Slashdot Mirror
Boeing 757 Testing Shows Airplanes Vulnerable To Hacking, DHS Says (aviationtoday.com)
schwit1 shares a report from Aviation Today: A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a DHS official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia. "We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration. [Which] means I didn't have anybody touching the airplane, I didn't have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft." Hickey said the details of the hack and the work his team are doing are classified, but said they accessed the aircraft's systems through radio frequency communications, adding that, based on the RF configuration of most aircraft, "you can come to grips pretty quickly where we went" on the aircraft. Patching avionics subsystem on every aircraft when a vulnerability is discovered is cost prohibitive, Hickey said. The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement. For Southwest Airlines, whose fleet is based on Boeing's 737, it would "bankrupt" them. Hickey said newer models of 737s and other aircraft, like Boeing's 787 and the Airbus Group A350, have been designed with security in mind, but that legacy aircraft, which make up more than 90% of the commercial planes in the sky, don't have these protections.
why should Southwest Airlines pay? and not boeing?
This article claims that one line of code costs a million dollars to fix and would "bankrupt" Southwest.
News flash: Southwest wouldn't be the ones fixing the fucking code! It would be the manufacturer who would then absorb that cost, not the airline. Besides, if this problem is valid the FAA and other regulators will be involved to force the manufacturer to address the issue.
This article is a perfect example of why journalism is headed for self-destruction.
And what's the price of a crash caused by hackers? Oh, right, that's not the same thing, the cost of a security fix is something you have to pay right now, while the price of a crash is only a potential cost in the future. Who cares about the latter even if it's orders of magnitude higher, right?
Its not the owner of the plane (Southwest) that should be paying but the manufacture (Boeing) to fix this vulnerability.
You don't ask the iPhone owners or Windows owners to fix the code that runs on their* device.
*ownership of said hardware is subject to modern interpretation of "ownership".
>The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement.
Useless metric spotted. The cost is very very very lousily correlated to the number of lines of code. The number of checks/tests to re-run is by far a better metric to estimate the cost. Most of the time one line of code or thousands just cost the same price.
Besides, the vulnerability was in the 757 and they seamlessly implied that the 737 was at risk. Did TFA say they had also hacked the 737?
Crashes are covered by insurance. It's much less expensive. From a business perspective, it's a much more manageable expense after the stock recovers from the short-term hit.
1. The airlines operate under a huge amount of regulatory oversight, and structure the development of avionics or engine control software accordingly. The terms ARP4754 and DO-178C are to aviation as ISO9002 is to business models. They provide guidelines on creating a rigorous development process, and regulators are keen to track how well companies develop logic and physical designs in line with best practices described by those guidelines.
2. If you summarize DO-178C in one sentence, it might be "document the rationale for every change, and the means you employed to ensure it is the right change." Most companies follow a V-shaped change model where you trace from high level requirements to lower level requirements to implementation details, and then verify the code does what is expected and then validate that the requirements are being met (and the requirements are even proper in the first place). Once you have that framework in place, you have to document every step of the chain of review.
3. For every change to a high level requirement, a low level requirement, an implementation, and sometimes even a change in a verification method, there typically has to be an independent review: you cannot trust the implementors to check that the change was appropriate and done correctly as it's easy to be blinded by your own thought process during development.
So in a case like this, the customer needs to inject several new top-level requirement (which shockingly may not have been there in the first place), "the system shall be hardened against unauthorized changes in configuration/operation/state" and that has to flow down to subsystems "the component XYZ shall be hardened..." and that has to flow down a few more tiers before you even identify the protocols or chips or attack vectors to be changed. Then you have to verify the code change works in each component. Then a system-level review. Then a regulatory review to have the updated design certified as safe for test flight and finally safe for revenue service.
Does this sound like a desktop software change control process? Sure, maybe you're really disciplined, but it's a matter of degree. It really can take fifty people or more, from regulators to systems engineers to coders to integration testers to work the process. And that all adds up in terms of time, opportunity costs, tools and tooling, lab test, systems test, hours and hours of live aircraft flight test, and so on.
[
The manufacturer needs to be liable for fixing their shit. If you crank out a product that has dogshit security, you need to have your feet held to the fire to fix it. It doesn't just become another problem the world "has to live with" because you did a shit job.
Why in the HELL are critical avionics control systems networked in such a way that they can be accessed remotely by radio? FFS, what were they thinking? They design systems that are hardened against direct lightning strikes, but leave them vulnerable to a remote hack using a device that's probably not much more than a small computer and a glorified walkie talkie connected together. WTF?
On an unrelated note, why is the page I'm typing this on a standalone text entry box without TFS available on it for reference? Is Slashdot Beta rearing its drooling imbecilic ugly head again?
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
What if a hacker takes down an airplane, people find out in the media, and nobody wants to fly on that aircraft type anymore? Or with that company because it didn't apply a fix that existed? Does the insurance cover that? Now that's something that could bankrupt an airline.
They share a lot of subsystems, so probably yes.
> For Southwest Airlines, whose fleet is based on Boeing's 737, it would "bankrupt" them.
Do you realize that Boeing-737, even in its latest -800/-900 incarnations, is NOT a fly-by-wire airplane? The flight control surfaces are mechanically connected to the yokes in the pilots hands and the pedals under their feet, using push-rods and hydraulic cylinders. The basic design of B-737 originates from circa 1963 and hasn't been radically changed since due to economic pressure from airlines, to whom new "type rating" would incur huge costs in re-training their pilots and mechanics.
Therefore the B-737 is fundamentally different from its rival Airbus-320 or the larger sized B-767/777 planes and cannot be hacked to unilaterally fly to Antartica or whatever.
In case of the Airbus-320, the theoretically hackable fly-by-wire system was a conscious design choice associated with modernity. In case of the very large B-777 and A-380 planes fly-by-wire is mandatory, since the lenght of their fuselages and the large forces required to move the grandiose flight control surfaces no longer allow direct mechanical coupling.
But state actors and spy agencies, can. It is their bread and butter business. The danger is them giving these tools to the terrorists for political purposes and proliferation and mutation of the leaked hacking tools.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Southwest just retired the last of their "classic" model 737s. All they have now are NGs, which I would assume was meant by "newer model 737".
You did read at least the summary, right? 90% of the commercial fleet is the Boeing 737. You would be hard-pressed to find an airline that does not fly the 737. It won't impact a single airline, it will impact practically ALL airlines. So what, is everybody going to stop flying? Yeah, right.
This is simply not a concern to most executives. They have golden parachutes (no pun intended!) and will probably be set for life, bankruptcy or no. And anyway, they'll use the revolving door to pick up a sweet job at a different airline. Because people will continue to fly, no matter what. The most they may do is switch to another airline. Decades of senseless crashes and people being instantly turned into charred person-burgers have not changed humanity's desire for air travel.
risk = cost * probability
Lets say you have $100 asset. There is a possibility a hacker could completely destroy it. You'd be out $100. I offer an indemnity policy to you. Your estimation of the risk says there is a 10% percent chance a hacker will destroy your asset. You would likely be willing to pay up to $10 for some protection. Much more than that and you would probably prefer to take your chances. That is the simplest situation.
Now imagine instead of an indemnity, I am offering to do work to secure your asset, hacker proof it. There is no certainty I will be successful and if I am not well its still your problem if something happens. Want to pay me $10 bucks now?
None of this even takes into account the range of other possibilities, like a hacker does $2 in damage to your asset. Maybe that has its own risk potential attached. The economic considerations of security are valid. Sometimes it makes sense not to invest in fixing something, especially something large and complex where you don't know what all the problems are. You also have to consider that security fixes themselves are often a security threat. Availability is a component of security. In some systems it might be MORE important than confidentiality, and integrity. In which case guess what you might not risk applying a fix that addresses those other two legs primarily.
We don't live in a perfect world everything isn't going to be perfectly secure all the time. Taking a moment to consider the economics and the specific needs isn't an incorrect approach, even when safety is concerned. If planes and cars had to be 100% safe nobody could afford one or afford a ticket on one. There is always going to be some risk, really really safe is the standard, perfectly safe is impossible.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
You did read at least the summary, right? 90% of the commercial fleet is the Boeing 737.
Evidently you did not read the summary. It says "legacy aircraft, which make up more than 90% of the commercial planes in the sky". It does not say the Boeing 737 is 90% of the fleet which obviously verified with a single trip to any airport. Boeing 737 are legacy aircraft and are common but there are a lot of other types of legacy aircraft as well.
Crashes might be covered by your insurance, but if the crash has a known-preventable cause then the insurance might not cover it, and if they do then your premiums are going to shoot up once they discover that you're not fixing known issues.
I am TheRaven on Soylent News
The convenient excuse that the results of this hack are classified allows the author to make what would likely be a boring and unimportant story sensational. Exactly what systems did they access? A 757 is a pretty old aircraft. NONE of the flight critical systems are networked off the aircraft. I suspect they hackers got access to a non-critical system like ACARS or IFE. The $1M per SLOC is also very misleading. While the FIRST line of code might cost that much on a flight critical system, each successive line of of code is pretty much in line with a traditional software project. You can also spread that cost across the entire fleet of operating aircraft. And since the 757 and 767 systems are almost identical, that's a lot of airplanes that could be upgraded for a single price tag.
Probably, and the implication is that all older planes are at risk, but it is misleading to test one plane and then talk about another. Someone else pointed out how poor the reporting was in this article.
Especially considering that the cost would be high enough to make the airline fail, and being too big to fail as usual we get to foot the bill anyway, so why should the airline be concerned at all?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
And what's the price of a crash caused by hackers? Oh, right, that's not the same thing, the cost of a security fix is something you have to pay right now, while the price of a crash is only a potential cost in the future. Who cares about the latter even if it's orders of magnitude higher, right?
It's one thing when the first plane is hacked, and it results in a crash. It's another thing entirely when the 5th plane goes down within a week. Who needs a box cutter when you can terrorize using "typical stuff that could get through security".
Not to mention the financial impact when no one in their right mind would fly on 90% of airline inventory . It would probably take less than a month to bankrupt most airlines in a scenario like that, along with a rather massive ripple effect crippling US Capitalism that relies on moving humans and cargo efficiently.
Oh, and airline insurance companies? Yeah, they went bankrupt too.
There is a solution to this problem. For every product you make, create a new shell company. That shell company produces and sells the product and pays "royalties" for some patents or licenses or whatever bullshit your beancounters can come up to the parent company, essentially becoming a pass-through for any revenue.
If the shit hits the fan, the shell goes poof.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Why put the question in the subject?
https://www.youtube.com/watch?...
Easy answer. No computing or radio devices permitted as carry on luggage. No laptops, cell phones, media players, medical equipment documented ahead of time and itemized.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Settings
Bluetooth
select Boing 737
Connect
http://www.vicclap.hu/static/p...
and 2 free checked bags + full liability with that rule.
And what's the price of a crash caused by hackers? Oh, right, that's not the same thing, the cost of a security fix is something you have to pay right now, while the price of a crash is only a potential cost in the future. Who cares about the latter even if it's orders of magnitude higher, right?
Maybe your family would care if you were on the plan that crashed? Or maybe you would care if your love ones were on the plan that crashed?
why should Southwest Airlines pay? and not boeing?
Easy... They hope that Southwest will go back to Boeing and get the money back if Southwest is charged. They don't want to go directly to Boeing because (maybe) they don't want to ruin their relationship with Boeing. However, I doubt that Southwest would do what they hope -- getting all money back from Boeing. I believe Southwest will get the money back from both Boeing and passengers because they now have a reason to charge more (or CEO would get less bonus due to the loss).
I believe that when there is a problem with a plane, the customer has to pay for the fix, just like with regular maintenance. Otherwise, if safety cannot be guaranteed, the plane is grounded.
The idea is that by not requiring manufacturers to pay, it limits the incentives to hide defects.
Now, that's for general aviation, I suppose the situation is not that simple with airlines buying dozens of multi-million dollar planes.
As part of the maintenance contract with Boeing they would agree to cover costs like this. Business supply contracts are not like consumer law, they typically don't have warranties and the like.
The airline could sue Boeing to make them pay for the fix, but after years in court and millions in legal fees they probably wouldn't win. After all, when other defects are found the airline usually pays the maintenance costs. At best the manufacturer might supply some free placements, but they aren't going to fit them.
And yeah, fitting a software update and testing it out can cost a million bucks because everything controlled by that software has to be re-tested as well. Even if the software has been certified, you have to make sure it was loaded correctly...
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Exactly. Writing a patch should be the job of the manufacturer. That might cost $1m depending on complexity but it shouldn't take a year to pass QA. Applying that patch to every plane in fleet should not cost $1million/plane, it should be no more complex than replacing any other recalled part of the plane (much simpler in fact since it won't mean any hardware changes); standard maintenance in other words.
So if forcing all airplanes to be upgraded/hardened against this sort of thing would bankrupt an airline, then can we conclude that the first terrorist/nation to actually down an airplane using this modus operandi would pretty much shut down the world's airlines in one day?
Maybe there was a bit more going on behind the scenes there than we thought...
Problem with that is the number of devices with lithium-based batteries, which are not supposed to be carried in the hold - they are perceived as a fire risk, and if carried in the cabin then a fire can be detected more quickly
Good luck. you will take what the airline offers and you know you will
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
The amount of vague statements and jumbled non-related facts in this "story" make it useless as a source of real information. It's just scaremongering.
" they accessed the aircraft’s systems through radio frequency communications, adding that, based on the RF configuration of most aircraft, “you can come to grips pretty quickly where we went” on the aircraft."
Fine, then I'll guess the in-flight entertainment. It's probably the most likely answer. The RF configuration of most aircraft starts and ends with radios, voice is obviously not subject to misdirection, and VOR navigation has an audible morse code signal sent by the VOR for verification of the correct frequency and is only commonly used as a backup these days. And I don't know of any radio that has a provision for tuning it remotely. Airliners typically have an ACARS link to the Flight Management Computer, but other than false navigation plot, there's no real way to crash a legacy plane with that unless the pilots are asleep (newer planes with VNAV give elevator and throttle control to the FMC). You can't hack a magnetic compass (still required equipment). The altimeters will still work. There is no RF on the controls or avionics. The autopilot has a off switch. So does the FMC. ATC is tracking them. The 757 is not fly-by-wire. The only other RF common on planes is the Wi-Fi network for the customers, who cares what you do with that?
"The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement."
The cost of the FAAs method of verifying a code update is $1M and takes a year, whether you change 1 line or rewrite the entire code.
"For Southwest Airlines, whose fleet is based on Boeing’s 737, it would “bankrupt” them if a cyber vulnerability was specific to systems on board 737s,"
Yes, but the research is on the 757, which is a completely different plane designed 2 decades later.
"legacy aircraft, which make up more than 90% of the commercial planes in the sky, don’t have these protections."
They also frequently don't have the vulnerable systems, either.
"don’t know how to chase a cyber spark through an airplane either,"
Neither does anyone else, since a cyber spark isn't a thing.
Easy answer. No computing or radio devices permitted as carry on luggage. No laptops, cell phones, media players, medical equipment documented ahead of time and itemized.
We can't even get social media addicts to put their phone down to prevent killing people on the road, and you call this an "easy" answer?
Good fucking luck with that.
DO-178B -- the process for certifying software is safe to fly is the reason the cost would be 1 year and $1 million to implement a patch. However, there's no reason other than FAA bureaucratic inertia that they can't grant temporary waivers for security patches. They grant waivers all the time for other stuff.
The obvious solution is for security patches to undergo a less-rigorous review and then allow the patches to be deployed and then give the teams a year to get their certification work done. If the FAA decides there is an imminent public safety hazard they will grant a waiver.
Oh and no it's not southwest who will pay. It's probably not Boeing either. The affected subsystems are probably built by a supplier such as Honeywell or Rockwell Collins.
Risk management is a big thing. However, for most companies, because the individual execs are so well shielded, even if a company causes loss in the thousands to tens of thousands of lives, it is pretty much impossible for the C-levels or even VPs to see any consequences. The banking industry in 2008 showed that with the megabuck bonuses after the recession.
In reality, if a company has a $100 asset, the CxOs will say that paying $10 has no ROI to them. The $100 asset gets destroyed, and the business is toast. However, there is no real consequences, so the top brass just hop in their yachts for a cruise once the bankruptcy papers are filed.
If faced with being tossed to the local airport police and dragged off for a stint in the local pokey for a bit, most people will give up their devices.
Legacy aircraft have mechanical backup on the controls. The airplane is still flyable if the computer malfunctions. Hackers can still mess with the autopilot and navigation though.
“He’s not deformed, he’s just drunk!”
The first time TSA makes someone either trash a $800 iPhone or miss a $600 flight, and it hits the news people with very quickly learn to pack that stuff before headed to the airport
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
What if the hacker sell the hack to IS or any other hell-bent terror org? Soon, every plane of that type crashes - if it belongs to westerners (or whoever they target.)
Boeing has gone to shit, personally i won't fly in one and i let every airline know when I'm booking a flight.
Actually the 737 is just as modern as any aircraft being produced.
That depends on which 737 you are talking about. Some 737 have been in service for 30+ years so calling them modern is a bit of a stretch at this point. The 737 has been produced since the 1960s. Yes current versions are considerably updated and quite modern but there are still a lot of older models still in service that aren't nearly so up to date. There are plenty of 737s in service today that could fairly be described at this point as legacy aircraft. Boeing produces 300-400 new aircraft per year and there have been nearly 10,000 aircraft produced to date.
Probably just sent ACARS messages over RF and the airplane thought they were from the airport. These messages can include things automated acted upon like "Your plane's altitude has been detected at XX feet" or "Huge category-5 hurricane straight ahead, divert to ETOPS field". Not like they designed any of these protocols with security..
I am not surprised by this, a while ago some were claiming the communications in aircraft were compromised because aircraft were mixing critical controls along with passenger conveniences. Most likely to save money and materials, and yet we know have someone proving this is easily compromised. If controls failed at critical times such as take offs or landings, even backup options may be too late given the time it takes to engage such options.
If this hack works via RF, the hacker may not need to be on board. Point a directional antenna at the plane flying overhead, and use an amplifier (possibly several kW). The stronger signal makes up for the extra distance, especially near airports where flying planes aren't that high up.
The security check is irrelevant if the attack works from outside. The terrorists won't even need suiciders.
The fact that the attack is'classified' doen't matter much. We know it exists, so terrorists can research the details on their own knowing in advance it can be done. Get some skilled hackers and some radioheads and it is doable.
Somehow, Microsoft has not been liable for the security problems in windows. These problems don't kill people like a failing plane - but they are the reason computer viruses exists and can spread - killing profits through downtime.
You can still stand out front of the airport, with likely the same effectiveness.
You'd think that, but thousands of people still forget to unload their handguns from their carry-on baggage every year[1]. Those cost on the same order as a cellphone and failure to remove them can result in jail time, not just missing a flight.
[1] Washintgon Post, August 2017
I was disappointed I had to go so far down the page to see someone comment on this. I followed the link specifically to see *what* was hacked and nothing was mentioned. There's a huge difference between being able turn off the "Fasten Seatbelts" lights, encouraging people to walk around during turbulence and dumping cabin pressure or altering flight controls.
Even something vague like the area they accessed: communications, cabin systems, avionics would make it look less like something sensationalized to get more funding or again increase the scope of DHS power.
If there ACTUALLY exists an exploitable Bug it must be fixed. Anything else would be comparable to manslaughter.
Any electrical engineer worth their salt will be able to build a high power RF system to transmit the malware from easily 100 km distance.
Also, the "1 million per line of code" quote is pure B.S.
The FAA and their peers issue change requests on aircraft almost every month. Not doing so would be an unacceptable risk of human life.
If this is not just bullshitting, FAA will mandate the change.
Safety fixes of airplane systems are done all the time.
Boeing would fix all exploitable issues in one package and the 1 million dollar per line quote is just bullshit.
Changes are mandated by FAA and usually compulsory.
The airline can't fix the issue aside from replacing the aircraft. And there is no reason to assume Airbus or MD or anyone else is any better than Boeing.
This is a fundamental problem across the entire industry. It also affects the car and trucking industries----no security designed into those vehicles either, for the most part.
I'd assume they're only reporting about Boeing because the hackers were given a Boeing to play with.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
This is perfect. Zero cost solution :)
And even if that weren't a serious safety risk, that would still be the dumbest, most invasive possible approach to fixing the problem. The smartest, least invasive approach would be to permanently shut down the in-flight Wi-Fi on planes that can't be secured. No access to the network = no ability to crack into the systems.
Besides, anything you can do with a device on your person, you can also do with a device in the hold, using a timer or the built-in barometric pressure sensor. Banning devices from carry-on does nothing if the Wi-Fi network is still running, because the attack is still possible. And if the Wi-Fi network is not running, then banning the devices still does nothing because the attack wouldn't be possible either way. So no matter what, a ban does nothing but annoy passengers.
Check out my sci-fi/humor trilogy at PatriotsBooks.
the max headroom guy maybe to pull that off if he is still alive.
And yet, when an automobile has a design flaw that causes a safety problem, NHTSA requires them to fix it at no cost to the customers. Some cars have seen many, many safety recalls. So at least anecdotally, it doesn't seem like forcing the manufacturers to pay for their own screw-ups results in more cover-ups.
Also, because it is cheaper to fix things before they are deployed than to incur the cost of fixing them later, a manufacturer-pays policy has the added advantage of making the manufacturer be more careful.
Check out my sci-fi/humor trilogy at PatriotsBooks.
That will make one hellva model airplane!
... operating exclusively DC-3s ...
There is no XUL, only WebExtensions...
The convenient excuse that the results of this hack are classified allows the author to make what would likely be a boring and unimportant story sensational. Exactly what systems did they access? A 757 is a pretty old aircraft. NONE of the flight critical systems are networked off the aircraft. I suspect they hackers got access to a non-critical system like ACARS or IFE. The $1M per SLOC is also very misleading. While the FIRST line of code might cost that much on a flight critical system, each successive line of of code is pretty much in line with a traditional software project. You can also spread that cost across the entire fleet of operating aircraft. And since the 757 and 767 systems are almost identical, that's a lot of airplanes that could be upgraded for a single price tag.
They do mention maintenance crews and I do wonder about an impostor hooking up a hacking device to a maintenance interface. If this is left while the airplane is flying, it could try to put the aircraft into maintenance mode in flight. Though I think they already have software in place to try to prevent such a thing from being done by accident, and I would hope maintenance crews are fairly well monitored as they could do far worse with an explosive device attached somewhere you can't see it.
It takes several years of testing to ensure that the code is correct. The cost isn't just in writing the code.
"First they came for the slanderers and i said nothing."
Sure, it may cost $1,000,000 to validate the new control software - for each model of aircraft. You would only do this once, not for each and every plane.
Also, I bet you can't even fake GPS signals, since those are triangulated from multiple satellite sources. At best you could probably jam the transponder.
What a load of hyper-reactive BS.
I was successful in accomplishing a remote, non-cooperative, penetration.
So it looks like Judge Roy Moore can find a back-up career if his run for Alabama Senator falls through - once these planes get to be 14 years old, of course.
(More seriously, wouldn't a "cooperative" penetration be just like logging in and not an exploit/hack?)
It must have been something you assimilated. . . .
The problem isn't that fixing the bugs is hard. It's that the government makes it near impossible to fix security issues in a cost effective manor. If you have to re-certify something every time a bug is fixed not matter how small the change it becomes cost prohibitive to fix anything.
I was reading on another site someone that was arguing that corporations are ultimately still the people behind them. This example here is the clearest example against that notion that I've read in ages. Thank you for a nice insightful comment.
First of all, neither Boeing not Southwest have piles of money laying around that they conjured from thin air. If Southwest pays, they have no choice but to 'get the money' from passengers because that is their sole source of income. If Boeing pays they have options, but since their money at least in part comes from airlines that fly their planes, and those airlines get the money to buy those planes from customers....ultimately customers will pay.
Boeing could presumably pay using funds it received from non-flying taxpayers via its military contracts, or cargo only customers.
Second, you don't seem to know much about Southwest as a company. By airline standards they are very customer focused, treat their employees well, and their CEO's compensation is largely equity based. If you look areas where they have departed from industry standard thinking, like charging for baggage, it has been with a customer focus in mind.
The B757 never had WiFi or any other common networking on it. The closest thing might be ACARs, or one of the databus that aircraft use.
The 737 classics that Southwest has, had WiFi added, but nothing connected in the cockpit. Even the 737-NGs had WiFi added, but again, nothing to the cockpit.
The newer 737-MAX's are Boeings responsibility. So far Southwest doesn't have enough of them to threaten the company should the need to be retro-fitted.
A fix to one line of code, would apply to several thousand aircraft. It won't be $1mil per line per aircraft. A software fix that cost $100million would be applicable to about 5000 unique aircraft.
There is a high noise to signal ratio in the original article, but it sure generates a lot of speculation and worry.
If faced with being tossed to the local airport police and dragged off for a stint in the local pokey for a bit, most people will give up their devices.
Ah, so threat of becoming a criminal with a record is now the only thing that would actually separate a human from their can't-live-without-it smartphone.
Nope, no addiction to see here...everyone is fine...move along...
The 757 is a total piece of crap airplane that is only been sold for the US domestic market. So no, I doubt it.
Why do you assume it's WiFi? It could be simple RF interference wreaking havoc. It affects older planes more than newer ones, which is a big clue, since older planes lack a lot of the high integration newer planes have. And newer planes are designed for a more modern world, where RF transmitters are common instead of rare - so modern planes can handle intentional RF transmitters much better (especially in an age with wireless headphones and such).
After all, cellphones have been documented to cause loss of GPS lock on aircraft, and there are plenty of anecdotes about stuff like PDAs and such in the "old days" causing navigation errors.
Yes, you can point out Mythbusters doing all sorts of cellphone tests causing no problems with aircraft, but on older ones, it actually is a problem. It's just that there are so many variables that no one's been able to definitely rule it out. (I know cellphones cause interference, because I've experienced it - it feeds back into the radios).
The cables carrying control signals run everywhere - a bunch run underneath the floor of the passenger compartment, while more still run just beside the passengers themselves, on the other side of the wall cladding.
On an older plane, they're probably not shielded, so perhaps controlled bursts of RF from a WiFi transmitter at the right spot can disrupt the communications between nodes and cause them to lock up.
And that is even harder to fix - shielding cables is going to be difficult to do since you have to tear down the aircraft to do so, and the older fleet is going to be very expensive to do this. You could update the flight software to be more tolerant, perhaps even changing the protocol to test link robustness, but that's expensive.
Fact is, aircraft are poorly shielded, especially older ones (they tested in a 757, that should tell you the age). You don't need WiFi to disrupt the aircraft. Heck, using one of those SDR dongles you can probably even use that to snoop on the communications traffic between avionics
Nope, for a one line code change to these systems the testing could be accomplished in less than a month. Certification could take a little as three months. The entire software application for the EFIS and EICAS systems fit on a single floppy disk each.
Why would a vulnerability to the 757 cost Southwest money when they outfitted with the 737??
Insurance companies are (in)famous for taking money for policies and then wiggling out of things they don't have to pay for. Consider the likelihood an insurance company would pay for a crash caused by a publicly known exploit that their customer (the airline) and the manufacturer (Boeing) refused to fix.
I'm not necessarily assuming Wi-Fi, but if they're talking about fixing it in software, that probably points to a problem with the isolation between avionics and the end-user network (unless the computers are a bit too quick to react to spurious sensor readings or something, and they think they can "solve" it by smoothing the data...).
Besides, banning electronic devices in the cabin (or even in checked baggage) wouldn't mitigate an attack caused by RF interference. The only real fix is to add shielding, because somebody could just as easily produce RF interference with a parabolic antenna aimed up from the ground.
Check out my sci-fi/humor trilogy at PatriotsBooks.
They do mention maintenance crews and I do wonder about an impostor hooking up a hacking device to a maintenance interface. If this is left while the airplane is flying, it could try to put the aircraft into maintenance mode in flight
ummm no, they can't actually.
>Decades of senseless crashes and people being instantly turned into charred person-burgers have not changed humanity's desire for air travel.
Why should it? Statistically, the drive to the airport is still the most dangerous part of the trip.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
There's a huge difference between being able turn off the "Fasten Seatbelts" lights, encouraging people to walk around during turbulence
You don't need to encourage people to do that by turning off the seatbelt light, they'll do it whether the light is on or not. On a flight a few days ago, one idiot got up not once but twice to use the lavatory while we were on final descent. Both times the attendant walked by to lock the lav but didn't need to because the idiot was in it and the sign said "occupied". She thought it was empty and locked by another attendant. After she strapped in, the idiot returned to his seat, leaving the lav door ajar.
And factor in the idiot attendants who tell people that the "lighted sign or placard" (regulatory language referring to the fasten seatbelt light) was just a recommendation and of course people can ignore it and get up to walk around. (Delta, I'm pointing at you, here.)
You do know that MD does not exist as a entity anymore. MD merged with Boeing in the late 90's (I worked there) along with North America Aviation (you can find references to the Boeing P-51 fighter and the Boeing Phantom too).
Try and keep up.
Earlier this year I flew from Seattle to Munich on two Iceland Air 757-200's.
So much for "Domestic market".
Dip shit.