Slashdot Mirror
Boeing 757 Testing Shows Airplanes Vulnerable To Hacking, DHS Says (aviationtoday.com)
schwit1 shares a report from Aviation Today: A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a DHS official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia. "We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration. [Which] means I didn't have anybody touching the airplane, I didn't have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft." Hickey said the details of the hack and the work his team are doing are classified, but said they accessed the aircraft's systems through radio frequency communications, adding that, based on the RF configuration of most aircraft, "you can come to grips pretty quickly where we went" on the aircraft. Patching avionics subsystem on every aircraft when a vulnerability is discovered is cost prohibitive, Hickey said. The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement. For Southwest Airlines, whose fleet is based on Boeing's 737, it would "bankrupt" them. Hickey said newer models of 737s and other aircraft, like Boeing's 787 and the Airbus Group A350, have been designed with security in mind, but that legacy aircraft, which make up more than 90% of the commercial planes in the sky, don't have these protections.
why should Southwest Airlines pay? and not boeing?
This article claims that one line of code costs a million dollars to fix and would "bankrupt" Southwest.
News flash: Southwest wouldn't be the ones fixing the fucking code! It would be the manufacturer who would then absorb that cost, not the airline. Besides, if this problem is valid the FAA and other regulators will be involved to force the manufacturer to address the issue.
This article is a perfect example of why journalism is headed for self-destruction.
And what's the price of a crash caused by hackers? Oh, right, that's not the same thing, the cost of a security fix is something you have to pay right now, while the price of a crash is only a potential cost in the future. Who cares about the latter even if it's orders of magnitude higher, right?
>The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement.
Useless metric spotted. The cost is very very very lousily correlated to the number of lines of code. The number of checks/tests to re-run is by far a better metric to estimate the cost. Most of the time one line of code or thousands just cost the same price.
1. The airlines operate under a huge amount of regulatory oversight, and structure the development of avionics or engine control software accordingly. The terms ARP4754 and DO-178C are to aviation as ISO9002 is to business models. They provide guidelines on creating a rigorous development process, and regulators are keen to track how well companies develop logic and physical designs in line with best practices described by those guidelines.
2. If you summarize DO-178C in one sentence, it might be "document the rationale for every change, and the means you employed to ensure it is the right change." Most companies follow a V-shaped change model where you trace from high level requirements to lower level requirements to implementation details, and then verify the code does what is expected and then validate that the requirements are being met (and the requirements are even proper in the first place). Once you have that framework in place, you have to document every step of the chain of review.
3. For every change to a high level requirement, a low level requirement, an implementation, and sometimes even a change in a verification method, there typically has to be an independent review: you cannot trust the implementors to check that the change was appropriate and done correctly as it's easy to be blinded by your own thought process during development.
So in a case like this, the customer needs to inject several new top-level requirement (which shockingly may not have been there in the first place), "the system shall be hardened against unauthorized changes in configuration/operation/state" and that has to flow down to subsystems "the component XYZ shall be hardened..." and that has to flow down a few more tiers before you even identify the protocols or chips or attack vectors to be changed. Then you have to verify the code change works in each component. Then a system-level review. Then a regulatory review to have the updated design certified as safe for test flight and finally safe for revenue service.
Does this sound like a desktop software change control process? Sure, maybe you're really disciplined, but it's a matter of degree. It really can take fifty people or more, from regulators to systems engineers to coders to integration testers to work the process. And that all adds up in terms of time, opportunity costs, tools and tooling, lab test, systems test, hours and hours of live aircraft flight test, and so on.
[
Why in the HELL are critical avionics control systems networked in such a way that they can be accessed remotely by radio? FFS, what were they thinking? They design systems that are hardened against direct lightning strikes, but leave them vulnerable to a remote hack using a device that's probably not much more than a small computer and a glorified walkie talkie connected together. WTF?
On an unrelated note, why is the page I'm typing this on a standalone text entry box without TFS available on it for reference? Is Slashdot Beta rearing its drooling imbecilic ugly head again?
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
What if a hacker takes down an airplane, people find out in the media, and nobody wants to fly on that aircraft type anymore? Or with that company because it didn't apply a fix that existed? Does the insurance cover that? Now that's something that could bankrupt an airline.
They share a lot of subsystems, so probably yes.
> For Southwest Airlines, whose fleet is based on Boeing's 737, it would "bankrupt" them.
Do you realize that Boeing-737, even in its latest -800/-900 incarnations, is NOT a fly-by-wire airplane? The flight control surfaces are mechanically connected to the yokes in the pilots hands and the pedals under their feet, using push-rods and hydraulic cylinders. The basic design of B-737 originates from circa 1963 and hasn't been radically changed since due to economic pressure from airlines, to whom new "type rating" would incur huge costs in re-training their pilots and mechanics.
Therefore the B-737 is fundamentally different from its rival Airbus-320 or the larger sized B-767/777 planes and cannot be hacked to unilaterally fly to Antartica or whatever.
In case of the Airbus-320, the theoretically hackable fly-by-wire system was a conscious design choice associated with modernity. In case of the very large B-777 and A-380 planes fly-by-wire is mandatory, since the lenght of their fuselages and the large forces required to move the grandiose flight control surfaces no longer allow direct mechanical coupling.
But state actors and spy agencies, can. It is their bread and butter business. The danger is them giving these tools to the terrorists for political purposes and proliferation and mutation of the leaked hacking tools.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
risk = cost * probability
Lets say you have $100 asset. There is a possibility a hacker could completely destroy it. You'd be out $100. I offer an indemnity policy to you. Your estimation of the risk says there is a 10% percent chance a hacker will destroy your asset. You would likely be willing to pay up to $10 for some protection. Much more than that and you would probably prefer to take your chances. That is the simplest situation.
Now imagine instead of an indemnity, I am offering to do work to secure your asset, hacker proof it. There is no certainty I will be successful and if I am not well its still your problem if something happens. Want to pay me $10 bucks now?
None of this even takes into account the range of other possibilities, like a hacker does $2 in damage to your asset. Maybe that has its own risk potential attached. The economic considerations of security are valid. Sometimes it makes sense not to invest in fixing something, especially something large and complex where you don't know what all the problems are. You also have to consider that security fixes themselves are often a security threat. Availability is a component of security. In some systems it might be MORE important than confidentiality, and integrity. In which case guess what you might not risk applying a fix that addresses those other two legs primarily.
We don't live in a perfect world everything isn't going to be perfectly secure all the time. Taking a moment to consider the economics and the specific needs isn't an incorrect approach, even when safety is concerned. If planes and cars had to be 100% safe nobody could afford one or afford a ticket on one. There is always going to be some risk, really really safe is the standard, perfectly safe is impossible.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
You did read at least the summary, right? 90% of the commercial fleet is the Boeing 737.
Evidently you did not read the summary. It says "legacy aircraft, which make up more than 90% of the commercial planes in the sky". It does not say the Boeing 737 is 90% of the fleet which obviously verified with a single trip to any airport. Boeing 737 are legacy aircraft and are common but there are a lot of other types of legacy aircraft as well.
Crashes might be covered by your insurance, but if the crash has a known-preventable cause then the insurance might not cover it, and if they do then your premiums are going to shoot up once they discover that you're not fixing known issues.
I am TheRaven on Soylent News
The convenient excuse that the results of this hack are classified allows the author to make what would likely be a boring and unimportant story sensational. Exactly what systems did they access? A 757 is a pretty old aircraft. NONE of the flight critical systems are networked off the aircraft. I suspect they hackers got access to a non-critical system like ACARS or IFE. The $1M per SLOC is also very misleading. While the FIRST line of code might cost that much on a flight critical system, each successive line of of code is pretty much in line with a traditional software project. You can also spread that cost across the entire fleet of operating aircraft. And since the 757 and 767 systems are almost identical, that's a lot of airplanes that could be upgraded for a single price tag.
Especially considering that the cost would be high enough to make the airline fail, and being too big to fail as usual we get to foot the bill anyway, so why should the airline be concerned at all?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
And what's the price of a crash caused by hackers? Oh, right, that's not the same thing, the cost of a security fix is something you have to pay right now, while the price of a crash is only a potential cost in the future. Who cares about the latter even if it's orders of magnitude higher, right?
It's one thing when the first plane is hacked, and it results in a crash. It's another thing entirely when the 5th plane goes down within a week. Who needs a box cutter when you can terrorize using "typical stuff that could get through security".
Not to mention the financial impact when no one in their right mind would fly on 90% of airline inventory . It would probably take less than a month to bankrupt most airlines in a scenario like that, along with a rather massive ripple effect crippling US Capitalism that relies on moving humans and cargo efficiently.
Oh, and airline insurance companies? Yeah, they went bankrupt too.
There is a solution to this problem. For every product you make, create a new shell company. That shell company produces and sells the product and pays "royalties" for some patents or licenses or whatever bullshit your beancounters can come up to the parent company, essentially becoming a pass-through for any revenue.
If the shit hits the fan, the shell goes poof.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Depends upon the contract. Adding some code to secure the plane could be seen, contractually, as a request from the airline (and not as a flaw from the manufacturer).
Slashdot, fix the reply notifications... You won't get away with it...
https://www.youtube.com/watch?...
Easy answer. No computing or radio devices permitted as carry on luggage. No laptops, cell phones, media players, medical equipment documented ahead of time and itemized.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
If you were running an unsupported (see very old) version of Windows and didn't have a (probably very expensive) support contract to cover it, you would be paying MS to fix that exploit. I'm not sure if Apple has support contracts to support very old iOSs but probably not. Seems unlike them.
"There is no real right or wrong, just what the majority accepts at the time."
Settings
Bluetooth
select Boing 737
Connect
http://www.vicclap.hu/static/p...
and 2 free checked bags + full liability with that rule.
why should Southwest Airlines pay? and not boeing?
Easy... They hope that Southwest will go back to Boeing and get the money back if Southwest is charged. They don't want to go directly to Boeing because (maybe) they don't want to ruin their relationship with Boeing. However, I doubt that Southwest would do what they hope -- getting all money back from Boeing. I believe Southwest will get the money back from both Boeing and passengers because they now have a reason to charge more (or CEO would get less bonus due to the loss).
I believe that when there is a problem with a plane, the customer has to pay for the fix, just like with regular maintenance. Otherwise, if safety cannot be guaranteed, the plane is grounded.
The idea is that by not requiring manufacturers to pay, it limits the incentives to hide defects.
Now, that's for general aviation, I suppose the situation is not that simple with airlines buying dozens of multi-million dollar planes.
As part of the maintenance contract with Boeing they would agree to cover costs like this. Business supply contracts are not like consumer law, they typically don't have warranties and the like.
The airline could sue Boeing to make them pay for the fix, but after years in court and millions in legal fees they probably wouldn't win. After all, when other defects are found the airline usually pays the maintenance costs. At best the manufacturer might supply some free placements, but they aren't going to fit them.
And yeah, fitting a software update and testing it out can cost a million bucks because everything controlled by that software has to be re-tested as well. Even if the software has been certified, you have to make sure it was loaded correctly...
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Problem with that is the number of devices with lithium-based batteries, which are not supposed to be carried in the hold - they are perceived as a fire risk, and if carried in the cabin then a fire can be detected more quickly
Good luck. you will take what the airline offers and you know you will
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Easy answer. No computing or radio devices permitted as carry on luggage. No laptops, cell phones, media players, medical equipment documented ahead of time and itemized.
We can't even get social media addicts to put their phone down to prevent killing people on the road, and you call this an "easy" answer?
Good fucking luck with that.
Risk management is a big thing. However, for most companies, because the individual execs are so well shielded, even if a company causes loss in the thousands to tens of thousands of lives, it is pretty much impossible for the C-levels or even VPs to see any consequences. The banking industry in 2008 showed that with the megabuck bonuses after the recession.
In reality, if a company has a $100 asset, the CxOs will say that paying $10 has no ROI to them. The $100 asset gets destroyed, and the business is toast. However, there is no real consequences, so the top brass just hop in their yachts for a cruise once the bankruptcy papers are filed.
If faced with being tossed to the local airport police and dragged off for a stint in the local pokey for a bit, most people will give up their devices.
Legacy aircraft have mechanical backup on the controls. The airplane is still flyable if the computer malfunctions. Hackers can still mess with the autopilot and navigation though.
“He’s not deformed, he’s just drunk!”
The first time TSA makes someone either trash a $800 iPhone or miss a $600 flight, and it hits the news people with very quickly learn to pack that stuff before headed to the airport
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Actually the 737 is just as modern as any aircraft being produced.
That depends on which 737 you are talking about. Some 737 have been in service for 30+ years so calling them modern is a bit of a stretch at this point. The 737 has been produced since the 1960s. Yes current versions are considerably updated and quite modern but there are still a lot of older models still in service that aren't nearly so up to date. There are plenty of 737s in service today that could fairly be described at this point as legacy aircraft. Boeing produces 300-400 new aircraft per year and there have been nearly 10,000 aircraft produced to date.
Probably just sent ACARS messages over RF and the airplane thought they were from the airport. These messages can include things automated acted upon like "Your plane's altitude has been detected at XX feet" or "Huge category-5 hurricane straight ahead, divert to ETOPS field". Not like they designed any of these protocols with security..
You can still stand out front of the airport, with likely the same effectiveness.
You'd think that, but thousands of people still forget to unload their handguns from their carry-on baggage every year[1]. Those cost on the same order as a cellphone and failure to remove them can result in jail time, not just missing a flight.
[1] Washintgon Post, August 2017
I was disappointed I had to go so far down the page to see someone comment on this. I followed the link specifically to see *what* was hacked and nothing was mentioned. There's a huge difference between being able turn off the "Fasten Seatbelts" lights, encouraging people to walk around during turbulence and dumping cabin pressure or altering flight controls.
Even something vague like the area they accessed: communications, cabin systems, avionics would make it look less like something sensationalized to get more funding or again increase the scope of DHS power.
The article also presumes the *fix* is to change the software. I could be possible to just pop a circuit breaker. There are number of non-critical systems that can fail and the aircraft is still operational. One thing that comes to mind is the Inmarsat communications that was still active in MH370 when all other comms was lost. If that comms link was not required for normal passenger service but turned out to be a vector for hacking there's no need to re-write the code, just open the circuit breaker for that radio and continue on until a more permanent patch is made.
Someone claimed to access critical aircraft systems from the in-flight entertainment system a while back. If that turned out to be true, you could ground all the flights and re-write code. Or, you could just shut down the in-flight entertainment system and tell people to read a book.
Of course with zero details on what was compromised it's impossible to tell how hard, or how easy, it would be to implement a fix.
The airline can't fix the issue aside from replacing the aircraft. And there is no reason to assume Airbus or MD or anyone else is any better than Boeing.
This is a fundamental problem across the entire industry. It also affects the car and trucking industries----no security designed into those vehicles either, for the most part.
I'd assume they're only reporting about Boeing because the hackers were given a Boeing to play with.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
And even if that weren't a serious safety risk, that would still be the dumbest, most invasive possible approach to fixing the problem. The smartest, least invasive approach would be to permanently shut down the in-flight Wi-Fi on planes that can't be secured. No access to the network = no ability to crack into the systems.
Besides, anything you can do with a device on your person, you can also do with a device in the hold, using a timer or the built-in barometric pressure sensor. Banning devices from carry-on does nothing if the Wi-Fi network is still running, because the attack is still possible. And if the Wi-Fi network is not running, then banning the devices still does nothing because the attack wouldn't be possible either way. So no matter what, a ban does nothing but annoy passengers.
Check out my sci-fi/humor trilogy at PatriotsBooks.
the max headroom guy maybe to pull that off if he is still alive.
And yet, when an automobile has a design flaw that causes a safety problem, NHTSA requires them to fix it at no cost to the customers. Some cars have seen many, many safety recalls. So at least anecdotally, it doesn't seem like forcing the manufacturers to pay for their own screw-ups results in more cover-ups.
Also, because it is cheaper to fix things before they are deployed than to incur the cost of fixing them later, a manufacturer-pays policy has the added advantage of making the manufacturer be more careful.
Check out my sci-fi/humor trilogy at PatriotsBooks.
That will make one hellva model airplane!
... operating exclusively DC-3s ...
There is no XUL, only WebExtensions...
The convenient excuse that the results of this hack are classified allows the author to make what would likely be a boring and unimportant story sensational. Exactly what systems did they access? A 757 is a pretty old aircraft. NONE of the flight critical systems are networked off the aircraft. I suspect they hackers got access to a non-critical system like ACARS or IFE. The $1M per SLOC is also very misleading. While the FIRST line of code might cost that much on a flight critical system, each successive line of of code is pretty much in line with a traditional software project. You can also spread that cost across the entire fleet of operating aircraft. And since the 757 and 767 systems are almost identical, that's a lot of airplanes that could be upgraded for a single price tag.
They do mention maintenance crews and I do wonder about an impostor hooking up a hacking device to a maintenance interface. If this is left while the airplane is flying, it could try to put the aircraft into maintenance mode in flight. Though I think they already have software in place to try to prevent such a thing from being done by accident, and I would hope maintenance crews are fairly well monitored as they could do far worse with an explosive device attached somewhere you can't see it.
It takes several years of testing to ensure that the code is correct. The cost isn't just in writing the code.
"First they came for the slanderers and i said nothing."
I was reading on another site someone that was arguing that corporations are ultimately still the people behind them. This example here is the clearest example against that notion that I've read in ages. Thank you for a nice insightful comment.
The B757 never had WiFi or any other common networking on it. The closest thing might be ACARs, or one of the databus that aircraft use.
The 737 classics that Southwest has, had WiFi added, but nothing connected in the cockpit. Even the 737-NGs had WiFi added, but again, nothing to the cockpit.
The newer 737-MAX's are Boeings responsibility. So far Southwest doesn't have enough of them to threaten the company should the need to be retro-fitted.
A fix to one line of code, would apply to several thousand aircraft. It won't be $1mil per line per aircraft. A software fix that cost $100million would be applicable to about 5000 unique aircraft.
There is a high noise to signal ratio in the original article, but it sure generates a lot of speculation and worry.
If faced with being tossed to the local airport police and dragged off for a stint in the local pokey for a bit, most people will give up their devices.
Ah, so threat of becoming a criminal with a record is now the only thing that would actually separate a human from their can't-live-without-it smartphone.
Nope, no addiction to see here...everyone is fine...move along...
Why do you assume it's WiFi? It could be simple RF interference wreaking havoc. It affects older planes more than newer ones, which is a big clue, since older planes lack a lot of the high integration newer planes have. And newer planes are designed for a more modern world, where RF transmitters are common instead of rare - so modern planes can handle intentional RF transmitters much better (especially in an age with wireless headphones and such).
After all, cellphones have been documented to cause loss of GPS lock on aircraft, and there are plenty of anecdotes about stuff like PDAs and such in the "old days" causing navigation errors.
Yes, you can point out Mythbusters doing all sorts of cellphone tests causing no problems with aircraft, but on older ones, it actually is a problem. It's just that there are so many variables that no one's been able to definitely rule it out. (I know cellphones cause interference, because I've experienced it - it feeds back into the radios).
The cables carrying control signals run everywhere - a bunch run underneath the floor of the passenger compartment, while more still run just beside the passengers themselves, on the other side of the wall cladding.
On an older plane, they're probably not shielded, so perhaps controlled bursts of RF from a WiFi transmitter at the right spot can disrupt the communications between nodes and cause them to lock up.
And that is even harder to fix - shielding cables is going to be difficult to do since you have to tear down the aircraft to do so, and the older fleet is going to be very expensive to do this. You could update the flight software to be more tolerant, perhaps even changing the protocol to test link robustness, but that's expensive.
Fact is, aircraft are poorly shielded, especially older ones (they tested in a 757, that should tell you the age). You don't need WiFi to disrupt the aircraft. Heck, using one of those SDR dongles you can probably even use that to snoop on the communications traffic between avionics
Insurance companies are (in)famous for taking money for policies and then wiggling out of things they don't have to pay for. Consider the likelihood an insurance company would pay for a crash caused by a publicly known exploit that their customer (the airline) and the manufacturer (Boeing) refused to fix.
I'm not necessarily assuming Wi-Fi, but if they're talking about fixing it in software, that probably points to a problem with the isolation between avionics and the end-user network (unless the computers are a bit too quick to react to spurious sensor readings or something, and they think they can "solve" it by smoothing the data...).
Besides, banning electronic devices in the cabin (or even in checked baggage) wouldn't mitigate an attack caused by RF interference. The only real fix is to add shielding, because somebody could just as easily produce RF interference with a parabolic antenna aimed up from the ground.
Check out my sci-fi/humor trilogy at PatriotsBooks.
>Decades of senseless crashes and people being instantly turned into charred person-burgers have not changed humanity's desire for air travel.
Why should it? Statistically, the drive to the airport is still the most dangerous part of the trip.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
There's a huge difference between being able turn off the "Fasten Seatbelts" lights, encouraging people to walk around during turbulence
You don't need to encourage people to do that by turning off the seatbelt light, they'll do it whether the light is on or not. On a flight a few days ago, one idiot got up not once but twice to use the lavatory while we were on final descent. Both times the attendant walked by to lock the lav but didn't need to because the idiot was in it and the sign said "occupied". She thought it was empty and locked by another attendant. After she strapped in, the idiot returned to his seat, leaving the lav door ajar.
And factor in the idiot attendants who tell people that the "lighted sign or placard" (regulatory language referring to the fasten seatbelt light) was just a recommendation and of course people can ignore it and get up to walk around. (Delta, I'm pointing at you, here.)