Slashdot Mirror

← Back to Stories (view on slashdot.org)

Access Codes For United Cockpit Doors Accidentally Posted Online (techcrunch.com)

Posted by BeauHD on from the whoopsie-daisy dept.

According to the Wall Street Journal, the access codes to United's cockpit doors were accidentally posted on a public website by a flight attendant. "[United Continental Holdings], which owns United Airlines and United Express, asked pilots to follow security procedures already in use, including visually confirming someone's identity before they are allowed onto the flight deck even if they enter the correct security code into the cockpit door's keypad," reports TechCrunch. From the report: The Air Line Pilots Association, a union that represents 55,000 pilots in the U.S. and Canada, told the WSJ on Sunday that the problem had been fixed. The notable thing about this security breach is that it was caused by human error, not a hack, and illustrates how vulnerable cockpits are to intruders despite existing safety procedures. The Air Line Pilots Association has advocated for secondary barriers made from mesh or steel cables to be installed on cockpits doors to make it harder to break into, but airlines have said that they aren't necessary.

26 of 109 comments (clear)

  1. In case you wondered... by JonnyCalcutta · · Score: 4, Funny

    It is 0000

    1. Re:In case you wondered... by Opportunist · · Score: 4, Insightful

      You joke, but you'd be surprised how much critical infrastructure is insecure simply because "Hey, nobody can get here anyway".

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:In case you wondered... by Rockoon · · Score: 2

      Dear Valued Employee. Because your PIN has been compromised we have randomly generated a new PIN for you. Your new PIN is 5555. Please do not write this down.

      --
      "His name was James Damore."
    3. Re:In case you wondered... by fph+il+quozientatore · · Score: 2, Funny

      That's amazing. I've got the same combination on my luggage!

      --
      My first program:

      Hell Segmentation fault

    4. Re:In case you wondered... by Opportunist · · Score: 2

      The obligatory xkcd.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    5. Re:In case you wondered... by _merlin · · Score: 2

      2580 opens a surprising number of electronic security doors, including some hospitals and brothels I know of.

    6. Re: In case you wondered... by hviezda14 · · Score: 2, Funny

      Actually, system of PINs has been hacked. Attackers had revealed all the PINs on the Internet. You can check yours, but it's there! Why are we still using them, if anyone can find them online??? http://l33tn3rdz.deviantart.co...

    7. Re:In case you wondered... by michelcolman · · Score: 5, Informative

      The code doesn't matter that much. There are two codes, a normal one and an emergency one.

      The normal code just makes an audible signal in the cockpit. The pilots then look at the camera screen to make sure that it's a crew member with no terrorists behind him/her. If all looks OK, they flip a switch to unlock the door. So what if a terrorists knows the code? The pilots will see "hey, that person's not supposed to enter" and keep the door shut. And yes, we do always check the camera. Our life could depend on it.

      Then what about the emergency code? It causes a similar sound that goes on for 30 seconds. If no action is taken by the pilots during those 30 seconds, the door is briefly unlocked so it can be pushed open. However, the pilots can simply block entry with a single switch. Since they have 30 seconds to do so, this is not really a big security risk either. The purpose is just to allow a crew member to enter if the pilot(s) are incapacitated.

      People get freaked out "OMG they have the access codes to the cockpit" but in reality this really is a non-issue. We had the same problem in my company, some comedian said the codes on a radio show and we got all these memos changing the codes and reminding us how vitally important it supposedly was that they were kept secret. Big deal. They might as well install a simple button instead of a keypad, it wouldn't make a difference.

    8. Re:In case you wondered... by michelcolman · · Score: 5, Insightful

      Well, if the terrorists are already in the cockpit, all bets are off. Obviously. Do you have a better idea?

    9. Re:In case you wondered... by Anonymous Coward · · Score: 3, Informative

      Look, this is Slashdot. Without fail some guy will spend maybe three seconds thinking and then post his pin-headed conclusion about what's wrong with something, as if everyone else in the world is an idiot and can't consider even the simplest things. That guy is always wrong.

    10. Re:In case you wondered... by hey! · · Score: 2

      Because United is run by Assholes.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    11. Re:In case you wondered... by swb · · Score: 2

      The world is always more rational and well-organized in mom's basement.

      That being said, I do think there are a disturbing number of times that large groups and organizations perpetuate some really bad designs/systems and a fix is obvious (and sometimes even tested) to an outsider. Kind of an emperor wears no clothes kind of situation, and probably, if you looked into it, it's something perpetuated for reasons (like making money) that have nothing to do with problem solving or design.

    12. Re:In case you wondered... by wonkey_monkey · · Score: 3, Funny

      They might as well install a simple button instead of a keypad, it wouldn't make a difference.

      Unless the pilots are incapacitated and there's a terrorist onboard! Are you trying to get us all killed?!

      What if they put a call out for a doctor to treat the pilots and the online doctor onboard is a terrorist... wait, forget I said that, it's copyrighted and you can't have it because it's my screenplay now.

      --
      systemd is Roko's Basilisk.
    13. Re:In case you wondered... by michelcolman · · Score: 2

      We don't "rely on the consent of the computer to do any manual flying". We can turn off the autopilot at any time. On Airbus there are a few very basic protections that are still active in manual flight (excessive load factor, bank angle, stall) but even those can be turned off by degrading the system to the most basic flight mode.

      There is currently NO system that prevents the pilots from flying into a mountain. We do have Enhanced Ground Proximity Warning System, but it's only an aural warning. Occasionally it malfunctions because of a database problem or something like that, giving warnings during final approach ("Terrain, terrain, pull up!") while we can actually see the runway right in front of us. On one occasion it was still yelling "Pull up!" when we were already on the ground, rolling out on the runway, I couldn't believe it myself. Imagine what would happen if the system would take over and keep the pilots from landing the plane!

      Airplane design takes all kinds of possible failures into account. You might say "the computer should keep the pilots from doing such and such" but a good airplane designer immediately counters with "but what if that system malfunctions?". System malfunctions are way more common, that's why pilots have to be able to override anything.

      Just to give you an idea: there have been several instances where, due to a malfunction with the angle of attack probes, airbus flight computers were convinced that the airplane was stalling and violently pushed the nose down. The only way to save the airplane was by turning off two of the Air Data Computers, degrading the flight control mode to basic law. That's just one of many, many things that can go wrong when you let automation override the pilots. Airbus has already gone too far in my opinion.

  2. The access code is by PSXer · · Score: 3, Funny

    1... 2... 3... 4........ 5

  3. Why do they have set codes? by CastrTroy · · Score: 2

    The bigger question is why they have set codes at all. There are only a set number of people on each flight who might need to access the cockpit. They should really just have the pilots set a code before anybody else boards the plane, and have the relevant people notified of the code before the flight. Even better if the code is random generated by a computer.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    1. Re:Why do they have set codes? by Nidi62 · · Score: 2

      The bigger question is why they have set codes at all. There are only a set number of people on each flight who might need to access the cockpit. They should really just have the pilots set a code before anybody else boards the plane, and have the relevant people notified of the code before the flight. Even better if the code is random generated by a computer.

      The Germanwings crash is a good example of this. With codes that can be changed from inside the cockpit, once someone has access they can deny access to anyone else. Also, you could have crew (both cockpit and cabin crew) operate 3 different aircraft in a day depending on their schedule, or at elast operate with different crews. If there is an emergency and you need to access the cockpit (maybe a pilot has a medical emergency and the other pilot has to handle actually flying the plane and contacting ATC so a flight attendant needs to assist the pilot with the medical issue) it is a lot easier to remember one standard password than what the password happens to be for this leg of your shift.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  4. Strong door have a downside... by Bearhouse · · Score: 4, Insightful

    https://en.wikipedia.org/wiki/...

    According to French and German prosecutors, the crash was deliberately caused by the co-pilot, Andreas Lubitz.[29][97][98] Brice Robin said Lubitz was initially courteous to Captain Sondenheimer during the first part of the flight, then became "curt" when the captain began the mid-flight briefing on the planned landing.[99] Robin said when the captain returned from a probable toilet break and tried to enter the cockpit, Lubitz had locked the door.[29][97] The captain had a code to unlock the door, but the lock's code panel can be disabled from the cockpit controls.[7][100] The captain requested re-entry using the intercom; he knocked and then banged on the door, but received no response.[101] The captain then tried to break down the door.[16][77][102] During the descent, the co-pilot did not respond to questions from air traffic control and did not transmit a distress call.[103] Robin said contact from the Marseille air traffic control tower, the captain's attempts to break in, and Lubitz's steady breathing were audible on the cockpit voice recording.[97][104] The screams of passengers in the last moments before impact were also heard on the recording.[99]

    After their initial analysis of the aircraft's flight data recorder, the BEA concluded that Lubitz deliberately crashed the aircraft. He had set the autopilot to descend to 100 feet (30 m) and accelerated the speed of the descending aircraft several times thereafter.[105][106] The aircraft was travelling at 700 kilometres per hour (430 mph) when it crashed into the mountain.[99] The BEA preliminary report into the crash was published on 6 May 2015, six weeks later. It confirmed the initial analysis of the aircraft's flight data recorder and revealed that during the earlier outbound Flight 9524 from Düsseldorf to Barcelona, Lubitz had practised setting the autopilot altitude dial to 100 feet several times while the captain was out of the cockpit.[107][108]

    1. Re:Strong door have a downside... by Kjella · · Score: 4, Interesting

      cockpits should have their own loo. airlines would be against this, too. surprise surprise. that's even more expensive than reinforcing the doors even more than they have been already. that extra 10 square feet of cabin space could hold at least 6 paying passengers!

      I'm sure they could have made some kind of double-entry toilet, the question is how much of a difference it'd make. Even if we assume he was too cowardly to directly assault the other pilot, he could have drugged his food, blocked the toilet door, created some kind of pretext to get the captain to go to the passenger/cargo area or whatever. Even getting him to the doorway would be enough if you can just push/throw/kick him out and slam the door shut behind you. It's a trusted co-worker, not someone you'd suspect being a potential hijacker/terrorist so he wouldn't see it coming.

      --
      Live today, because you never know what tomorrow brings
    2. Re:Strong door have a downside... by jittles · · Score: 3, Interesting

      We dont really have any way to protect against the possibility that the pilot may be not want to live..

      That's not remotely true. The actions of that GermanWings pilot would have never worked in the US. When a pilot leaves the cockpit, someone else from the crew takes his place. If you watch you'll see that they notify the flight attendants that someone is planning to leave the flight deck. Two flight attendants come forward. One blocks the aisle with a cart and the other goes into the cockpit before the pilot leaves. The US requires there to be at least two people inside of the cockpit at all times. So unless you find a rare situation where both pilots want to die, or one pilot is willing to have a physical altercation with the other prior to killing the entire flight, you'll be okay. They are not allowed to eat the same meals. One would not be messing with the others meals to drug them. Perhaps they could drug them through their coffee, but otherwise there are no real situations where a pilot can destroy the other plane without some sort of physical struggle.

  5. Re:Hmm... there were no planes on 9/11 by cheesybagel · · Score: 2, Informative

    ...it was physically impossible for the top tenth (or however much it was) of each WTC to pulverise COMPLETELY the lower, much larger (and much thicker steel beams) part... How did the core columns manage to collapse all the way down? Detached core columns at the point of initiation of collapse would - by definition- have taken the path of least resistance - i.e. vertical core columns would have slid sideways and NOT HIT other vertical core columns below. After a short period of time the collapse should have been arrested, and over.

    Here, have a link to a paper:
    "The first part of this paper presents an experimental investigation on explosive spalling of six full-scale normal strength reinforced concrete slabs subjected to conventional fire curve ISO834 and severe hydrocarbon fire curve, performed at the Fire Research Centre, University of Ulster, UK focusing on concrete thermal behaviour and the explosive spalling phenomenon. Each slab was loaded with 65% of its BS8110 design load and was heated from the bottom side only. Temperatures profile was recorded at three depths within the slabs and the moisture content was also measured before and after the tests."

    If that's not enough info for you, you can read this entire PhD thesis on the topic.

    i.e. at high temperatures high-strength concrete comes apart. If the temperature is high enough it will lose all cohesion.

    The airplanes were fully fueled. The fuel basically ignited on crash and flooded the top floors and then dripped down over the elevator shafts and stairs. The temperature was high enough that the concrete lost cohesion and you basically ended up with what looked like a controlled implosion. OBL was a civil engineer. He certainly had the know how to analyze the problem and know this would happen in the first place.

  6. Re:Steel mesh/cable not necessary. BS! by Nidi62 · · Score: 2

    That and manual deadlocks on the inside.

    The reasons airlines don't want to put them in?

    * Expense (because retrofits on existing planes isn't just "EXPENSIVE!!!", it's "FUCKING EXPENSIVE!!!" * Weight savings. A reinforced door and manual/ratcheted lock bar could easily add another 5-800 lbs to a plane. That's EASILY 3-5 passenger fares.

    Save money vs save the crew's life? Fuck the crew! SAVE THE MONEY!

    Aircraft crews are trained to repel attackers, quite a few in the US are armed now with the FFDO program, there are simple methods beyond a lock that can slow down any attempt to open the cockpit door by force (for example on MD-80 type aircraft, simply putting down the jumpseat would slow anyone down), and as a last resort they literally have a weapon on hand (the crash ax). Also, especially in the US, there is a very good chance that at least one of the cockpit crew is former military and has had self defense training. You're partially right in that it is about saving money, but it's saving money because there are more cost effective ways of protecting the cockpit and cockpit crews.

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  7. Re:Hmm... there were no planes on 9/11 by Maritz · · Score: 2

    Like all truthers, you are a crushing bore.

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  8. Re:Seems we are a good path. by michelcolman · · Score: 5, Informative

    Technology for remote (or alternatively autonomous) operation is existing, it 'only' needs certification for passenger transport.

    It would need a little more than just certification.

    People always go "80% of crashes are due to pilot error, so let's get rid of the pilots, the autopilot can fly the plane by itself anyway". What they don't know, is how often automation screws up and no crash occurs because the pilots were there to prevent it. In 20 years of flying I've had quite a few of those.

    In fact, a lot of "pilot error" crashes were really due to automation failures where the pilots were (rightfully) blamed for not having intervened. Autothrottle pulls the throttles back to idle at 1000 ft because a failing radio altimeter said the plane was about to touch down? Pilot error, they should have seen the throttles move backward and the speed decrease, and should have immediately reacted by taking manual control. As other pilots have on numerous occasions.

    Another example, the Air France flight from Rio that stalled and crashed into the Atlantic. Yes, the pilots stalled the airplane. But the only reason they were flying manually was because the automation had already given up. The same situation had already occurred with other crews and they had corrected the situation without crashing.

    Take the pilots out, with the current state of technology, and you'll see two orders of magnitude more crashes.

    How many military drones do they have flying around? Only a few, a ridiculously small number compared to passenger aircraft, yet drone crashes are a pretty frequent occurrence. Even though their missions are usually extremely simple: take off in good weather, fly a predetermined GPS trajectory, come back along a fixed trajectory and land in good weather. And they are vastly simpler mechanically because they don't need things like air conditioning, seats, etc. Yet they crash all the time.

    Come on, we can't even write a word processor or spreadsheet that doesn't crash occasionally, and you want to make automatic planes?

  9. Re:Hmm... there were no planes on 9/11 by Zontar_Thing_From_Ve · · Score: 2

    I appreciate your attempt to use logic and facts by providing links to a paper that showed that concrete can lose cohesion just like in the events of 9/11, but people who want to believe nutty conspiracy theories aren't going to change. Dilbert creator Scott Adams is a big Trump supporter and he sometimes allows comments to his blog and some of them are pretty nutty. One lady was ranting, yesterday I think, about how Obama's birth certificate was clearly faked. If all these years later we've still got people worked up about the birth certificate, and that's not even touching the fact that even if it was faked (which I don't believe) he was born a US citizen and thus eligible to run for president, how we know that Ted Cruz was born in Canada and he was still OK to run for president because he had one US citizen parent (even if Obama was born in Kenya, his mother was still a US citizen) and nobody complains about him, and how the entire Republican Party was unwilling or unable to provide proof of this to try to win elections against him. People are just going to believe what they want regardless of the facts. Adams himself even says as much all the time.

  10. Re:Hmm... there were no planes on 9/11 by Ungrounded+Lightning · · Score: 2

    The airplanes were fully fueled. The fuel basically ignited on crash and flooded the top floors and then dripped down over the elevator shafts and stairs.

    Also: The pilots banked the planes just before impact, so the fuel was distributed across at least three floors. (You can see it happen in the film of the second plane's impact.)

    Once enough (say, three) floors had collapsed onto one below, the load on that floor was enough to detach it from the sides of the building (where the vertical strength was) and drop that weight plus the weight of another floor onto the one below that. repeat down to ground level.

    The detached floors were the horizontal strength, so when enough were down in the middle of the tower, the side walls buckled and the upper part came down (tilting slightly as the sidewall collapse was slightly uneven).

    No mystery at all, once you know even a little about how the building was constructed.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way