Slashdot | Boeing 787 May Be Vulnerable to Hacker Attack Slashdot Log InCreate AccountSubscribeFirehose Why Log In?Why Subscribe? Sections Boeing 787 May Be Vulnerable to Hacker Attack ● Main Nickname Posted by Zonk on Sat Jan 05, 2008 04:32 PM ● Apple from the does-anyone-speak-l33t dept. ● AskSlashdot Password palegray.net writes ● Backslash "An article posted yesterday on Wired.com notes that 'Boeing's new 787 ● Books Dreamliner passenger jet may have a serious security vulnerability in its Public Terminal onboard computer networks that could allow passengers to access the ● Developers plane's control systems, according to the U.S. Federal Aviation ● Games Administration.' They're already working on solutions to the problem - including placing more physical separation between aircraft networks and [ Create a new account ] ● Hardware implementing more robust software-based firewalls." ● Interviews Related Links [+] security, cylonattack, transportation, boeing787, wormsonaplane (tagging beta) ● IT ● Compare prices on Security Software & ● Linux Related Stories Related Items ● Mobile ● palegray.net Firehose:Boeing 787 May Be Vulnerable to Hacker Attack by palegray.net (1195047) ● Politics ● may have a serious security vulnerability ● Science ● More Security stories ● YRO ● More Transportation stories Help ● FAQ This discussion has been archived. No new comments can be posted. ● Bugs Stories The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way. ● Old Stories http://it.slashdot.org/article.pl?sid=08/01/05/2057247 (1 of 10)24.1.2008 9:11:00 Slashdot | Boeing 787 May Be Vulnerable to Hacker Attack ● Old Polls ● ● Topics Restriction on software during flight? (Score:5, Funny) ● Hall of Fame by El_Muerte_TDS (592157) <[email protected]> on Saturday January 05, @04:33PM (#21926524) Homepage ● Bookmarks No more playing MS Flight Sim. ● Submit Story About ❍ ● Supporters Re:Restriction on software during flight? (Score:5, Funny) ● Code by nospam007 (722110) on Saturday January 05, @11:46PM (#21929536) Services Bluetooth alert: New device detected, Boeing 787 Dreamliner, install? ● Jobs [ Parent ] ● PriceGrabber ● Special Offers ● ● Sponsor Solutions I don't get it... (Score:5, Insightful) by Spalti (210617) on Saturday January 05, @04:35PM (#21926538) Homepage ● Surveys Jobs Why aren't both networks physically completely seperated from each other? Flash Developer New York, NY ❍ R/GA Re:I don't get it... (Score:4, Insightful) World-Class Design Lead by Brian Gordon (987471) on Saturday January 05, @04:39PM (#21926594) New York, NY (Fla... Angelsoft Why can you remotely control aircraft systems at all? There should be no network equipment to compromise in the first place! Web Business Systems Engineer [ Parent ] Cambridge, MA GuildCafe Enterta... ■ More Jobs > Re:I don't get it... (Score:5, Informative) Post a Job > by badasscat (563442) <[email protected]> on Saturday January 05, @04:47PM (#21926698) Homepage Why can you remotely control aircraft systems at all? There should be no network equipment to compromise in the first place! http://it.slashdot.org/article.pl?sid=08/01/05/2057247 (2 of 10)24.1.2008 9:11:00 Slashdot | Boeing 787 May Be Vulnerable to Hacker Attack The 787 is fly by wire, like most new aircraft designs. It's all computer controlled, not mechanical. My guess is this [aviationtoday.com] - the "common core system" designed by Honeywell - has something to do with the various systems being connected. This is a system designed to simplify the airplane's various systems and reduce the number of separate systems (which means fewer failure points - usually a good thing in engineering). I do believe Boeing when they say that there are built-in separations and that the two systems are not completely tied together, but obviously it wasn't enough for the FAA. So they're fixing it. Nothing really all that unusual about a new airplane design; there are always various issues that need to be addressed before first flight. [ Parent ] ■ Re:I don't get it... (Score:5, Insightful) by fartingfool (1208968) on Saturday January 05, @05:10PM (#21926916) My guess is it has to do with controlling the actual system for the passenger use. Pilots gotta have access to the No Smoking sign switch for example. So without any real technical background in how these systems work, I'd say they were simply given a switch to turn access on or off etc, and that simply meant some sort of basic connection had to be issued between the cockpit systems and passenger entertainment systems. The FAA report doesn't say exactly what the connection is between the systems, it just says there is a connection. My guess is it's the FAA over-hyping a situation, or someone else, to try and get these birds as safe as possible. Although I would agree that the passenger system should be as isolated as possible, and if control of these systems is needed, just run separate lines that link only to that system, even if it is basically pointless if the connection I assume it is really is that simple. I guess i welcome my first post to /. too after reading it for a year or so and keepin my thoughts to myself =D [ Parent ] ■ Re:I don't get it... (Score:5, Insightful) by rlk (1089) on Saturday January 05, @05:49PM (#21927272) "Not completely connected" is a very strange phrase. I could say that my laptop is "not completely connected" to the internet because there's a router between them. But either there's a connection between the two networks or there isn't. I don't know what it means to be connected at some points and not at others. The pilots certainly do need access to some of the cabin systems, for the seatbelt sign, for example. They may also need to be able to turn the cabin network off altogether. But those switches should have no signal connection of any kind to the maintenance and monitoring/control systems. The two networks should be physically partititioned. The way I read the article, there really are some connections between the networks (my guess is that it was simply cheaper or more convenient to link them), and the FAA's not happy with that state of affairs. I can't say I blame them. http://it.slashdot.org/article.pl?sid=08/01/05/2057247 (3 of 10)24.1.2008 9:11:00 Slashdot | Boeing 787 May Be Vulnerable to Hacker Attack Somehow I have a suspicion that someone will crack this sooner or later, and the TSA will react by banning use of laptops or something equally foolish, rather than addressing the more basic fact that the plane's systems have not been hardened appropriately (in this case, by being physically partitioned). [ Parent ] ■ ■ ■ Re:I don't get it... (Score:5, Funny) by Fred_A (10934) <[email protected] minus distro> on Sunday January 06, @06:30AM (#21931056) Homepage So, to be clear. Every seat has a seat-back screen in front of it, capable of displaying messages - but you would prefer a separate wire going to every seat to power a 'fasten your seatbelts' bulb? Uh, OK. I'm in favor of a full fledged IRC server so that the pilots can talk to the passengers. After all if you have a network why not use it. /join UA435 --- Welcome to Flight United Airlines 435 to Tokyo --- Please read the safety card in the back of the seat on fron of you <seat44G> HOW DOES THIS THING WORK? <seat112A> LOL n00b !!! <Pilot> Please fasten your seatbelts [ Parent ] ■ A little perspective (Score:5, Insightful) by mcrbids (148650) on Saturday January 05, @08:06PM (#21928368) Homepage Journal Queue up 11,000 A/C posts about H4X0RZ Cr45h1n6 for REALZ Do0DEZ!. This is not a "Windows vs Linux" thing. These are highly specialized data networks designed specifically for aircraft. The typical running life of a big jet is some 40 years or more - the idea of a consumer O/S such as Windows (or even Linux) being suitable for such a situation is simply stupid. Everything is coded in firmware, micro-processor based, with a likelyhood of actually crashing accidentally being somewhat less likely than getting struck by lightning on a sunny day while sitting in the cellar of your 4-story house. Not bloody likely. http://it.slashdot.org/article.pl?sid=08/01/05/2057247 (4 of 10)24.1.2008 9:11:00 Slashdot | Boeing 787 May Be Vulnerable to Hacker Attack But, actual, malicious attack? Possible - and if there was *ANY* connection between the passenger data networks and the main control networks, that's an issue that must be addressed. Most likely, the FAA found some part that was connected to both networks, that itself was not capable of actually transmitting data. But they're being car eful, as is their job, since lives are on the line. Go FAA! [ Parent ] ❍ Re:I don't get it... (Score:4, Insightful) by Nibbler999 (1101055) <tom_atkinson AT fsfe DOT org> on Saturday January 05, @04:39PM (#21926598) Homepage Probably to save weight on cabling/hardware. [ Parent ] ❍ Re:I don't get it... (Score:5, Funny) by dunezone (899268) on Saturday January 05, @04:41PM (#21926628) Journal Exactly, who the hell thought that it would be a good idea to allow the passenger network and pilot network system to even communicate with each other. Oh wait I got it, what if terrorist took over the cabin, but then a passenger(Justin Long) who is a master hacker controls the plane from his seat using his cell phone, and safely lands the plane but after he flipped it a few times so the terrorist would be knocked unconscious.