This one comes to us thanks to Rob:
http://www.wired.com/politics/security/news/2008/01/dreamliner_security
And I quote:
Boeing’s new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane’s control systems, according to the U.S. Federal Aviation Administration. The computer network in the Dreamliner’s passenger compartment, designed to give passengers in-flight internet access, is connected to the plane’s control, navigation and communication systems, an FAA report reveals. … Gunter wouldn’t go into detail about how Boeing is tackling the issue but says it is employing a combination of solutions that involves some physical separation of the networks, known as “air gaps,” and software firewalls. Gunter also mentioned other technical solutions, which she said are proprietary and didn’t want to discuss in public.
I can’t imagine anything so insanely stupid as to allow any physical connection between the control system and the passenger side of the network. Haven’t we learned anything over the past 30 years? We can never fully predict how a system like that will behave.
I’m not even talking terrorist scenarios; all it takes is one accidental denial of service glitch to, well, you know.
I think I’m going to go play some video games or something now.
Reader interactions
6 Replies to “Are You A Hacker? Want To Crash The 787 You’re Flying On?”
[…] Rich’s take on Securosis […]
[…] My take on Securosis […]
It is sad that something so simple, like segmentation of networks, was missed on a project such as this. Unbelievable!
Sadly, I think something like this type of vulnerability arising and being exploited is just a matter of time, statistically.
In Die-Hard 2, as I recall, the bad guys “reprogrammed” the ILS system to show the runway threshold as being earlier in the landing flight path (glideslope) than it really was, leading to the illusion that the runway was lower than it was. I remember thinking that the only thing an ILS glidepath system can do is tell the plane at what angle it should approach the point where the antenna is located. You can’‘t change the apparent location of the antenna. You could tell it to come in very steeply, causing a difficult landing situation, but the pilots would catch on if it was out by more than a few degrees as the plane started to dive toward the antenna. They’‘d have time to recover. At the time, I just accepted the fact that the vast majority of people would accept it as a good plot development.
However if the plane’s data network can be hacked, there is a chance of causing the Die Hard effect much more easily.
It also makes me think of the movie “The Net”, where the “Gateway 2000” firewall was used in almost every network, and it had backdoors that allowed the president of the company to control everything in anyone’s life, at his whim. For some reason it made me glad Microsoft doesn’‘t build widely used firewalls…
However, I have some faith that Boeing is going to take this discovery as a wake-up call, and make sure that they apply some real risk management on their critical systems, before it’s too late.
Actually the scene in Die Hard 2 has always been possible since the Instrument Landing System on which this is based simply follows a path defined by ground based radio beacons.
Just think of the calamity if it were suddenly possible to access flight control of an aircraft from the ground-side via the airplane-to-ground wifi. Terrorists would be all over that, gives me the creeps just thinking about it.
Suddenly that scene in Die Hard 2 where the bad guys tell the plane the runway is something like 100 feet lower than it actually is seems feasible, and that’s a scary though.