Slashdot Mirror

← Back to Stories (view on slashdot.org)

Boeing 787 May Be Vulnerable to Hacker Attack

Posted by Zonk on from the does-anyone-speak-l33t dept.

palegray.net writes "An article posted yesterday on Wired.com notes that 'Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.' They're already working on solutions to the problem - including placing more physical separation between aircraft networks and implementing more robust software-based firewalls."

28 of 332 comments (clear)

  1. I don't get it... by Spalti · · Score: 5, Insightful

    Why aren't both networks physically completely seperated from each other?

    1. Re:I don't get it... by Brian+Gordon · · Score: 4, Insightful

      Why can you remotely control aircraft systems at all? There should be no network equipment to compromise in the first place!

    2. Re:I don't get it... by Nibbler999 · · Score: 4, Insightful

      Probably to save weight on cabling/hardware.

    3. Re:I don't get it... by Com2Kid · · Score: 4, Insightful

      This article is FUD. I worked on the 787 avionics during my internship in summer 2006 on the exact system the article is talking about. It has been awhile so I don't know what is still under NDA and what isn't, but anyone who has taken a basic networking class and who knows how the network is setup will have no worries at all.

      (stupid NDA...)

      --
      Need help treating your acne? Come here!
    4. Re:I don't get it... by fartingfool · · Score: 5, Insightful

      My guess is it has to do with controlling the actual system for the passenger use. Pilots gotta have access to the No Smoking sign switch for example. So without any real technical background in how these systems work, I'd say they were simply given a switch to turn access on or off etc, and that simply meant some sort of basic connection had to be issued between the cockpit systems and passenger entertainment systems.

      The FAA report doesn't say exactly what the connection is between the systems, it just says there is a connection. My guess is it's the FAA over-hyping a situation, or someone else, to try and get these birds as safe as possible. Although I would agree that the passenger system should be as isolated as possible, and if control of these systems is needed, just run separate lines that link only to that system, even if it is basically pointless if the connection I assume it is really is that simple. I guess i welcome my first post to /. too after reading it for a year or so and keepin my thoughts to myself =D

    5. Re:I don't get it... by rlk · · Score: 4, Insightful

      "Not completely connected" is a very strange phrase. I could say that my laptop is "not completely connected" to the internet because there's a router between them. But either there's a connection between the two networks or there isn't. I don't know what it means to be connected at some points and not at others.

      The pilots certainly do need access to some of the cabin systems, for the seatbelt sign, for example. They may also need to be able to turn the cabin network off altogether. But those switches should have no signal connection of any kind to the maintenance and monitoring/control systems. The two networks should be physically partititioned.

      The way I read the article, there really are some connections between the networks (my guess is that it was simply cheaper or more convenient to link them), and the FAA's not happy with that state of affairs. I can't say I blame them.

      Somehow I have a suspicion that someone will crack this sooner or later, and the TSA will react by banning use of laptops or something equally foolish, rather than addressing the more basic fact that the plane's systems have not been hardened appropriately (in this case, by being physically partitioned).

    6. Re:I don't get it... by ckedge · · Score: 2, Insightful

      So you're saying that the networks ARE connected, and it's only the routers and the "networking" that "separate" them.

      [extreme sarcasm] Routers and switches have never had vulnerabilities before... I'm not worried at all!!![/e]

      Please leave the mission-critical security analysis to the rest of us, okay NEWB?

    7. Re:I don't get it... by ZorinLynx · · Score: 2, Insightful

      >The pilots certainly do need access to some of the cabin systems, for the seatbelt sign, for example.

      Why does there have to be a "network" for this at all? What happened to a simple *switch*, *light bulbs*, and wires to connect them to the battery? It's reliable, works well, and cheap. And you don't have to worry about passengers hacking the jet through the seatbelt light.

      Why are companies so obsessed with making things needlessly complicated these days? I'm a geek, and love computers. But there are some things that are so simple, you don't need a computer to make them work. The seatbelt light on a plane is one of these things. Snap switch. Light bulbs. Power source. Wires. DONE. End of story.

    8. Re:I don't get it... by Angostura · · Score: 2, Insightful

      So, to be clear. Every seat has a seat-back screen in front of it, capable of displaying messages - but you would prefer a separate wire going to every seat to power a 'fasten your seatbelts' bulb?

      Uh, OK.

    9. Re:I don't get it... by DieByWire · · Score: 4, Insightful

      That being said, there's a lot of regulation in the aerospace industry. Planes don't just fall out of the sky on accident.

      Actually, we try pretty hard to make sure that when it does happen, it is an accident.

      --
      Never shake hands with a man you meet in a fertility clinic.
    10. Re:I don't get it... by stu72 · · Score: 2, Insightful

      All very true, but I think the idea most people are trying to get across is that instead of 1 Ethernet network linking everything, or 1 wire for each function, there should be at least 2 Ethernets. 1 for critical control elements. 1 for everything else. No connection. None. I can't see this significantly increasing the cost/weight/etc. And it's the only way to ensure the plane is not susceptible to network attacks.

    11. Re:I don't get it... by tylernt · · Score: 3, Insightful

      but to transfer that information there does need to be a connection somewhere.
      Yes, and I'll tell you how do it. Have an infrared transmitter on the avionics side and an IR receiver on the passenger side (the avionics has no receiver and the passengers have no transmitter) and aim them at each other. Now you can broadcast speed, altitude etc information without ever worrying about vulnerabilities (not even a raw power surge).

      There, I've just done three hundred man-hours of six-figure-salary engineering... in 5 minutes. I'll wait by my mailbox for the check. Thanks!
      --
      DRM 'manages access' in the same way that a prison 'manages freedom'
    12. Re:I don't get it... by SillyNickName4me · · Score: 2, Insightful

      Why should cabin systems be the pilot's responsibility at all? Let the flight attendants attend to seatbelts and lighting and climate control, and let the pilot keep his attention on flying the plane.


      Because the cabin systems directly affect resource usage.

      - An enterprising hijacker could use this to drain the available electrical energy and make operating the aircraft difficult to impossible

      - A pilot needs to be able to shutdown systems in case of emergency (like, we only have 50% generator capacity because we lost an engine, is it going to be used to actually fly the airplane, or to present nice pictures on displays in the cabin)

      Even when you make flight attendants responsible for it in normal circumstances, you do need a way to override it from the cockpit.
    13. Re:I don't get it... by phoenix321 · · Score: 2, Insightful

      Override yes, full control no. Let the pilot have a three-way switch that can be set to "full on", "reduced power" (lights, maybe meals but no entertainment) and "all non-critical subsystems off" (20x 1W emergency LED lighting only). And the rest can then be set by the main flight attendant.

      This way, the pilot has an quick and easy chance of turning everything off in an emergency and the layer separation between avionics and utilitiy systems is as good as it can be. No hacker and hijacker can then drain the plane's energy supply AND no hacker can interfere with the flight controls.

      Simple, reliable one-way connections only. For data transfer we have things like forward error corrections already and the optical one-way interconnect should work extremely well. Use a standard gigabit optical fiber connection with only the sending fiber connected, as the IR-connection is too simply and error prone. Gigabit fiber has enough bandwidth, is electrically isolating and inherently secure. Why don't they use optical connections for the airplane version of the CAN bus anyway?

  2. Wow, this is scary by Anonymous Coward · · Score: 1, Insightful

    There are dozens of landing patterns in America where a couple hundred feet to the right or left and you have another 9/11. I sure hope they get this fixed before this thing flies anywhere.

    1. Re:Wow, this is scary by ddrichardson · · Score: 3, Insightful

      If that worries you, then I look into Airbus - at least Boeing beleives the pilot should always have the last say, not the computer

      --
      A thistle is a fat salad for an ass's mouth...
  3. Madness by UESMark · · Score: 2, Insightful

    This is pretty much the exact type of situation they invented red/black networks for. I can't imagine how any design for a passenger accessible network wouldn't use completely segregated networks for a)passenger use, b)flight logistics and maintenance, and c)actual flight control operations. And given the giant nightmarish spiderweb that aircraft wiring harnesses tend to be I'm guessing it will be a non-trivial task to implement it now, even ignoring the software and systems redesigns that would be required.

  4. who cares? by f1055man · · Score: 4, Insightful

    There are a few million easier ways to bring down an aircraft (or kill thousands and cause panic if that's your thing). Yes this is idiocy in engineering, but considering all the other threats I don't think it's way up the list. Ultimately, we aren't dead yet because there just aren't that many intelligent people that want to kill us, cause it just isn't that hard to pull off.

  5. Madness, and probably a violation of safety regs by Protonk · · Score: 3, Insightful

    I am not an avionics engineer, but I worked with electrical and electronic systems on nuclear power plants, and we had a pretty strict segregation between different types of systems--and with 0 connection between a critical system (power sensing, for example) and a non-critical system (Some water level management). That's not even COUNTING peripheral systems (computers on the local netowrk for email/ppt/xls).

    My thought is that some asshole at boeing decided to save some money on cable runs and ginned up an explanation of how software segregation would serve as an adequate barrier between flight critical systems and passenger systems. They never learn.

  6. Doesn't say how the networks are connected.... by poor_boi · · Score: 2, Insightful

    The article doesn't specify how the networks are connected. It could be something fairly innocuous like sharing the same power source. I seriously doubt they put the passenger internet access on the same packet-switched network as flight control. But who knows...

  7. Someone should get fired for this by Aaron+Isotton · · Score: 3, Insightful

    If what TFA claims is really true, i.e. that the passenger network is physically connected to the control and navigation system, then someone should get fired for this.

    The control and navigation system of an airplane is one of the most critical networks possible; the lives of hundreds of passengers (and potentially of thousands of people on the ground) depend on its correct functioning. There are not many more critical networks than that, except maybe control systems for weapons, nuclear plants and some factory control systems.

    Even the worst sysadmin out there knows that you do not physically connect such a highly sensitive, highly critical network to something crappy like the in-flight passenger entertainment network.

    Why should the two networks should be connected at all? To tell the passengers the current speed of the plane?

    The XBox was hacked. The playstation was hacked. DVDs were hacked. HD-DVD was hacked. Pretty much anything out there was hacked if someone had an interest in it (and mostly the interest wasn't commercial, just "for fun"). Even if they do aren't "completely connected" as Boeing claims, the danger of it being hacked is very real. On one hand you are not allowed to use your mobile phone on a plane, and on the other you can play with a network which is attached to the navigation and control system? Come on.

  8. Re:Two seperate networks by ddrichardson · · Score: 2, Insightful

    I am a Military Avionics Technician and I must admit that I find this report confusing.

    The only thing that is being suggested is that the passenger system could corrupt the flight systems which I find unlikely - it's chalk and cheese with regard to how these systems communicate. The only way I can see a problem is if one of the Avionic bus controllers is swamped by requests from one of the passenger systems.

    I know this isn't a military design but surely the flight systems such as flight management and navigation are not on the same bus?

    Disclaimer - Digital is new in my countries military ;-)

    --
    A thistle is a fat salad for an ass's mouth...
  9. Re:Madness, and probably a violation of safety reg by ddrichardson · · Score: 2, Insightful

    My thought is that some asshole at boeing decided to save some money on cable runs

    While I completely agree, designers are always under pressure to reduce the amount of wiring looms - they add a surptising amount of weight thereby decreasing fuel economy.

    --
    A thistle is a fat salad for an ass's mouth...
  10. Re:Madness, and probably a violation of safety reg by Protonk · · Score: 2, Insightful

    Right. I also posted a link later that showed that I was overestimating the seperation required between critical systems and non-critical systems and among critical systems. That being said, I don't feel that most of the decisions to skimp on safety measures are taken by engineers, they are taken by management over the protests of engineers. In my experience, engineers tend to overdo it. :)

  11. Act of Faith by Blakey+Rat · · Score: 2, Insightful

    Considering Boeing is the world's leader in passenger aircraft, how about we just give them the benefit of the doubt that they aren't retards?

    "Sure, Boeing's spent a decade designing this plane with thousands of engineers, but I read a short Slashdot story summary and now I'm going to decree I know more than them!"

    --
    Comment of the year
  12. Further proof Wired SUCKS at news. by GigG · · Score: 2, Insightful

    The FAA document in question is basically saying that there needs to be some previously unneeded standards for certification for the 787 just to make sure that the electronics can't be used to do what the Wired artcle and the headline of this thread threatens.

    --
    Is buying a Harley Davidson as your first motorcycle since you were 16 at age 49 a midlife crisis issue?
  13. A little perspective by mcrbids · · Score: 4, Insightful

    Queue up 11,000 A/C posts about H4X0RZ Cr45h1n6 for REALZ Do0DEZ!.

    This is not a "Windows vs Linux" thing. These are highly specialized data networks designed specifically for aircraft. The typical running life of a big jet is some 40 years or more - the idea of a consumer O/S such as Windows (or even Linux) being suitable for such a situation is simply stupid. Everything is coded in firmware, micro-processor based, with a likelyhood of actually crashing accidentally being somewhat less likely than getting struck by lightning on a sunny day while sitting in the cellar of your 4-story house.

    Not bloody likely.

    But, actual, malicious attack? Possible - and if there was *ANY* connection between the passenger data networks and the main control networks, that's an issue that must be addressed.

    Most likely, the FAA found some part that was connected to both networks, that itself was not capable of actually transmitting data. But they're being car eful, as is their job, since lives are on the line.

    Go FAA!

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  14. Re:Restriction on software during flight? by Nullav · · Score: 2, Insightful

    Well I'd assume at least those intending to make use of this would. That's like asking how many people have lock picks, when talking about securing doors.

    --
    I just read Slashdot for the articles.