Slashdot Mirror

← Back to Stories (view on slashdot.org)

Boeing 787 May Be Vulnerable to Hacker Attack

Posted by Zonk on from the does-anyone-speak-l33t dept.

palegray.net writes "An article posted yesterday on Wired.com notes that 'Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.' They're already working on solutions to the problem - including placing more physical separation between aircraft networks and implementing more robust software-based firewalls."

9 of 332 comments (clear)

  1. I don't get it... by Spalti · · Score: 5, Insightful

    Why aren't both networks physically completely seperated from each other?

    1. Re:I don't get it... by Brian+Gordon · · Score: 4, Insightful

      Why can you remotely control aircraft systems at all? There should be no network equipment to compromise in the first place!

    2. Re:I don't get it... by Nibbler999 · · Score: 4, Insightful

      Probably to save weight on cabling/hardware.

    3. Re:I don't get it... by Com2Kid · · Score: 4, Insightful

      This article is FUD. I worked on the 787 avionics during my internship in summer 2006 on the exact system the article is talking about. It has been awhile so I don't know what is still under NDA and what isn't, but anyone who has taken a basic networking class and who knows how the network is setup will have no worries at all.

      (stupid NDA...)

      --
      Need help treating your acne? Come here!
    4. Re:I don't get it... by fartingfool · · Score: 5, Insightful

      My guess is it has to do with controlling the actual system for the passenger use. Pilots gotta have access to the No Smoking sign switch for example. So without any real technical background in how these systems work, I'd say they were simply given a switch to turn access on or off etc, and that simply meant some sort of basic connection had to be issued between the cockpit systems and passenger entertainment systems.

      The FAA report doesn't say exactly what the connection is between the systems, it just says there is a connection. My guess is it's the FAA over-hyping a situation, or someone else, to try and get these birds as safe as possible. Although I would agree that the passenger system should be as isolated as possible, and if control of these systems is needed, just run separate lines that link only to that system, even if it is basically pointless if the connection I assume it is really is that simple. I guess i welcome my first post to /. too after reading it for a year or so and keepin my thoughts to myself =D

    5. Re:I don't get it... by rlk · · Score: 4, Insightful

      "Not completely connected" is a very strange phrase. I could say that my laptop is "not completely connected" to the internet because there's a router between them. But either there's a connection between the two networks or there isn't. I don't know what it means to be connected at some points and not at others.

      The pilots certainly do need access to some of the cabin systems, for the seatbelt sign, for example. They may also need to be able to turn the cabin network off altogether. But those switches should have no signal connection of any kind to the maintenance and monitoring/control systems. The two networks should be physically partititioned.

      The way I read the article, there really are some connections between the networks (my guess is that it was simply cheaper or more convenient to link them), and the FAA's not happy with that state of affairs. I can't say I blame them.

      Somehow I have a suspicion that someone will crack this sooner or later, and the TSA will react by banning use of laptops or something equally foolish, rather than addressing the more basic fact that the plane's systems have not been hardened appropriately (in this case, by being physically partitioned).

    6. Re:I don't get it... by DieByWire · · Score: 4, Insightful

      That being said, there's a lot of regulation in the aerospace industry. Planes don't just fall out of the sky on accident.

      Actually, we try pretty hard to make sure that when it does happen, it is an accident.

      --
      Never shake hands with a man you meet in a fertility clinic.
  2. who cares? by f1055man · · Score: 4, Insightful

    There are a few million easier ways to bring down an aircraft (or kill thousands and cause panic if that's your thing). Yes this is idiocy in engineering, but considering all the other threats I don't think it's way up the list. Ultimately, we aren't dead yet because there just aren't that many intelligent people that want to kill us, cause it just isn't that hard to pull off.

  3. A little perspective by mcrbids · · Score: 4, Insightful

    Queue up 11,000 A/C posts about H4X0RZ Cr45h1n6 for REALZ Do0DEZ!.

    This is not a "Windows vs Linux" thing. These are highly specialized data networks designed specifically for aircraft. The typical running life of a big jet is some 40 years or more - the idea of a consumer O/S such as Windows (or even Linux) being suitable for such a situation is simply stupid. Everything is coded in firmware, micro-processor based, with a likelyhood of actually crashing accidentally being somewhat less likely than getting struck by lightning on a sunny day while sitting in the cellar of your 4-story house.

    Not bloody likely.

    But, actual, malicious attack? Possible - and if there was *ANY* connection between the passenger data networks and the main control networks, that's an issue that must be addressed.

    Most likely, the FAA found some part that was connected to both networks, that itself was not capable of actually transmitting data. But they're being car eful, as is their job, since lives are on the line.

    Go FAA!

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.