), but that they would be much more expensive than Ethernet. We got the response that the original poster was an engineer with Boeing, he was researching passenger networking, and "we can't use Ethernet because it is not real-time enough for fly by wire." (The fly-by-wire system of the 777 is indeed based on Token Ring; since then the aviation industry has developed a spec fly-by-wire-capable Ethernet which the 787 uses.)
So there definitely was some notion already back then to tie the passenger networking into the same system as the fly-by-wire. Needless to say, the group (including yours truly, an undergraduate college student) responded with disbelief, and until today I thought they would have scrapped that idea ten times over before ever getting close to an aircraft. Apparently that optimistic view was totally wrong.
(Note: it is possible to have *one-way* airgap security, which would provide, say, navigation information to the passenger network while physically eliminating the possibility of interference in the other direction. All it takes is one-way communications hardware. Needless to say, it's pretty obvious from the vagueness that they're not doing that -- they would have stated so in no uncertain terms.)
But imagine a BOTNET of 787s!
Your ad could be here!
Why in the high hell would a flight control system *EVER* be sharing hardware with something unrelated, that the passengers can connect to?
That stuff should exist in its own sealed-off little world, where nothing ever changes. Outside tasks should be handled by other systems, in order to minimize the complexity of the ones controlling the airplane. Connecting everything together creates more places for bugs to hide, which is really scary even without any security holes.
$> rm airplane Object airplane deleted $>
-Cnik
I have had it with these motherfucking hackers on this motherfucking plane!
that the plane is vulnerable to Surface-to-air missiles, or nuclear blasts? A lot of things have to fall into place for someone to get this kind of access, it's not like the avionics system has a wi-fi adapter...
People who think they know everything really piss off those of us that actually do.
I'm not fying on any damn plane that needs a fucking software firewall!
Here's the simple solution to make it safe. Add a second telemetry mast. Have the passenger entertainment system run its outboard communications on a completely separate frequency.
They're using their grammar skills there.
Anyway, as I had been involved with some avionics work, it is incredibly difficuly (not impossible) to compromise the control signals for basic surface control on an Avionics Full-Duplex Switched Ethernet (AFDX) ARINC-664 network, the type of standard used for Aircraft Data Networks. You can google it, but for a quick summary, it is a deterministic full duplex version of Ethernet with additional bits and bobs to safeguard redundancy and message integrity. The message integrity spec means that due to special protocols, when a cockpit console control (say the throttle) needs to transmit to the engine FADEC, the actual module on the engine not only expects to receive a relevant message from the right domain (there are different domains such as electrical flight control, communications, pneumatics), but also from a very specific component (that has a serial number). The point is that you cannot re-route messages easily and there is some sort of authentication of components talking to each other. It is incredibly difficult for someone to replay an engine switch off message that should be routed to the engine and make it to appear that it comes from the console switch of the cockpit, when in fact it comes from an external hacker. This combined with the fact that the core OS is probably some real-time micro-kernel derivative with specially obscured commands (Wind River VxWorks, other?), makes things more difficult.
Having said that, security through obscurity and whatever authentication/authorization system is not a panacea for the lifes of 200-300 people that travel at mach 0.8 at 35000 feet. Even if there is someone that succeeds in getting in, in the Airbus version of the system, the pilot has the option to shut off external comms by resetting the external link. None of the critical parts (main MCUs, core switching components) have erasable firmware, so...somebody could be cut off easily, if she is detected on time and provided that it does not create a situation to put the aircraft in a non reversible situation (nose dive, spin). And this is where they fail. They *might* consider now IDS/IPS mechanisms, but so far they might have NOT done it. That is the first point.
The second point I don't like is the way Boeing deploys IMA, the Integrated Modular Avionics system. Both Boeing and Airbus have reduced the number of discrete avionics units to make the aircraft lighter and simplify maintenance (so both use 1 core network for everything). However, whilst the A380's IMA has 8 processing modules all tied together by an AFDX network, Boeing has 3 distinct units with less degree of autonomy from the comms network. It does not mean that everyone can get in and start playing flight sim, but there are less obstructions to place out of the way.
I hope that they will include IDS/IPS on the core network. Whatever firewall or other solution they might have, it is good to know that someone is likely to be in, even after the effect and chop the connection at the right time under conditions. Integration cannot be avoided. It can only be managed.
I've worked for the In-Flight Entertainment industry, specifically for systems that go onto 787s (A380, etc.).
The connection between the IFE and avionics is NOT as tenuous as Gunter tries to say. There is a direct link (Ethernet over fibre or UTP) between the avionics and the IFE. Traffic is supposed to be passed through a managed switch, but the switch is embedded in the IFE.
Bit of background:
An IFE system is MORE complex than a small-medium business. There are hundreds of workstations, a multi-chassis (and multiple-CPU per chassis) server room, and a multitude of switches between them, with the possibility of wired and wireless connections for crew and passengers. This is all supposed to some up, without human intervention, from a simultaneous application of power to all components, within a few minutes. Even if some components have been swapped from spare and DO NOT have the appropriate software or configuration for the aircraft on which they are installed. Do NOT try this at home.
The problem is the management of the IFE companies, or, at least, the one I worked for. Senior management is totally, completely, utterly, (you get the picture) clueless regarding security, but know enough buzzwords to consider themselves expert. Security is the LAST consideration in system implementation, and will be sacrificed for any of several reasons: management has promised some blue-sky deadline for delivery; the "magic" autoconfiguration must work despite security holes; it's too much trouble to use SSH and manage the keys, so we'll just use telnet and ftp, with static, or no, passwords; someone decides to use a handheld crew device that can't do proper wireless security, so just skip it.
Back to embedded switch: the box in which it is embedded will have the best firewall a very bright, but overworked programmer, pressured to meet insanely unrealistic demands, can accomplish.
There is a fantasy that no one will try to crack the system, since the potential punishment is too severe, which may, although I don't believe it, deter attempting to get free drinks, or capture the movie streams, but it isn't going to stop someone trying to crash the plane.
I've got a question. Has anybody ever (outside of a movie) managed to hack into a system behind a completely locked down firewall. This laptop has every port closed, with the exception of 22. As I see it the only source of attack is to try to hack in through SSH. Assuming all ports are closed, it should be impossible to get in, that's the whole point. So my question is whether anybody, in the history of the firewall, has ever managed to get in through a firewall like that? I don't see how it's possible, where would you start.
Just thought I'd challenge the knee-jerk reaction of "WTF, who would do that!"
"The only secure computer is one that's not connected to the Internet. That's why I recommend Telstra Bigpond(TM)."
It's not exactly rocket surgery.
AFAIK on the 777 (which is the closest Boeing to the 787), the fly-by-wire flight control system IS physically separated from the entertainment system, etc. as any software updates have to be done on the aeroplane using physical media to upload from. The navigation systems are connected to the outside world via VHF and SatCom datalinks.
Maybe someone thought it would be a good idea to be able to remotely update ALL the systems in the 787, for instance to stick some new films on the IFE server or to apply a patch to the nav. unit if there were problems. This would probably result in shared connection hardware to save weight/complexity and the more critical systems behind hard/soft firewalls & encrypted. Not sure it's a good idea, though...
Disclaimer: I don't design them, I only fly them for a living.
How about producing a Wargames addon for the MS Flight Simulator then?
"Hello Prof Falken. Do you want to fly a plane?"
Correction: the custom software caused the failure, but it was Microsoft Windows that failed. The OS shouldn't be affected by applications failing. A more robust OS would have better isolation between the kernel and user space.
When I flew Delta from Atlanta to San Diego, the seat's TV showed me the route, current altitude and speed. How would it get that data if it were on a separate network?
I don't remember the model of the airplane, but it was big. If I recall correctly, it was 2 columns of 3 seats each.
"The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems"
Who in their right mind would build such a design that connects the planes control system to the passengers department. Who is responsible for this decision, what a total idiot.
davecb5620@gmail.com
"As in the Yorktown case, it was the custom software written for the task which failed"
Actually, it was when an operator entered zero into a field, that the computer threw a divide by zero error and the entire navigation and propulsion system failed. A WinTEL PC doesn't belong on a battleship, regardless of what OS. Multiple embedded systems with lots of redundant parts, that slowly degrade under stress, like getting a shell fired through the hull.
davecb5620@gmail.com
Well, the windows thing, it is in there. Venturecom use to sell a product called Venix, a real time OS used for flight control presentation in aircraft. They do have to support at least one aircraft platform for like 20 years after the software was put into production. They no longer sell Venix to those customers, they now sell a custom version of windows with real time extensions. BTW Venix was 16 bit and if you knew Linux Venix was very familiar.
:-)
So there you have it win32 apps are available on aircraft! They even use the MS Dlls and kernel....
Your Average Joe
At a basic level, overdoing it is the definition of engineering.
Nerd rage is the funniest rage.
Could this mean that the 787 will face delays like the A380 did?
The A380 had wiring issues, I understood they were physical but it could well mean that the guys in Airbus were scratching their heads: "were the hell did we put this friggin connection that connects passengers to flight deck, we need to unplug it" for a year or something.
The networked systems are there to reduce the amount of wiring to manageable levels. Having separate signal conductors for every function also adds unnecessary weight, and extra weight means extra fuel consumption and reduced payload. Fuel consumption is very important to the airlines when deciding which planes to order. Both the Boeing 787 and the Airbus A380 were designed to considerably reduce fuel consumption per passenger-mile. Higher operating costs means sales lost to the competition.
as opposed to a real firewall..
Or, since the dangers posed by a breach in this particular system are rather extreme, going to a corresponding extreme and COMPLETELY physically and electrically isolating networks used to offer interweb access to passengers and any networks used to control the aircraft, and having no interconnection between them whatsoever at all anywhere. Perhaps one interconnection - the control side should have a single connection to the entertainment side - a control to turn it off (by way of a physical power cutoff relay, not any sort of intelligent networked function)
That's Tek Jansen, travelling back in time to save the Boeing! He must have thousands of girlfriends.
You better watch out, there may be dogs about . .
What if the Cylons attack?
Will the teen hacker in Seat 14c relinquish the controls back to me!
Flight simulators are Verboten on this airline!
"Mom, look! I found naked pictures of that lady who just asked us if we want coffee! I found it under PILOT, MY DOCUMENTS, MILE HIGH PARTY."
In a plane you basically have the same problem on a different scale. You can guarantee that the network at the seats is not the same network that is controlling the flight surfaces etc, but in theory software could exist that causes problems.
Engineering is the art of compromise.
Which is a pretty cool system, IMHO. Virtualization among realtime processes since 1989.
It features an older POSIX and newer linux ABI for userland apps. Fly the linux-friendly skies!
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
If this wasn't an actual news story, I'd swear this is the type of thing that a movie would claim to be possible. Like when they hacked the oil pipelines in Die Hard.