back to article Why hackers won't be able to hijack your next flight - the facts

Two seasoned pilots, one of whom is a published hacking expert, have been puncturing some of the myths about aircraft hacking at Defcon 22. Dr. Phil Polstra, professor of digital forensics at Bloomberg University (and a qualified commercial pilot and flight instructor) and "Captain Polly," professor of aviation at the …

Anonymous Coward

"almost always mechanical backup for critical ... components."

"While most aircraft these days used electronic systems for control there are almost always mechanical backup for critical and engine management components. "

Oh dear. This chap should pay a visit to Derby, England (or US equivalent) at some point and see how a modern passenger jet engine's fuel system is computer controlled with no mechanical backup. It's only been that way for around a couple of decades. Although the electronics is dual channel (one controlling, one backup), it's two channels of identical hardware running identical software. Dissimilar redundancy is presumably too expensive.

0
8
Silver badge
Facepalm

Re: AC Re: "almost always mechanical backup for critical ... components."

".....a modern passenger jet engine's fuel system is computer controlled with no mechanical backup...." They are talking about the flight instruments and the control interfaces, not back-end systems that are not connected to anything that can be hacked.

3
4
Anonymous Coward

Re: AC "almost always mechanical backup for critical ... components."

"not back-end systems that are not connected to anything"

Where do you get the "not connected" idea? Modern passenger aircraft engine control systems frequently have the VLAN-like connectivity mentioned in the article (AFDX, ARINC664, etc).

1
1
Vic
Silver badge

Re: "almost always mechanical backup for critical ... components."

Although the electronics is dual channel (one controlling, one backup), it's two channels of identical hardware running identical software.

This is frequently not the case; all the aircraft I've worked on have different types of CPU in the primary and secondary flight computers.

I've just read a presentation on Airbus fly-by-wire systems, and they use the same protocol.

Vic,

3
0
Anonymous Coward

Re: "almost always mechanical backup for critical ... components."

"all the aircraft I've worked on have different types of CPU in the primary and secondary flight computers.

I've just read a presentation on Airbus fly-by-wire systems, and they use the same protocol."

Pointers welcome.

In three decades of working with safety critical engine control systems (with no mechanical backup - it's the lack of mechanical backup that makes them safety critical), and in a brief brush with Integrated Modular Avionics, I've read lots about dissimilar redundancy. I've never seen a real commercially deployed system that used it. Maybe I've led a sheltered life. I'm happy to believe it happens somewhere. Documented examples welcome.

1
0
Silver badge
FAIL

Re: AC Re: AC "almost always mechanical backup for critical ... components."

"Where do you get the "not connected" idea? Modern passenger aircraft engine control systems frequently have the VLAN-like connectivity mentioned in the article (AFDX, ARINC664, etc)." Yeah, that would be the interfaces the article mentioned as being very difficult to impossible to hack.....

0
1
Vic
Silver badge

Re: "almost always mechanical backup for critical ... components."

In three decades of working with safety critical engine control systems

Flight computers aren't FADECs...

I've read lots about dissimilar redundancy. I've never seen a real commercially deployed system that used it.

I have first-hand experience of one of the Typhoon flight computers. Part of the spec was that it had to have a different CPU to the other type.

I'm happy to believe it happens somewhere. Documented examples welcome.

This document (PDF, takes a while to download) describes the A320 and A340 flight controllers. Section 3 covers the dissimilar hardware in each type of computer, as well as the dissimilar software in each channel of each computer - i.e. there are 4 separate developments by 4 separate teams. This is standard practice, IME.

Maybe I've led a sheltered life

'Fraid so...

Vic.

1
0
Anonymous Coward

Re: AC AC "almost always mechanical backup for critical ... components."

Matt said the critical engine control stuff I referred to wasn't connected via networks (even though the article said "control systems ... connected").

I pointed out that it was networked.

Matt said "it's not on a hackable network". I do hope so.

Meanwhile, I'm puzzled by the downvotes. Not fussed, just puzzled.

The facts are as previously stated. The typical modern passenger airline engine control system:

* is just as critical (maybe more???) than the flight computers. OK it's hard to usefully weaponise an engine control system in principle, except to kill the people on board.

* has no mechanical backup, and hasn't had for years.

* has network interfaces of various flavours. Hackable? Hopefully not. Reliable? Hopefully.

* does not use dissimilar redundancy, even if other critical systems do.

0
1
Anonymous Coward

Re: "almost always mechanical backup for critical ... components."

Thank you Vic, nice article. Nice policies+decisions from Aerospatiale too.

"Flight computers aren't FADECs..."

Quite. But I can't help wondering why the vaguely similar functional requirements (apart from environment, where a fllight computer has an easy life vs an engine-mounted FADEC), and the same engineering/regulatory/resilience requirements (DO178 level A in both cases?) lead to such architecturally different technical solutions in flight computer vs FADEC? Seen anything along those lines written up anywhere?

0
0
Vic
Silver badge

Re: "almost always mechanical backup for critical ... components."

I can't help wondering why the vaguely similar functional requirements (apart from environment, where a fllight computer has an easy life vs an engine-mounted FADEC), and the same engineering/regulatory/resilience requirements (DO178 level A in both cases?) lead to such architecturally different technical solutions in flight computer vs FADEC?

Different consequences if they fail.

If the engine dies, it's a royal pain in the arse, but planes can and do land safely without power - it's one of the skills that must be demonstrated on the first attempt during the Skills Test. There are no second chances - cock it up and you fail.

My favourite story of an unpowered descent is the Gimli Glider. That aircraft was used for another 25 years after that incident.

Vic.

3
0
Vic
Silver badge

Re: "almost always mechanical backup for critical ... components."

If the engine dies, it's a royal pain in the arse

I probably should have added, by way of contrast, "if you lose control of the flight surfaces, you're all dead".

Vic.

2
0
Anonymous Coward

Re: "almost always mechanical backup for critical ... components."

"if you lose control of the flight surfaces, you're all dead"

Except you're not, not always anyway. There are multiple incidents, none of which I can remember right now but which are doubtless in Wikipedia, where passenger aircraft have been steered largely or solely by means of adjusting engine thrust (more thrust = go up, differential L/R thrust for L/R steering).

"If the engine dies, it's a royal pain in the arse"

How much of a pain depends on various factors. There's ETOPS and all that. Of course ETOPS is not much good if you've lost all engines - but even that is survivable with the right kind of crew and the right kind of luck, the amazing Gimli Glider being one such story, but there are others e.g. involving flying through volcanic ash clouds and losing all engines (at least temporarily):

http://en.wikipedia.org/wiki/British_Airways_Flight_9

http://en.wikipedia.org/wiki/List_of_airline_flights_that_required_gliding

Wouldn't want to see either.

0
0
Vic
Silver badge

Re: "almost always mechanical backup for critical ... components."

There are multiple incidents, none of which I can remember right now but which are doubtless in Wikipedia, where passenger aircraft have been steered largely or solely by means of adjusting engine thrust (more thrust = go up, differential L/R thrust for L/R steering).

No, I can't remember any such instances either. I suspect there's a reason for that.

Adjusting engine thrust will give you control over your glide angle, and some control over yaw (given multiple functioning engines), but essentially no control over roll or pitch[1]. So you might be able to choose the point at which you strike the runway, but not which part of the plane you do it with. Planes don't land well on the wingtip...

Feel free to post references to prove me wrong, but I doubt you'll find any.

Vic.

[1] Secondary effects give you some control over roll, but not enough to land the thing.

0
0
Anonymous Coward

Re: "almost always mechanical backup for critical ... components."

Me: "incidents ... where passenger aircraft have been steered largely or solely by means of adjusting engine thrust "

Vic: "Feel free to post references to prove me wrong, but I doubt you'll find any.."

Is there a prize? :) A virtual pint will do, cheers.

http://en.wikipedia.org/wiki/Flight_with_disabled_controls (multiple incidents, well referenced)

Sample:

Controls damaged by explosive device/weapons

Philippine Airlines Flight 434, a Boeing 747, on 11 December 1994. The hydraulics were damaged by a bomb in the passenger cabin.[11]

DHL shootdown incident in Baghdad on 22 November 2003. The Airbus A300 DHL aircraft, hit by a surface-to-air missile, was the first jet airliner to land safely without any hydraulics using only engine controls.[12]

Controls damaged by pilot error

Pan Am Flight 845, a Boeing 747, on 30 July 1971. When taking off from San Francisco International Airport, the plane struck the approach lighting system after taxiing onto a much too short runway. After the impact, the plane continued into the takeoff roll, though its fuselage, landing gear, and 3 out of 4 hydraulic systems were badly damaged. After making a full circle over the Pacific Ocean for an hour and 42 minutes and dumping fuel, the plane made a hard emergency landing at San Francisco, ending on its tail. All 218 passengers survived with just a few minor injuries.[13]

Not surprisingly, there are plenty other examples with less satisfactory outcomes. As there are with engine failures. Not every captain could do what Sullenberger did when his engines stopped working. He unavoidably flew into Canada Geese. Perhaps surprisingly, engines aren't (weren't?) designed to be resistant to birds the size of Canada Geese.

0
0
Vic
Silver badge

Re: "almost always mechanical backup for critical ... components."

multiple incidents, well referenced

I'm genuinely surprised - one of those made it down. It did crash on the runway - but everyone got out OK.

The rest of those incidents were either partial loss of control - which we're all trained to deal with - or they crashed, killing people on board. Sometimes both.

Philippine Airlines Flight 434

Had autopilot to correct roll

Pan Am Flight 845

Still had hydraulic control.

The DHL flight is the unusual one, in that did make the runway in one piece. And that surprises me.

Vic.

1
0
RPF

Re: "almost always mechanical backup for critical ... components."

Here's the other famous one with no hydraulics (and hence no primary flight controls):

https://en.wikipedia.org/wiki/United_Airlines_Flight_232

After the incident, they trialled a similar occurrence with many, many crews in simulators, to see if they could come up with some kind of procedure to cope with this event again. All of them lost control and crashed spectacularly.

Only this and the DHL flight have ever made it. The key was getting the landing gear down; it improved stability through increased drag.

0
0

This post has been deleted by a moderator

Silver badge

Re: "ARINC 629 is actually harder to hack that ARINC 629,"?

and then there's this: An attacker would need to be travelling at nearly the same speed as an attacker to fool the aircraft Huh????

1
2
Mushroom

Re: "ARINC 629 is actually harder to hack that ARINC 629,"?

Yes, they'd need to be on-board, or running really fast to keep up. Otherwise the target plane will be out of WiFi range in about half a second.

Even with a high gain system and tracking dish, you'd only have it in range for a very short time unless you were using some serious kit - don't forget it would be line of sight and the plane is a few miles away at closest.

Yes, possible for a very well funded adversary, but the average hacker isn't going to hack the plane they are on and fly it into the ground for LULZ.

1
0

Re: "ARINC 629 is actually harder to hack that ARINC 629,"?

Yes, they'd need to be on-board, or running really fast to keep up. Otherwise the target plane will be out of WiFi range in about half a second.

Um… it isn't the WiFi but the collision detection systems they were talking about on that particular scenario. IIRC, it was ADS-B they were talking about. And yes, you have to keep up speed but mostly because they use directional antennas so you basically have to be spoofing your signal from the exact point where your "plane" would be at. Which means it's actually easier to actually fly a plane there instead of trying to fake it, as you need to do it for real anyway!

By the way, check out the videos. Another theoretical hijack consists on sending fake ACARS messages, their example was really, really funny.

0
0
Silver badge
Pirate

Attacker vs Attacker

"It might be feasible to send false messages to an aircraft's collision avoidance systems Polly said, but it would be very difficult to do effectively. An attacker would need to be travelling at nearly the same speed as an attacker to fool the aircraft for any appreciable time, the directional antennas used by commercial aircraft would make getting a bogus signal to the pilots difficult, and again they could always ignore it."

Say what?

Are we now vectoring our hack attacks THRU the the radar system?! Let's see, fly ahead of an airliner and squirt your dodgy data payload directly down the pipe. Yeah, that's the stuff!

0
0
Silver badge

Re: Attacker vs Attacker

ACAS is not a radar, what they're talking about is spoofing the collision avoidance system to make the aircraft manoeuvre to avoid something that isn't there. To do that you'd have to transmit a series of transponder returns from a consistent position relative to the target aircraft.

It may be possible to hack the ACAS box, Google TCAS for an explanation of how it works, and I'm not sure how they're integrated into a modern airliner so their data is displayed on the flight displays. However it's perfectly possible to have it as a standalone box that only takes power from the aircraft.

0
0
RPF

Re: Attacker vs Attacker

It's TCAS, but you're broadly correct.

You won't have to be moving to do this, either, as ships have a similar system and can generate false returns in aircraft (although they're very rarely at the same level......).

0
0
WTF?

We don't need no stinkin' backups

"t has been suggested that a cunning hacker could use an aircraft's network to sabotage the flight instruments if the avionics are unavailable. This would be useless Polstra said, since all critical electronic instruments in the cockpit have a mechanical backup - although whether the pilots would remember how to use them was another matter he joked."

I deal with database backups - and restores - all of the time. In fact, I just performed a 200G restore on a critical production database yesterday as part of routine maintainance to move hot datafiles to faster storage. While it was routine, I used the exact same process I used for actual restore a few months ago. I exercise restores from my backups whenever possible. Building standby databases or cloning development environments, it doesn't matter. Pick any time in my career, I have restored from backups in some fashion within the last month or so, so I know I can do it if I need to.

The point is, unless you test your backups, they are useless. How do they know if these backup systems are working if you never use them? Aeroplanes are taken down for scheduled maintanance all of the time. Why shouldn't that maintanance include a test flight in which the pilots use only the backup systems? Remember to test your backups - and their operators - often.

1
6
Silver badge

Re: We don't need no stinkin' backups

> Why shouldn't that maintanance include a test flight

Because it's dangerous to the crew, plane, and anything the plane might crash into. I sure as hell wouldn't fly anything that has had the primary flight controls intentionally turned off.

The flight crew practice the emergency procedures in the massive simulators the airlines use on a regular basis, and part of the maintenance is testing and exercising backup systems.

You're not going to test an ejection seat in a fighter by hopping in and pulling the loud handle. I don't test the ABS on my motorcycle by screaming down the road at 60mph and trying to lock up the brakes, I test it by attaching a laptop (or clipping in a diagnostics jumper) and seeing if all the valves and calipers behave properly.

11
0
Silver badge

Re: We don't need no stinkin' backups

I know a few people who work on planes. The system are tested. Rigorously. And the pilots train in the use of those systems via (expensive) simulators.

I appreciate the parallel you are trying to draw but what you are asking them to do is to deliberately force the system into a simulated failure during normal operation where there is nothing wrong. That's not quite the same as what you are doing and I suspect that if you suggested that to your boss then he/she might (legitimately) ask why you can't do the test on the expensive test system you pushed through in last year's budget for exactly this purpose.

It would be important to note that a failure of the primary systems would likely warrant - as a matter of procedure - an emergency landing. Not 'ohgodohgodohgod' type emergency, but as a matter of prudence, I am pretty sure you aren't supposed fly without a backup system and so if the main system is lost in-flight I would expect that the plane would request diversion to a closer airport, possibly requiring dumping of fuel.

You certainly couldn't do that just as a test!

My point is that you should test your systems as thoroughly as possible and in as close to real conditions as possible. BUT, 99/100 that's just not possible so you have to test things in part and bring them together, including simulations.

The simple fact is that it works because air travel is very, very safe. The most fallible part is the meat, which is why there's always backup meat as well.

6
0
Anonymous Coward

Re: We don't need no stinkin' backups

"The point is, unless you test your backups, they are useless. How do they know if these backup systems are working if you never use them?"

Excellent question.

The engine control systems I used to work with had pretty much two of everything, albeit all within one box - duplicated critical inputs and outputs, and duplicated electronics; call it System A and System B.

There was no permanent designated dedicated "backup" system as such. The system in control was alternated between flights, System A (and its inputs and outputs) for one flight then System B for the next,so that problems specifically couldn't lie hidden for long periods in between maintenance.

There is some logic in some of this stuff :)

4
0
Vic
Silver badge

Re: We don't need no stinkin' backups

How do they know if these backup systems are working if you never use them?

You do use them.

Two of the aircraft I fly have a "glass cockpit" system - the flying displays are big LCD screens, showing all the flight instrumentation and navigation systems.

The backups are mechanical instruments alongside the displays - and you *do* use them all the time. In fact, I rarely look at the airspeed indicator on the LCD, because I prefer to use the mechanical one (it's less laggy)

These backups aren't something that sit unused in a cupboard; they're in front of your face every time you fly.

Vic.

10
0

Re: We don't need no stinkin' backups

You should test your ABS on the road partly so you know it works but more importantly that YOU know how it feels on the bike when it does work. On cars most drivers will lift off the pedal once they feel it pulsing (ABS working) when really they should just keep their foot pressed down hard and just worry about steering. Having not ridden a bike with it the first thing I'd want to know is what it felt like when it was doing its job.

2
0
Bronze badge
Headmaster

Re: We don't need no stinkin' backups

"I deal with database backups - and restores - all of the time." ... "The point is, unless you test your backups, they are useless. How do they know if these backup systems are working if you never use them?"

Airplane backup systems aren't like the systems you're used to in that they're constantly running in parallel. These aren't offline backups; they're a separate set of instruments that are working at the same time as the computerized versions. A glance will tell you if the standby instruments are operational, and standard pre-flight checks also require they all be working.

1
0

Re: We don't need no stinkin' backups

"> Why shouldn't that maintenance include a test flight

Because it's dangerous to the crew, plane, and anything the plane might crash into. I sure as hell wouldn't fly anything that has had the primary flight controls intentionally turned off."

Well if you have two channels, i.e. a redundant system, why cant it be as simple as flicking a switch from primary to secondary systems? then if they fail, flip back to primary....

I don't see why the secondary systems should be any less critical than primary..

0
0
Anonymous Coward

Re: We don't need no stinkin' backups

" if you have two channels, i.e. a redundant system, why cant it be as simple as flicking a switch from primary to secondary systems? then if they fail, flip back to primary....

I don't see why the secondary systems should be any less critical than primary.."

Fancy a job in the industry?

That's pretty much what the Birmingham-designed and built engine controls made by the former Lucas Aerospace Engine Electronics (now a Rolls Royce subsidiary) have been doing for the last couple of decades. Two systems, and each startup a given system automatically alternates between primary and secondary, thereby minimising the risk of latent faults.

Additionally, during cold startup on the ground, use a few seconds to drive (and observe) some of the outputs at a time when you can safely abuse them without anybody noticing any disruption.

Really, this is an aspect that has had a bit of thought over the years. Doesn't mean there's not still room for improvement, but...

0
0
Boffin

Re: We don't need no stinkin' backups

You should test your ABS on the road partly so you know it works but more importantly that YOU know how it feels on the bike when it does work.

I'd be VERY wary of testing motorcycle ABS brakes like that, because they're far more critical in a bike than they are in a car. Having your wheels lock up (ABS ain't working) on a car results in smokey tyre rubber burning and pretty much that. Having the back wheel lock up leads to slipping and horrible snaking; having the front wheel lock up usually results in what we call a highside. It usually involves the rider being catapulted in front and serious injury… really, really nasty. Oh wait … you can also trigger a highsider if the back wheel locks up as well. So basically, no. Do not go around testing motorcycle ABS systems. Do not depend on them working properly either. Test them with OBD if you have to, but never, ever do that live.

0
0
Silver badge

Faster than a speeding data block

"In all cases the signals sent are time-sliced to ensure controls respond instantly ... "

No, they respond within a defined and acceptable time delay, by design.

2
0

But what upgrades the software?

All this fly by wire software gets patched just like anything else. Ultimately there is a computer that interacts with the internet, even if indirectly. Even if that is only in offices of the people that write the software. Air gaps are not enough -- Stuxnet crossed one easily.

As to misleading the pilot, in normal weather the pilot looks out the window which would prevent much happening (unless they fly for Asiana!). But in bad weather at night, the instruments are king. That said, there are rather a lot of them which would need to be overridden. GPS, VOR, Dead Reckoning ...

But still, best to get at the primary flight controls themselves. There is no mechanical backup for Airbuses for some time. Nor I believe the 777.

1
3
Vic
Silver badge

Re: But what upgrades the software?

There is no mechanical backup for Airbuses for some time. Nor I believe the 777.

There is certainly a mechanical backup on the 777. I'd have to look up the Airbus.

Vic.

2
0

Re: But what upgrades the software?

The A320 does indeed have mechanical backup but only for the rudder and horizontal stabilizer. It's designed to allow stable flight during a complete electrical loss or simultaneous failure of all five flight control computers.

In reality, this situation is so spectacularly unlikely it's a largely pointless enterprise and has been ditched on the newer Airbus models.

The A320 will fly perfectly happily and land safely with just one computer functional.

1
0

Wot about ILS?

ILS is unencrypted. Heck, it's not even digital.

0
1
Silver badge

You've been watching Die Harder again, haven't you ?

8
0
Vic
Silver badge

Re: Wot about ILS?

ILS is unencrypted. Heck, it's not even digital.

So?

Try to work out a practical hack for ILS. Just adding more transmitters isn't going to bring aircraft down - it's just going to piss off the first two pilots who have to execute a missed approach.

As soon as the difficulty is discovered - even if no-one knows why it's gone wrong - ILS will be marked as inoperative, and every single incoming aircraft will be told this. The pilot will need to say that it is inoperative as part of his read-back to ATSU.

ILS is an aid to navigation, it's not the only way of bringing an aircraft in. Should the visibilty be so poor that the airfield is effectively unusable without ILS, incoming aircraft will be diverted. They *do* have enough fuel for that - it's part of the flight plan.

Vic.

7
0
Silver badge

Heck, it's not even digital

And yet it works, it's as if you don't need a series of 1s and 0s in the real world...

7
0

Collision avoidance system

The suggestion in the article that pilots may ignore the collision avoidance system blaring sounds like a potentially suicidal thing to do and I really have doubts that is the case.

Why not execute (say - I don't know the exact procedures) a diving turn to the right just to be sure?

Apart from that: nice to hear something fairly optimistic coming out of Defcon...

0
0
Silver badge

Re: Collision avoidance system

From my understanding of how the ACAS/TCAS systems work it wouldn't really matter if you obeyed a false alarm as all it will have told you to do is make a climb or descent to avoid an aircraft that isn't there. The descent advisory is suppressed below a certain altitude above ground level as well so it won't order you into the ground.

You might, might, be able to confues the box as to which aircraft should climb and which should descend, which is based on serial number I think, but that means you'd have to be willing to sacrifice your spoofing platform, and get it in the right place to ensure a TCAS resolution advisory gets triggered agains your target aircraft. Which is the kind of non-trivial problem that makes air defence systems so expensive.

3
0

Step back and thnk about this.

When the Boeings/Airbuses of the world design/upgrade a aircraft one of their over-riding goals is "let’s not make an aircraft that falls out of the sky". So their go to great lengths in the design/specification/building of the aircraft so ensure as far as possible, and then some, that this all the passengers arrive alive.

If you look back in history of the DH Comet the design flaw in the shape of the windows led to a number of fatal crashes from hull/metal fatigue. The point being that DH never recovered from this, in any meaningful way as the manufacture of commercial airliners.

How many aircraft have been lost due to a design flaw over the last 10, 20, 30, 40 years?

Can they make things better, sure they can.

Should they be complacent with security/resilience of the 'fly-by-wire' etc, coupled with advent of powerful table/phones on the plane, and high end equipment on the ground with high speed communications, in the hands of folks that may not think kindly of others. Absolutely not.

Are the airline designers complacent? I very much doubt it. They have too much to lose.

0
0
Silver badge

Re: Step back and thnk about this.

In theory you're right, but then again I have a hunch the NASA / Thiokol people weren't feeling particularly complacent either...

1
0
Anonymous Coward

Re: Step back and thnk about this.

"Are the airline designers complacent? I very much doubt it. They have too much to lose."

You'd have been right a decade ago.

Are you still right?

Has it not occured to you that the Dreamliner may be about to prove that the MBAs and the outsourcing experts and the believers in unverified self-certification may have been allowed too much room to override engineering best practice? It's a thought that has occurred to many people in the industry, and some well known names outside.

"Richard Feynman's famous conclusion to his report on the shuttle Challenger accident, which arose again in the Columbia accident, is "For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled." "

See also: Charles Haddon-Cave (Nimrod inquiry etc).

1
0

Re: Step back and thnk about this.

@ AC.

On reflection I do think I put forward an 'optimistic' view, or perhaps it is a veiw of what I hoped to be the case rather than what is.

i've started to the read the Charles Haddon-Cave (Nimrod inquiry), but as it's some 587 pages long it may take some time! However so far, it is a surpising easy read for a non (aircraft) techie.

I've always worried why the Nimrod (based on the Comet 4) was kept in servie so such a long time, but I surpose that is more a question around MOD purchasing/specifications and the almighty mess that is.

0
0
Flame

Re: Step back and thnk about this.

It is rather telling that there seems to be a mistake on the lithium batteries on those, a mistake that I wouldn't have made since I know more than nothing at all about lithium batteries, unlike whoever got it wrong enough that they keep catching fire.

Or perhaps some clever hacker has worked out that if he spins up all the drives at the same time it overheats the battery in the in-flight entertainment system?

0
0
Silver badge

Re: Step back and thnk about this.

"I've always worried why the Nimrod (based on the Comet 4) was kept in servie so such a long time,"

It worked and it had spectacular endurance (engines in the wing meant that when on station 3 of the 4 could be switched off, dropping fuel consuumption dramatically.) Try that on a podded engine and you'll find yourself flying in a corkscrew pattern thanks to the drag of windmilling fans.

A bunch of the other stuff on them was shite and dangerous, but all the other aircraft were "Not Invented Here", so jingoism ensured Nimrods kept going. (Not that Rivet Joint birds are any better. The design is older than the Nimrod)

Military aircraft are more about projecting national prestige than fitness for purpose.

1
0
Silver badge

Re: Step back and thnk about this.

'Try that on a podded engine and you'll find yourself flying in a corkscrew pattern thanks to the drag of windmilling fans'

So you're saying a windmilling engine inside the wing won't cause drag? Because I'd like to know how that magic works.

Of course if the podded engine is a higher bypass ratio then it may cause more drag, but then it's more fuel efficient when running and it wouldn't fit inside the wing anyway. It also allows you to build a lighter wing structure as the mass of the engine counters the aerodynamic twisting loads, whereas an integral engine doesn't.

Rivet Joint has the slight advantage that there are a few hundred of the basic airframe in service, vs the 20 max for the Nimrod. It makes getting parts easier.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017