back to article US regulator raises Dreamliner hacker risk fear

Regulators have expressed concern that Boeing's new 787 Dreamliner passenger jet may be vulnerable to hacker attack. The US Federal Aviation Administration has raised fears that onboard computer networks are potentially exposed to tampering by passengers. Systems designed to give passengers in-flight internet access are …

COMMENTS

This topic is closed for new posts.
  1. Tim
    Thumb Up

    Integrate with Google Earth

    Wouldn't that be great. You could get at google earth as a passenger and use it's "Fly to" function - quite literally!

  2. Paul Crawford Silver badge
    Stop

    Oh yes?

    They say:

    '...although data can pass between the two networks, protections already in place make sure that passenger internet services are blocked from accessing maintenance data or the navigation system "under any circumstance"'

    I say:

    Prove it. Make the whole system available to the Black Hat conference folks for a few months and then see if this is really 'unbreakable', unlike some well known adverts in the past...

    No firewall is better than a few cm of air!

  3. Ash

    Heads should roll

    You don't need internet access to fly a plane, and passangers don't need access to any network used for craft functions.

    The guy who designed the network infrastructure should be sued for incompetance.

  4. Keith Oborn

    Airline Revenue Opportunity

    Way back, the Daedalus column on New Scientist magazine propopsed the "collective responsibility vehicle" - a bus with each seat having a steering wheel and a coin slot. The direction of the bus was the result of the average input of all steering wheels, weighed by the amount of money put in each slot.

    Now buses don't have the necessary hardware at the seat. But airliners all have seat back displays and buttons, and you can imagine the delight of the airlines at a proposal to add a credit card slot to those-.

    Brings a whole new dimension to the old "take this plane to <insert dodgy republic>" stories!

  5. Gordon

    One word

    "NO!"

    We're not going to have the passengers being connected to the same "network" as the aircraft uses for essential stuff. Notwithstanding a certain amount of jouralistic licence, surely keeping them physically seperate is the ONLY possible way to be 100 percent safe?

    Unless the only "Connection" is that they're both plugged into the same power supply, and do not exchange data with this!

  6. Dazed and Confused

    Firewalls should be made out for bricks

    I would think this was one case where the firewall should be pretty physical. The aircraft's control systems obviously need to be able to control the passengers network, but the thought that data could cross from one net to the other is extremely scary.

  7. John Miles

    That cartoon - where passenger has laptop on plane

    and the screen reads - blue tooth: found A380 airbus, install drivers? springs to mind

  8. Anonymous Coward
    Black Helicopters

    I assume

    that as with all OS (remember the fuss over the NSA-KEY allegedly lurking in Windows a few years back? http://www.theregister.co.uk/1999/09/05/microsoft_collaborating_with_us_spymasters/) that there will be a back door to allow IMF agents upon receiving their brief to then re-route the plane whilst in flight so they can complete their mission on time.

    Whilst sodding up the travel plans of the public of course.

    And if you beleive rumours that make it to the press about crew behaviour, no firewall to stop passenger interference will stop the stewardess installing Doom to play with the flight crew on "their" side of the firewall....

    If the black box doesnt do a full backup of all systems data (and I think they only do limited stuff relating to the "mechanicals", correct me if I am wrong), the first time one of these things smacks into a mountainside, there will be calls for them all to be grounded and re-wired. I dont let my car "IT stuff" (other than OEM) interfere with the safety bits, I would be even more worried about flying in something this complex.

  9. Anonymous Coward
    Paris Hilton

    so current planes don't connect these systems?

    There's probably a very simple answer to this, but if current planes have absolutely no connection between navigation and entertainment systems, how do SkyMap channels work? According to http://www.virgin-atlantic.com/en/gb/whatsonboard/inflightentertainment/index.jsp, theirs uses "the very same navigational equipment employed on the flight deck"

  10. Anonymous Coward
    Anonymous Coward

    Note to self: Avoid DreamLiner

    I am so not flying in an aircraft in which some malicious piece of software inserted at the passenger end can cause potential havoc on the passenger-crew/maintenance interface. I love technology on planes, but the fact that the two networks are not separate is... well... a step too far. No thanks.

  11. David Harper

    Wings stay on, wings fall off

    I'm reminded of the Gary Larson "Far Side" cartoon which shows a guy sitting next to an airliner window. Below the window is a toggle switch labelled "Wings stay on/Wings fall off".

  12. Simon Painter
    Flame

    @John Miles

    Wrong plane. Although similarly massive the 787 and the A380 are two entirely different planes.

  13. Mike Arthur
    Happy

    oh looky

    Isn't this flight sim accurate....

    Homer mode on

    plane goes up, plane goes down,

    plane goes up, plane goes down

    Homer mode off

  14. amanfromMars Silver badge
    Alien

    dDeeper Flights ......... for XXXXPert Master Pilots of Universe Genre.

    "The NSA is suspected of everything from the overthrow of foreign governments to negotiating the repatriation of hostages abducted by aliens." .... http://www.theregister.co.uk/1999/09/05/microsoft_collaborating_with_us_spymasters/

    IT would be XXXXstreamly lucrative for them* to set up/register alien governments, especially with all that new fangled, entangling NEUKlearer HyperRadioProActivity ... Astute Sub-Atomic Quantum Communications.

    QuITe Priceless and worth a Mint/Absolute Fortune ........ which effectively, logical, would really mean that it would be practically free to any who paid the Piper for ITs Tunes given what IT is capable of doing.

    * With them being anyone with the necessary CyberIntelAIgents for who is to say that the NSA are not [now] being Programmed and Program-led? Although that would be beautifully, plausibly deniable even though the thought is shared with them here. What one can be sure of though is that if IT is thought a Better Beta Systems Program, they'll be Generous to a FailSafe Fault to justify Input Proxy to Leading Roles.

    And the Spooky thing is, is that if they don't they will lose IT to whoever does. An Analytical Failure of Omission due to Systemic Weakness and AI Blind Faith.

  15. TeeCee Gold badge
    Stop

    Yeah, right.

    "......although data can pass between the two networks, protections already in place......."

    'cos we all know that every successful attack has been in situations where there is no authentication, firewall or other protective system between the hacker and his target, don't we?

    "Take this plane to Tehran! On second thoughts, don't bother, I'll do it myself".

  16. joe
    Pirate

    There is absolutely no excuse

    or valid reason to have passengers laptops linked, even remotely, to an airlines main navigation control system... period! This is totally insane. How many "unbreakable" protocols, apps, databases, networks, etc have been created up to this point? The answer is NONE. If it's related in any way to computers and networks it most certainly is breakable and prone to human error. How many times have we heard of government databases being broken into? Are they not "state of the art technology"? It's been shown time and time again that any network can be breached and messed around with. It's bad enough that the Net has proven it ISN'T safe and never will be no matter how hard IT tries. It's like everything else man made..... breakable and flawed. So now we put multiple lives at risk for what........?? This is total and complete insanity.

  17. Ian Michael Gumby
    Thumb Down

    Stupidity at work....

    Clearly the networks should have been kept separate. What did Boeing do, outsource the design?

    My guess, the program/project manager knew how to push paper, but knew nothing of network architecture or design.

  18. Vaughan
    Linux

    In-flight entertainment

    Fight sim game?

  19. Vaughan
    Linux

    In-flight entertainment

    Flight sim game? (typo correction)

  20. Anonymous Coward
    Boffin

    Yeah yeah, but what will bring the airliner down...

    ...will still be a broken wing or something no-one though about rather than a leaky firewall. One would need to know more about why the networks were connected in the first place, but this is not particularly more disquieting than a publicly accessible Milnet. Maybe the just pass SNMP traps from the inside to the outside? Who knows.

    So, forum experts... pack up your expert indignation, nothing to see here.

  21. Ash
    Coat

    @joe

    "How many times have we heard of government databases being broken into?"

    No need. They leave them unsecured on laptops in cars, on memory sticks in libraries, and mail them to corporations in foreign countries.

  22. Anonymous Coward
    Boffin

    Connection

    In-flight moving maps are connected - but I would suspect (although not an expert) that it is a one way (out) data feed to the map software. Quite why the new craft need to be any different and linked to passenger side is beyond me although the story doesn't quite go in depth and say what is linked, for why, and how so I will reserve my judgement but I will be taking my MS force feedback joystick to plug into the a/c just in case :)

  23. Anonymous Coward
    Flame

    @ Simon Painter

    I believe he was referring to a cartoon about the A380 which proves fitting in this case.

    In any case, the two aircraft are not similarly massive - the A380 being of almost twice the mass of the 787.

  24. Neil

    Who

    signed this off as a good idea? Seriously! "Hey, at least doing it this way we save $20 on the $50,000,000 cost of the plane by not buying a second network hub!"

    Ok, I don't know if they use network hubs, cat5 or if the plane cost $50,000,000 or what but who in their right mind would have thought this a good plan?

    Did Thales do this? I know they worked on some of the A380 systems.

  25. Chris
    Pirate

    Boeing sympathises with Al-Qaeda

    Since taking a pen-knife onto one of their planes is now more difficult than it used to be following 9/11 as a result of heightened airport security, it seems that Boeing has endeavoured to resolve this dilemma so that a terrorist doesn't even need to get out of their passenger seat in order to hijack/sabotage one of their aircraft any more.

    Maybe all that will be required is a lap-top computer to hack into the on-board network, seize control of the aircraft and fly it into the nearest highly populated building. Or perhaps simply by causing the network that manages the entertainment system (and conveniently the aircraft's navigation controls) to crash, the plane will obligingly drop like a stone from the sky somewhere in the vicinity of the White House.

    Good job Boeing! After 9/11 it's nice to know that you take security seriously.

  26. Chris C

    They need to be physically separated

    While it MAY be possible to build the two systems so that limited data can be passed back and forth, I would still be very wary of such a system. At any rate, the two networks absolutely MUST be physically separated. At the very most, use a special device to link the networks, a device which will disconnect the non-essential (passenger) network from the essential (navigational) network upon non-normal conditions. Using the same physical bus results in unnecessary vulnerabilities, even if the two networks use different subnets or even network types (TCP/IP vs IPX/SPX, for example). The reason is that one malfunctioning device (or a device explicitly made to "malfunction") can disrupt the sending/receiving and/or cause latency for all other devices on the bus. Not exactly a good idea when some of those devices are keeping the plane in the air.

  27. Jon Bright

    @Neil

    When designing planes, engineers are pretty much always aiming to save weight. My guess is, this integration resulted in them saving several bundles of cables which run the entire length of the plane - probably a reasonable weight saving. Not a saving which necessarily sounds good to me, but I bet that's what they were thinking...

  28. Luiz Abdala
    Joke

    Physical separation is obvious, but...

    ... it would be interesting if the plane was being actually hijacked by Al Qaeda or something in the genre, the pilots were killed and the airplane's cockpit destroyed (cockpits don´t react well to bullets, I guess. Russian nuclear submarines surely don´t). Just fire up your Flight Simulator, log in with stewardess (er flight attendant, right?) priviileges, and guide the plane to an emergency landing anywhere. Of course, after the terrorists were disabled...

    That would be quite a movie, if it wasn´t already been done before.

    Please, as someone else said, the better firewall still is a few inches of air... and no wireless access, please!

  29. John Miles
    IT Angle

    @By Simon Painter

    This was the cartoon (sorry can't find English version)

    http://www.heise.de/ct/schlagseite/03/01/gross.jpg

    The article reminded me of it and I thought quite apt

    and yes it was an A310 not an A380 in cartoon

  30. Rich
    Thumb Down

    Depends on what you mean by connected?

    As mentioned, I assume that all Skymap systems have a feed from the aircraft positioning to the entertainment system. There are two other ways they could work: use a dedicated GPS, or (scodier) have the system programmed with flight number and a route map, and have the pilots occasionally update the ETA. That wouldn't show you where you were in the hold over Berkshire, though.

    There are a few other touch points. If the ent system uses satcom, it's reasonable that it might share this with navigation/telemetry functions. It's also possible that the same physical wiring is used for entertainment and other functions.

    Really it's just a question of ensuring that the division is maintained. Anything mission critical has to be developed and audited/tested to a high level (it doesn't run on a commercial OS, for instance). I reckon the report (the link is broken so I can't read it) is just flagging that everything needs to be checked and tested.

  31. Andy Bright

    Frequent crashes

    Personally I won't be booking any flights on any airline using these planes until after the first service pack has been released.

  32. yeah, right.

    next step...

    The next step, after this is done, is to announce that all the planes will now have Microsoft operating systems installed on the flight deck and for user convenience.

    Watch me start taking the boat again. And not an American warship:

    (http://www.theregister.co.uk/2007/02/26/windows_boxes_at_sea/)

  33. Graham Marsden
    Pirate

    This reminds me of this cartoon:

    http://www.heise.de/ct/schlagseite/03/01/gross.jpg

    (It's in German, but you can figure it out easily enough)

  34. Anonymous Coward
    Boffin

    Reality

    It's been a couple of months since I read the systems manual for 787 (given current delays, learning to drive the thing has lost the urgency!), but while I think some of the concepts didn't look brilliant on paper I don't think anyone would get far trying to get into the avionics from a cabin facing system.

    Much of the feature set of the aircraft does smack of the design team throwing every idea they could come up with at the thing, in some cases ending up with features apparently added just because they could be! Plus they've moved from the traditional avionics concept to something more familiar in the commercial world i.e. file servers, processing servers, and switched networks.

    As far as the computers goes, I seem to remember that on top of the avionics RTOS, there are also instances of Linux in there, and even XP (!!) as part of the Electronic Flight Bag modules (not a concern though, it's only used for the HMI, and the aircraft data exchange is handled via another OS (Linux?) on an independent CPU i.e. XP talks to Linux, Linux talks to aircraft. So Microsoft gets nowhere near the actual avionics).

    I think where most of the reported concern comes from the way the back end hardware is managed.

    The actual aircraft avionics networks run CDN (ARINC 664), over fibre. This is basically the same thing as used by Airbus on the A380 (AFDX), though in that case traditional cables are used instead of fibre. While this is derived from Ethernet it isn't the kind of thing you'd easily patch into or upset with a laptop. The cabin applications network is for the most part independent from this (dedicated cables, different protocols), with interconnection only where required to share common hardware platforms or for data exchange.

    The networks do come together in the core network and the Common Computing Resource. The former is the shared part of the aircraft networks, and incorporates all the network switching required to interlink various subsystem networks. The latter is the computing resource for the avionics and other systems, and can basically be considered as a form of blade server. The concept is that all the avionics processing runs on a common hardware platform, with the various systems being allocated to modules as required. This makes spares and support easier, and allows simple fail over during operation. In the worst case complete failure is handled by dual redundancy of the complete CCR, networks etc. etc., and beyond this low capability fail-safe modes in individual subsystems e.g. in the case of complete failure of the networks.

    Anyway, I know I didn't think much of the idea of all this concentrated and connected hardware when I first saw it, especially given there are wireless networks and cabin accessible networks involved.

    But it should be remembered that the way the system is built, with isolation and firewalls, should be adequate - after all, the different networks are only linked in that they share a switching platform at one point, and run different protocols and it's quite possible to ensure that only specific, formatted packets can be transferred between specific points, and even then only in one direction. I would assume that there isn't actually any flow from one network directly to another, but that certain systems have a link to the avionics net and also a dedicated port for any outputs to other networks e.g. cabin systems or maintenance.

    Considering that the hardware is all custom, the operating system is custom, the critical networks use a robust avionics network protocol and that the concept that someone might cause a problem (deliberately or otherwise) is a fairly basic one - let's face it, in theory a faulty IFE system could cause just as many problems on the network! - I don't think there was ever any real likelihood of a problem as it's been considered at a low level from day 1, for example in the design of the network protocol. When you have complete control you can build the systems to do specific jobs, and no more, which makes them slightly more robust than a general purpose operating system with a fully featured network stack.

    Not that I'd really want to go on a 787 for the first 12 months after entry into service, or live under a flight path: there are just too many things that 'might' go wrong given how many of the concepts are new. I'm yet to be convinced that composite fuselage tube is completely safe on an aircraft this size...

  35. Anonymous Coward
    Anonymous Coward

    Hacking the Friendly Skies

    Lol, did anyone actually read the linked article by the 'expert' quoted in this story, that is supposedly "about the topic" of this article?!

    Firstly its not even about the topic of the article, its a presentation about using WiFi to hack into other peoples laptops whilst waiting in the airport or whilst on the plane.

    Secondly it looks like it was written by a 12 year old, I'm not sure about the journalistic integrity of using any source material that contains the following.

    This is directly quoted from the linked article as things to do when you have compromised someone's laptop:

    --- Quote ---

    Change background image

    Find pr0n on target, make that the background image

    You’re backdoored the system, literally

    Launch MP3s with Parental Advisory lyrics

    Rap, death metal, industrial (make a political statement)

    Launch when cluebag goes to the lavatory for maximum effect

    Launch MP3 real loud that says, “wow this porn is hot!” and then launch hot .avi, .mpg, or .wmv

    Launch MP3 that says, “how much for a lavatory quickie, bitch?” during the drink service

    Install a server and serve up pr0n to the rest of the aircraft

    --- End Quote ---

    Hmm. Yes. Clearly a comprehensive work on the technicalities of hacking aircraft operational systems there, providing that the avionics run on porn that is.

  36. Peter Mellor

    B777, B787 and Airbus

    > Reality

    > By Anonymous Coward

    > Posted Tuesday 8th January 2008 02:11 GMT

    Thanks for the overview of the Boeing B787 Dreamliner computer architecture. I know a bit about the B777, which has been flying for some years and in which the architecture is similar, at least, it has a dual Common Computer Resource. When I first saw the design, I thought at the time that there was at least a prima facie possibility that the in-flight entertainment could mess up the flight control system, but apparently the main CCR box has an internal architecture which is supposed to provide cast-iron separation between partitions so that a partition providing a flight-critical service cannot be interfered with by a less critical process.

    Even so, I am surprised that this has now surfaced as a potential problem with the B787 when it was not raised when the B777 was being certified.

    The Airbus A320 family, up to and including the A340, and I would guess the A380 as well, has a modular architecture, with 5 physically separate computer boxes in the flight control system (7 if you count the two flight augmentation computers, or FAC) and the flight management and guidance system (FMGS) computer boxes are physically separate from all of these.

  37. Anonymous Coward
    Alert

    DOS attacks possible

    If the networks are not physically separated this leaves the eventuality of denial of service attacks.

    Just get the first commercial passenger flight with most of the passengers using the internet and the plane will fall out of the sky.

This topic is closed for new posts.