Slashdot Mirror

← Back to Stories (view on slashdot.org)

Boeing 787 May Be Vulnerable to Hacker Attack

Posted by Zonk on from the does-anyone-speak-l33t dept.

palegray.net writes "An article posted yesterday on Wired.com notes that 'Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.' They're already working on solutions to the problem - including placing more physical separation between aircraft networks and implementing more robust software-based firewalls."

3 of 332 comments (clear)

  1. Re:I don't get it... by badasscat · · Score: 5, Informative

    Why can you remotely control aircraft systems at all? There should be no network equipment to compromise in the first place!

    The 787 is fly by wire, like most new aircraft designs. It's all computer controlled, not mechanical.

    My guess is this - the "common core system" designed by Honeywell - has something to do with the various systems being connected. This is a system designed to simplify the airplane's various systems and reduce the number of separate systems (which means fewer failure points - usually a good thing in engineering). I do believe Boeing when they say that there are built-in separations and that the two systems are not completely tied together, but obviously it wasn't enough for the FAA. So they're fixing it. Nothing really all that unusual about a new airplane design; there are always various issues that need to be addressed before first flight.

  2. Aviation software by shawkin · · Score: 4, Informative

    The flight control and avionics networks as well as the hardware are separate from the passenger network.
    The concern is that a separate network of maintenance and some limited flight information data share the same up/down links as the passenger network. The FAA notice is to demonstrate to the FAA that there can be no interference between the maintenance and flight information data and the passenger network.
    Even if the maintenance and flight information data were compromised, at worst this would mean that the operating history of the aircraft is not accurate. This is a big deal but not something that will lead to in flight failure.
    An additional requirement of the FAA notice is to prohibit future passenger services without testing for interference and security.

  3. It's not UNSAFE it's uncompliant to CFR 14 regs by gelfling · · Score: 5, Informative

    Did you READ the report? I did. It doesn't say anything is unsafe. What it says is there are unique architectures in the systems that put them at odds with CFR 14 regulations compliance whether they present an actual or potential danger or not. Furthermore there's a comment in the report which states that Airbus objects to the regulatory findings on the basis that the 'standard' is too high level to offer any concrete value for implementation or compliance.

    Like any other IT security audit - compliance doesn't mean security it means compliance. And in the cases where there are deviations from the standard, the system has to be able to speak to that deviation and address it or contest it.