Slashdot Mirror

← Back to Stories (view on slashdot.org)

Boeing 787 May Be Vulnerable to Hacker Attack

Posted by Zonk on from the does-anyone-speak-l33t dept.

palegray.net writes "An article posted yesterday on Wired.com notes that 'Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.' They're already working on solutions to the problem - including placing more physical separation between aircraft networks and implementing more robust software-based firewalls."

12 of 332 comments (clear)

  1. Restriction on software during flight? by El_Muerte_TDS · · Score: 5, Funny

    No more playing MS Flight Sim.

    1. Re:Restriction on software during flight? by nospam007 · · Score: 5, Funny


      Bluetooth alert: New device detected, Boeing 787 Dreamliner, install?

  2. I don't get it... by Spalti · · Score: 5, Insightful

    Why aren't both networks physically completely seperated from each other?

    1. Re:I don't get it... by dunezone · · Score: 5, Funny

      Exactly, who the hell thought that it would be a good idea to allow the passenger network and pilot network system to even communicate with each other.

      Oh wait I got it, what if terrorist took over the cabin, but then a passenger(Justin Long) who is a master hacker controls the plane from his seat using his cell phone, and safely lands the plane but after he flipped it a few times so the terrorist would be knocked unconscious. Who has Bruckheimer's phone number I have an idea.

    2. Re:I don't get it... by badasscat · · Score: 5, Informative

      Why can you remotely control aircraft systems at all? There should be no network equipment to compromise in the first place!

      The 787 is fly by wire, like most new aircraft designs. It's all computer controlled, not mechanical.

      My guess is this - the "common core system" designed by Honeywell - has something to do with the various systems being connected. This is a system designed to simplify the airplane's various systems and reduce the number of separate systems (which means fewer failure points - usually a good thing in engineering). I do believe Boeing when they say that there are built-in separations and that the two systems are not completely tied together, but obviously it wasn't enough for the FAA. So they're fixing it. Nothing really all that unusual about a new airplane design; there are always various issues that need to be addressed before first flight.

    3. Re:I don't get it... by fartingfool · · Score: 5, Insightful

      My guess is it has to do with controlling the actual system for the passenger use. Pilots gotta have access to the No Smoking sign switch for example. So without any real technical background in how these systems work, I'd say they were simply given a switch to turn access on or off etc, and that simply meant some sort of basic connection had to be issued between the cockpit systems and passenger entertainment systems.

      The FAA report doesn't say exactly what the connection is between the systems, it just says there is a connection. My guess is it's the FAA over-hyping a situation, or someone else, to try and get these birds as safe as possible. Although I would agree that the passenger system should be as isolated as possible, and if control of these systems is needed, just run separate lines that link only to that system, even if it is basically pointless if the connection I assume it is really is that simple. I guess i welcome my first post to /. too after reading it for a year or so and keepin my thoughts to myself =D

    4. Re:I don't get it... by Linker3000 · · Score: 5, Funny

      A simple solution would be to use Token Ring for the avionics and plain old 100BaseT for the passenger areas - and then send to Guantanamo anyone Googling 'madge' or 'wtf is 802.5'.

      --
      AT&ROFLMAO
    5. Re:I don't get it... by NoPantsJim · · Score: 5, Funny

      Claiming that you're under an NDA made me think you were completely BSing and trying to raise your e-coolness level.

      Then I saw your sig and realized you must be a college student studying engineering/networking/compsci. Sorry I ever doubted you.

      --
      Name...That...Autocomplete!
    6. Re:I don't get it... by Fred_A · · Score: 5, Funny

      So, to be clear. Every seat has a seat-back screen in front of it, capable of displaying messages - but you would prefer a separate wire going to every seat to power a 'fasten your seatbelts' bulb?

      Uh, OK. I'm in favor of a full fledged IRC server so that the pilots can talk to the passengers. After all if you have a network why not use it. /join UA435
      --- Welcome to Flight United Airlines 435 to Tokyo
      --- Please read the safety card in the back of the seat on fron of you

      <seat44G> HOW DOES THIS THING WORK?
      <seat112A> LOL n00b !!!
      <Pilot> Please fasten your seatbelts

      --

      May contain traces of nut.
      Made from the freshest electrons.
  3. Re:Two seperate networks by Ethanol-fueled · · Score: 5, Interesting

    Note: IAAFMAT(I am a former military avionics technician) and I ask, "why the hell did that happen?" The flight control subsystems should share only a power bus with the non-critical subsystems(if even that). My tinfoil-hat theory is that the control system was made to be hackable so that the government could take control of a hijacked aircraft to prevent another 9/11 (or to cause another 9/11, depending on your point of view).

  4. It's not UNSAFE it's uncompliant to CFR 14 regs by gelfling · · Score: 5, Informative

    Did you READ the report? I did. It doesn't say anything is unsafe. What it says is there are unique architectures in the systems that put them at odds with CFR 14 regulations compliance whether they present an actual or potential danger or not. Furthermore there's a comment in the report which states that Airbus objects to the regulatory findings on the basis that the 'standard' is too high level to offer any concrete value for implementation or compliance.

    Like any other IT security audit - compliance doesn't mean security it means compliance. And in the cases where there are deviations from the standard, the system has to be able to speak to that deviation and address it or contest it.

  5. DHCP by elronxenu · · Score: 5, Funny
    Check current IP address