Slashdot Mirror

← Back to Stories (view on slashdot.org)

Boeing 787 May Be Vulnerable to Hacker Attack

Posted by Zonk on from the does-anyone-speak-l33t dept.

palegray.net writes "An article posted yesterday on Wired.com notes that 'Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.' They're already working on solutions to the problem - including placing more physical separation between aircraft networks and implementing more robust software-based firewalls."

38 of 332 comments (clear)

  1. Restriction on software during flight? by El_Muerte_TDS · · Score: 5, Funny

    No more playing MS Flight Sim.

    1. Re:Restriction on software during flight? by flyingfsck · · Score: 3, Funny

      Nope, you'll have to switch to Flight Gear http://www.flightgear.org/

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
    2. Re:Restriction on software during flight? by nospam007 · · Score: 5, Funny


      Bluetooth alert: New device detected, Boeing 787 Dreamliner, install?

  2. I don't get it... by Spalti · · Score: 5, Insightful

    Why aren't both networks physically completely seperated from each other?

    1. Re:I don't get it... by Brian+Gordon · · Score: 4, Insightful

      Why can you remotely control aircraft systems at all? There should be no network equipment to compromise in the first place!

    2. Re:I don't get it... by Nibbler999 · · Score: 4, Insightful

      Probably to save weight on cabling/hardware.

    3. Re:I don't get it... by __aaclcg7560 · · Score: 3, Interesting

      Maybe because their network designer has a civilian background instead of a military background?

    4. Re:I don't get it... by dunezone · · Score: 5, Funny

      Exactly, who the hell thought that it would be a good idea to allow the passenger network and pilot network system to even communicate with each other.

      Oh wait I got it, what if terrorist took over the cabin, but then a passenger(Justin Long) who is a master hacker controls the plane from his seat using his cell phone, and safely lands the plane but after he flipped it a few times so the terrorist would be knocked unconscious. Who has Bruckheimer's phone number I have an idea.

    5. Re:I don't get it... by badasscat · · Score: 5, Informative

      Why can you remotely control aircraft systems at all? There should be no network equipment to compromise in the first place!

      The 787 is fly by wire, like most new aircraft designs. It's all computer controlled, not mechanical.

      My guess is this - the "common core system" designed by Honeywell - has something to do with the various systems being connected. This is a system designed to simplify the airplane's various systems and reduce the number of separate systems (which means fewer failure points - usually a good thing in engineering). I do believe Boeing when they say that there are built-in separations and that the two systems are not completely tied together, but obviously it wasn't enough for the FAA. So they're fixing it. Nothing really all that unusual about a new airplane design; there are always various issues that need to be addressed before first flight.

    6. Re:I don't get it... by Naughty+Bob · · Score: 3, Informative

      It is mandatory that the avionics are physically disconnected from other systems. The story is a consequence of the Wired writers misunderstanding the FAA's report. A comment (by 'Vorsicht') in the article's comments points this out....

      --
      "Be light, stinging, insolent and melancholy"
    7. Re:I don't get it... by Com2Kid · · Score: 4, Insightful

      This article is FUD. I worked on the 787 avionics during my internship in summer 2006 on the exact system the article is talking about. It has been awhile so I don't know what is still under NDA and what isn't, but anyone who has taken a basic networking class and who knows how the network is setup will have no worries at all.

      (stupid NDA...)

      --
      Need help treating your acne? Come here!
    8. Re:I don't get it... by pchan- · · Score: 4, Interesting

      Modern cars have two or more control networks. The class-1 network controls things vital to the car operation and safety such as the anti-lock brakes, air bags, and steering. The class-2 network(s) are for things such as rolling down your windows, controlling your CD changer, and turning on your headlights. NOTHING is allowed on the class-1 net without rigorous validation. If your satellite radio module goes bad, it won't stop you from being able to safely control your vehicle. And these are just control networks, they are not allowing hundreds of users to bring in their personal computers and an Internet connection.

      Reading the story, it seemed like they wanted the airplane's maintenance systems to communicate with ground crews over the Internet, as well the aircraft reporting status to the airline while in flight. Personally, I'm uncomfortable with any part of the aircraft's vital systems being on the Internet.

    9. Re:I don't get it... by bepe86 · · Score: 3, Informative

      The reason for that is simple. Techs in the military (at least in the nation where I'm hired, are practically brainwashed into seperating every system regardless of classification, to prevent hazards like this. It's really a royal pain in the ass, especially when you have to deploy 4 or 5 parallell networks using fibre optics only to take it down in a week or two, when one network could've served it all, but it is totally understandable, and I think that a lot of civilian businesses has a lot to learn when it comes to this.

    10. Re:I don't get it... by fartingfool · · Score: 5, Insightful

      My guess is it has to do with controlling the actual system for the passenger use. Pilots gotta have access to the No Smoking sign switch for example. So without any real technical background in how these systems work, I'd say they were simply given a switch to turn access on or off etc, and that simply meant some sort of basic connection had to be issued between the cockpit systems and passenger entertainment systems.

      The FAA report doesn't say exactly what the connection is between the systems, it just says there is a connection. My guess is it's the FAA over-hyping a situation, or someone else, to try and get these birds as safe as possible. Although I would agree that the passenger system should be as isolated as possible, and if control of these systems is needed, just run separate lines that link only to that system, even if it is basically pointless if the connection I assume it is really is that simple. I guess i welcome my first post to /. too after reading it for a year or so and keepin my thoughts to myself =D

    11. Re:I don't get it... by Linker3000 · · Score: 5, Funny

      A simple solution would be to use Token Ring for the avionics and plain old 100BaseT for the passenger areas - and then send to Guantanamo anyone Googling 'madge' or 'wtf is 802.5'.

      --
      AT&ROFLMAO
    12. Re:I don't get it... by rlk · · Score: 4, Insightful

      "Not completely connected" is a very strange phrase. I could say that my laptop is "not completely connected" to the internet because there's a router between them. But either there's a connection between the two networks or there isn't. I don't know what it means to be connected at some points and not at others.

      The pilots certainly do need access to some of the cabin systems, for the seatbelt sign, for example. They may also need to be able to turn the cabin network off altogether. But those switches should have no signal connection of any kind to the maintenance and monitoring/control systems. The two networks should be physically partititioned.

      The way I read the article, there really are some connections between the networks (my guess is that it was simply cheaper or more convenient to link them), and the FAA's not happy with that state of affairs. I can't say I blame them.

      Somehow I have a suspicion that someone will crack this sooner or later, and the TSA will react by banning use of laptops or something equally foolish, rather than addressing the more basic fact that the plane's systems have not been hardened appropriately (in this case, by being physically partitioned).

    13. Re:I don't get it... by NoPantsJim · · Score: 5, Funny

      Claiming that you're under an NDA made me think you were completely BSing and trying to raise your e-coolness level.

      Then I saw your sig and realized you must be a college student studying engineering/networking/compsci. Sorry I ever doubted you.

      --
      Name...That...Autocomplete!
    14. Re:I don't get it... by GaryOlson · · Score: 4, Funny

      Exactly. The lower air pressure on the ether in the net could cause the firewall filter to actually pass packets as a result of reverse osmosis. This could be quite evident in streaming data which could possibly sublimate into a data cloud -- for which the filter was not designed. Albeit, the temperature will have to be increased in the firewall; or a longer timeout will need to be configured to allow for the higher altitude.

      --
      Every mans' island needs an ocean; choose your ocean carefully.
    15. Re:I don't get it... by wirelessbuzzers · · Score: 3, Informative

      "Not completely connected" is a very strange phrase... either there's a connection between the two networks or there isn't. I don't know what it means to be connected at some points and not at others. There could be a data diode between them. That would allow the passengers to see flight path and sensor statistics and hear the cabin radio, and allow the cabin lights and indicators to be controlled from the cockpit side without being physically isolated, but nothing on the cabin side could influence the cockpit side. They might also want to electrically isolate the two sides to block power surges from reaching the avionics (although they should already be hardened enough to handle that, because lightning strikes airplanes sometimes).
      --
      I hereby place the above post in the public domain.
    16. Re:I don't get it... by DieByWire · · Score: 4, Insightful

      That being said, there's a lot of regulation in the aerospace industry. Planes don't just fall out of the sky on accident.

      Actually, we try pretty hard to make sure that when it does happen, it is an accident.

      --
      Never shake hands with a man you meet in a fertility clinic.
    17. Re:I don't get it... by nonsequitor · · Score: 4, Interesting

      The article is not FUD, I don't know where you worked, but having worked on embedded systems for several planes, this one included, though indirectly since I ended up writing about 1/3 of the code base for the electronic flight bag for the 777, which is being used in the 787. I've also worked on systems for the new A380, all at various companies which Boeing and or EADS subcontract to for the various widgets that make up a plane.

      However, the system integrators are Boeing engineers at the manufacturing plant in Everett, WA. The decision to connect internal subnets to a live network would most likely be done at that level, by people who are not security minded, but have to make things as easy as possible for the people who buy these systems and have to use them, the airlines. The amount of users that have legitimate purposes for accessing these systems and communicating with them from the airline's network at the airport (another security risk) is very diverse. Many of which have to be assumed to be completely technologically illiterate.

      This combined with the fact that everything is ALWAYS LATE, so its rushed rather than designed correct the first time, leaves a non-zero probability that the network can become compromised from an attack which exploits vulnerabilities in these machines segregating the plane's systems from the passenger systems. Odds are its either a common industrial partitioned operating system (fancy talk for sandboxes, which may or may not be escapable), or a common one like a licensed and modified embedded windows, or embedded linux or BSD, depending on the vendor.

      I know for a fact though that some of those systems are embedded linux and advertised as such. What if one of those systems were designed on a 2.5 kernel? Impossible you say? There is a risk, dismissing it as FUD does not make it less of a risk.

    18. Re:I don't get it... by tylernt · · Score: 3, Insightful

      but to transfer that information there does need to be a connection somewhere.
      Yes, and I'll tell you how do it. Have an infrared transmitter on the avionics side and an IR receiver on the passenger side (the avionics has no receiver and the passengers have no transmitter) and aim them at each other. Now you can broadcast speed, altitude etc information without ever worrying about vulnerabilities (not even a raw power surge).

      There, I've just done three hundred man-hours of six-figure-salary engineering... in 5 minutes. I'll wait by my mailbox for the check. Thanks!
      --
      DRM 'manages access' in the same way that a prison 'manages freedom'
    19. Re:I don't get it... by Fred_A · · Score: 5, Funny

      So, to be clear. Every seat has a seat-back screen in front of it, capable of displaying messages - but you would prefer a separate wire going to every seat to power a 'fasten your seatbelts' bulb?

      Uh, OK. I'm in favor of a full fledged IRC server so that the pilots can talk to the passengers. After all if you have a network why not use it. /join UA435
      --- Welcome to Flight United Airlines 435 to Tokyo
      --- Please read the safety card in the back of the seat on fron of you

      <seat44G> HOW DOES THIS THING WORK?
      <seat112A> LOL n00b !!!
      <Pilot> Please fasten your seatbelts

      --

      May contain traces of nut.
      Made from the freshest electrons.
  3. The only totally secure network by Iphtashu+Fitz · · Score: 4, Interesting

    ... is one that's physically isolated. I can't think of one good reason why passengers should have any access whatsoever to command/control networks used by the airplane.

  4. Two seperate networks by maxrate · · Score: 3, Informative

    I'm not an avionics engineer - however, even in a small hotel I service, we keep the guest network and the hotel/admin network seperate. The only common hardware is the AC power and the modem that has a /28 assigned to it.

    1. Re:Two seperate networks by Ethanol-fueled · · Score: 5, Interesting

      Note: IAAFMAT(I am a former military avionics technician) and I ask, "why the hell did that happen?" The flight control subsystems should share only a power bus with the non-critical subsystems(if even that). My tinfoil-hat theory is that the control system was made to be hackable so that the government could take control of a hijacked aircraft to prevent another 9/11 (or to cause another 9/11, depending on your point of view).

  5. Yeah, WTF!? by mobby_6kl · · Score: 4, Interesting

    What kind of an idiot would put the flight control systems and the on-board entertainment/voip/net/pr0n on the same physical network? Were they trying to save weight/money by running only one cable through the plane?
    I recall reading about MS stuffing their software into cars (that probably evolved into Ford's SYNC) and even there the MS crap and the engine management systems were completely separate.

  6. who cares? by f1055man · · Score: 4, Insightful

    There are a few million easier ways to bring down an aircraft (or kill thousands and cause panic if that's your thing). Yes this is idiocy in engineering, but considering all the other threats I don't think it's way up the list. Ultimately, we aren't dead yet because there just aren't that many intelligent people that want to kill us, cause it just isn't that hard to pull off.

  7. Madness, and probably a violation of safety regs by Protonk · · Score: 3, Insightful

    I am not an avionics engineer, but I worked with electrical and electronic systems on nuclear power plants, and we had a pretty strict segregation between different types of systems--and with 0 connection between a critical system (power sensing, for example) and a non-critical system (Some water level management). That's not even COUNTING peripheral systems (computers on the local netowrk for email/ppt/xls).

    My thought is that some asshole at boeing decided to save some money on cable runs and ginned up an explanation of how software segregation would serve as an adequate barrier between flight critical systems and passenger systems. They never learn.

  8. Someone should get fired for this by Aaron+Isotton · · Score: 3, Insightful

    If what TFA claims is really true, i.e. that the passenger network is physically connected to the control and navigation system, then someone should get fired for this.

    The control and navigation system of an airplane is one of the most critical networks possible; the lives of hundreds of passengers (and potentially of thousands of people on the ground) depend on its correct functioning. There are not many more critical networks than that, except maybe control systems for weapons, nuclear plants and some factory control systems.

    Even the worst sysadmin out there knows that you do not physically connect such a highly sensitive, highly critical network to something crappy like the in-flight passenger entertainment network.

    Why should the two networks should be connected at all? To tell the passengers the current speed of the plane?

    The XBox was hacked. The playstation was hacked. DVDs were hacked. HD-DVD was hacked. Pretty much anything out there was hacked if someone had an interest in it (and mostly the interest wasn't commercial, just "for fun"). Even if they do aren't "completely connected" as Boeing claims, the danger of it being hacked is very real. On one hand you are not allowed to use your mobile phone on a plane, and on the other you can play with a network which is attached to the navigation and control system? Come on.

  9. Pilots access to Internet by alegrepublic · · Score: 4, Funny
    My guess is that the navigation and control network is connected to the Internet for one of the following reasons:
    • If the plane deviates from the flight plan, access to Google Maps may become handy to plan a new route
    • While on autopilot, access to certain web sites may provide some entertainment to the captain, who usually is a lonely man
    • Given the bad quality of many onboard speakers, announcements from the cockpit can be emailed or IM'ed to passengers
    • Hacker intrusion may be a better excuse than malfunctioning engine as the reason for a plane crash
    • No more planes grounded due to lack of pilot operating manual, as it could be easily downloaded from the Internet
    I am sure there are many other good reasons to connect the navigation network to the Internet, so this list is not exhaustive.
  10. Aviation software by shawkin · · Score: 4, Informative

    The flight control and avionics networks as well as the hardware are separate from the passenger network.
    The concern is that a separate network of maintenance and some limited flight information data share the same up/down links as the passenger network. The FAA notice is to demonstrate to the FAA that there can be no interference between the maintenance and flight information data and the passenger network.
    Even if the maintenance and flight information data were compromised, at worst this would mean that the operating history of the aircraft is not accurate. This is a big deal but not something that will lead to in flight failure.
    An additional requirement of the FAA notice is to prohibit future passenger services without testing for interference and security.

  11. The Equipment in Question by nonsequitor · · Score: 3, Informative
    http://www.astronautics.com/new/PIDDemo/Piddemo.html

    With 2 of those in the cockpit, one for pilot, one for copilot, each running 2 Operating Systems Linux/Windows, and all networked together since each box has 6 network interfaces on it. The thing would be a field day for hackers. While they were designing it a bunch of the consultants helping with the coding were ranting about possible security, but were ignored.

    I can't go into specifics because of my NDA, but considering it was 4 years ago I worked on it, I doubt that is still in force. Though I believe I can say I worked on it, and that information is all publicly available.

  12. It's not UNSAFE it's uncompliant to CFR 14 regs by gelfling · · Score: 5, Informative

    Did you READ the report? I did. It doesn't say anything is unsafe. What it says is there are unique architectures in the systems that put them at odds with CFR 14 regulations compliance whether they present an actual or potential danger or not. Furthermore there's a comment in the report which states that Airbus objects to the regulatory findings on the basis that the 'standard' is too high level to offer any concrete value for implementation or compliance.

    Like any other IT security audit - compliance doesn't mean security it means compliance. And in the cases where there are deviations from the standard, the system has to be able to speak to that deviation and address it or contest it.

  13. Re:Wow, this is scary by ddrichardson · · Score: 3, Insightful

    If that worries you, then I look into Airbus - at least Boeing beleives the pilot should always have the last say, not the computer

    --
    A thistle is a fat salad for an ass's mouth...
  14. Hi There ... by IchBinEinPenguin · · Score: 3, Funny

    ... It looks like you're trying to take over the flight controls ...

    Or, for a more unix-y flavour...

    # cat /dev/random > /dev/aileron

  15. DHCP by elronxenu · · Score: 5, Funny
    Check current IP address

  16. A little perspective by mcrbids · · Score: 4, Insightful

    Queue up 11,000 A/C posts about H4X0RZ Cr45h1n6 for REALZ Do0DEZ!.

    This is not a "Windows vs Linux" thing. These are highly specialized data networks designed specifically for aircraft. The typical running life of a big jet is some 40 years or more - the idea of a consumer O/S such as Windows (or even Linux) being suitable for such a situation is simply stupid. Everything is coded in firmware, micro-processor based, with a likelyhood of actually crashing accidentally being somewhat less likely than getting struck by lightning on a sunny day while sitting in the cellar of your 4-story house.

    Not bloody likely.

    But, actual, malicious attack? Possible - and if there was *ANY* connection between the passenger data networks and the main control networks, that's an issue that must be addressed.

    Most likely, the FAA found some part that was connected to both networks, that itself was not capable of actually transmitting data. But they're being car eful, as is their job, since lives are on the line.

    Go FAA!

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.