Subscribe via RSS
Archives by Date
June 2009
May 2009
April 2009

See all Archives
Archives by Category
'Canes
Afghan Update
Ammo and Munitions
Armor
Around the Globe
Av Week Extra
Axe in Iraq (and Elsewhere)
Bizarro
Blimps
Blog Bidness
Body Armor Blues
Bomb Squad
Brownshoes in Action
Bubbleheads, etc.
Cammo Green
Catch the "Buzz"
Chem-Bio
Civilian Apps
Cloak and Dagger
Commandos
Comms
Contingency Ops
Cops and Robbers
Cyber-warfare
Data Diving
Defense Tech Poll
Defense Tech Radio
Dissent Tech
Door Kickers
Drones
DT Administrivia
Eat DT's Dust
Extra! Extra!
Eye on China
Fast Movers
FCS Watch
Fire for Effect
FOS Files
Friday Funnies
Gadgets and Gear
Going Green
Grand Ole Osprey
Ground Vehicles
Guns
Homeland Security
In the Weeds with Eric
Info War
Iraq Diary
Jarhead Jazz
JSF Watch
Just War Theories
Lasers and Ray Guns
Less-lethal
Logistics
Los Alamos and Labs
M4 Monopoly
Medic!
Mercs
Missiles
Money Money Money
Most Wanted
MRAP Edge
Net-Centric
Nukes
Old Skool
Our Shrinking Planet
Planes, Copters, Blimps
Podcast
Politricks
Polmar's Perspective
Popular Mechanics
Rapid Fire
Raptor Watch
Red Team
Retro-Futuro
Robots
Roll Your Own
Sabra Tech
Ships and Subs
Snipertech
Soldier Systems
Space
Special Ops
Star Wars
Strategery
Stray Trons
Tactical Development
Terror Tech
The Deadlies
The Defense Biz
The Peoples' Site
The Sunday Paper
The Tanker Tango
The View from Av Week
Those Nutty Norks
Training and Sims
Trimble on the Case
Video Lounge
War Update
Ward'z Wonderz
You can run...

See all Archives
Newsletters

Edited by Christian Lowe | Contact

Hacking the Dreamliner?

Boeing787.jpg

Along with the standard spiels about exit rows and seat belts, flight attendents of the future might add this to their repetoires: "The captain has requested that all passengers close their browsers until he regains control of the aircraft."

Recently the AP reported on a possible unintended consequence of offering Internet access to all passengers on Boeing's 787 Dreamliner. Here's an except:

Before Boeing Co.'s new 787 jetliner gets the green light to fly passengers, the aircraft maker will have to prove that offering Internet access in the cabin won't leave the flight controls vulnerable to hackers and hijackers.

Boeing claims it has engineered safeguards to shut out unauthorized users, but some security analysts worry navigation and communications systems could be vulnerable.

"The odds of this being perfect are zero," said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. "It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."

But Boeing spokeswoman Lori Gunter said 787's aviation electronics "are not connected in any way to the Internet."

Boeing has designed the 787 to allow airlines to offer passengers more in-flight entertainment and Internet options than previous planes have allowed.

Those new features and other aspects of 787's computer network go beyond the scope of existing regulations, so the Federal Aviation Administration is requiring Boeing to show the new technology won't pose a safety threat.

In a "special condition" the FAA has ordered Boeing to satisfy, the agency notes that the 787 "allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane.

"Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane."

Read the entire AP report here.

-- Ward
January 15, 2008 05:05 PM | Cyber-warfare |  Bookmark and Share

Comments

By the way, I couple of years ago I myself used wireless internet on a Lufthansa Boeing - but apparently the project was later abandoned

Posted by: vnl at February 29, 2008 08:10 AM


I think people here don't understand that this is pretty irrelevant.

You need to grasp the way things are rated in the CAA/EASA etc. Every eventuality is classified.

To put it simply the CAA would ground this aircraft if you could hack the aircraft and make it crash.

Read EASA CS-25.1309 to get a feel for what is permitted and how it is rated as acceptable(sadly I'm not in touch with the equivalent CAA document).

Posted by: Vstress at January 17, 2008 09:58 AM


you know what, i'm going to cede here. regarding airbus vs boeing, i read that article wrong. carry on!

Posted by: C at January 17, 2008 12:16 AM


CH, i'm not trying to start a flame war, but you must understand the principles of a closed system. i'll redact my viewpoint that Airbus isn't "sandbagging" Boeing when i see a white paper explaining why flight and entertainment systems have to be interconnected.

Posted by: C at January 16, 2008 11:53 PM


C,

I'm not interested in a flamewar over this, but avoid the trivial semantics. The router has an address, it is on the plane. One can safely generalize and say the plane has an address. If someone offers to deliver something to your front door do you say you don't have a front door, that your house has a front door? If someone says they have internet access do you tell them that they don't, that it is their cable/adsl/whatever modem that has it? The avionics are apparently not on a closed system, so I can call it the plane's address.

I m not opposed to internet connection on a plane. I agree with those raising concerns over an internet connection that is not completely and physically separated from the avionics systems on a plane. By physically separated, I do not mean a router or firewall, but complete physical separation. There should never be a chance for a packet to ever make it from one system to the other ever. Much like the closed network you mention in your office.

Things like routers/firewalls are not foolproof. Exploits do appear that allow ne'er-do-wells to gain complete administrative access to them. Once that happens your defenses are severely compromised.

Airbus was not sandbagging Boeing on this. They said that to meet the new requirements it would require two physically separate systems and that wasn't viable. Sounds to me, like both are saying that the two systems must be interconnected.

"Boeing rival Airbus SAS argues that the only way to satisfy the new requirement would be to physically separate the passenger information and entertainment systems from all other systems on the plane.

Airbus told the FAA in a written comment that such a solution "is not technically and operationally viable."


Let's be honest, system security is expensive and complicated and it doesn't sound like Boeing is offering a closed system, but rather one that is in some way interconnected. Why would an airline want to take this on?

On a side note, I don't get why columns about cyberwar are popular and no one particularly argues the doomsday scenarios they offer, but somehow think that some commercial airliner is going to be any better protected.

Posted by: CH at January 16, 2008 04:22 PM


Why would anyone ever connect the two systems? The article certainly implies that

The only rational connection I would imagine that would make sense would be a shared power supply, and a simple fuse limiting power draw from the entertainment system ought to solve that problem.

Posted by: ohwilleke at January 16, 2008 03:26 PM


Seems to me that Boeing would have to intentionally engineer in some form of connectivity for the internet/entertainment systems to the aircraft ARINC and Mil-STD-1553 busses that the various aircraft avionics systems use to communicate with each other. It seems to me that it would be pretty simple to run a dedicated ethernet network throughout the aircraft for each passenger to plug their laptop into if they want to surf the net at Fl 380. Just put a jack at each seat and run it to a dedicated server with satellite access to the internet. Charge the customers a fee for connectivity and away you go. Then you simply have to figure a way to keep the server from being hacked, but at least there is no threat to the aircraft or its systems.

Posted by: BH at January 16, 2008 01:39 PM


CH:

the plane does not have an address on the internet. the router has an address, the laptops have an address, the entertainment server has an address. it's so fantastically easy to separate systems. anecdotal evidence: we have a closed network here at the office with no wireless access point. there isn't ANYTHING that's not connected to the physical network that can get into any of the nodes on that nework short of someone with some pretty advanced monitoring equipment next to the systems. at that point you're compromised anyway.

another note: Norwegian Airlines just announced it would offer wireless internet etc on it's flights:
http://news.yahoo.com/s/nm/20080115/wr_nm/norwegian_mobile_dc

Quantas is rolling it out in 2008, as is Virgin Atlantic. this isn't some new frontier, it's Airbus trying to stall the 787.

Posted by: C at January 16, 2008 11:05 AM


First off: I have never seen a mention of wireless for this system. Why are we assuming this is wireless? It is far more likely to be wired.

Second: The two systems should be physically separated. There is no good reason not to physically separate them, but Airbus seems to defend Boeing here (also from an AP report):
"Boeing rival Airbus SAS argues that the only way to satisfy the new requirement would be to physically separate the passenger information and entertainment systems from all other systems on the plane.

Airbus told the FAA in a written comment that such a solution "is not technically and operationally viable."
Why not?

No, the avionics are not directly connected to the web, but apparently a physical path with only logical barriers exists. Is that really good enough in the real-world? To date, experience says 'no'. Don't forget, the security concerns do not just exist when a passenger is sitting in their seat on their laptop -- the plane itself now has an address on the internet, and while it is on, anyone anywhere can be trying to get in. Given all of the attention to 'cyber-warfare' on this site you would think that some more people would be thinking of those ramifications. Maybe a nation-state isn't going to hack your public airplane and bring it down, but what about a more sophisticated terrorist network? Maybe the current crop can't, but don't expect that to last.

Personally, I'll side with the group who says physically separate it or leave it out. As Scneier said, It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."

Posted by: CH at January 16, 2008 10:29 AM


"here is NO reason why flight and entertainment/passenger communications systems can't or won't be completely and physically separate"
~ C

Right! Euh, isn,t a plane's cabin a Faraday cage? So the airplane would need a signal extender to pass through the GSM and data feeds. You could put a hardware firewall on that, blocking www.porn.com and such.

vorsprung durch Technik!
Pharsalus

Posted by: Pharsalus at January 16, 2008 06:09 AM


The flight control computers are not going to be affected - this is a misunderstanding (and an understandable one, the way the article is worded).

Flight control computers are a completely isolated structure - each systems is. There are (3-4 usually to allow the identification of a failed computer). Each computer often runs on a seperate program to ensure that there aren't any identical errors.

However here is the explanation - what they referred to in the experpt "allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane"

These isolated networks are data transfer for weather and/or other information that would be passed to the pilot - but nothing that can't also be communicated via a radio.

Yes this affects the pilot decision (and thus flight safety) - but to be truthful it's an exaggeration of a tiny problem. I personally think it's more likely that someone would transmit false information on VHF to pilots, which is easier to accomplish.

Silly issue to raise when other threats are more significant (ie. small arms fire on landing a/c) - personally I think it's a clear attack on Boeing's integrity rather than anything else. (while I do work in aerospace, no I don't work for Boeing - so it's merely an outside opinion)

Posted by: Vstress at January 16, 2008 05:21 AM


Why would they connect the flight controls to the network?

Posted by: yrch at January 15, 2008 10:21 PM


How do you hack pass an air-gap? Social engineer the flight attendant with a cross-over cable.

...give me a break...

Posted by: Trafficgeek at January 15, 2008 06:30 PM


Worried about hackers when we all know that the main danger is snakes inside the plane!

Posted by: Vitor at January 15, 2008 06:14 PM


wait, i feel i should elaborate instead of just leaving it at that. there is NO reason why flight and entertainment/passenger communications systems can't or won't be completely and physically separate. boeing would have to be intentionally incompetent in their systems designs to place any link between the two.

there are already two-way passenger satellite communications systems onboard, this wouldn't be any different. the LAN would be connected to the passenger comms system and that's it. there aren't any systems on commercial aircraft that use 802.11 frequencies for any communications or controls.

this is simply the result of some paranoid technologically un-savvy politician or committee member trying to make waves.

Posted by: C at January 15, 2008 05:55 PM


there's not much to say about this from a technologist vs paranoia standpoint other than: this is stupid

Posted by: C at January 15, 2008 05:49 PM


Post a comment




Remember Me?


Please enter the code as seen in the image below to post your comment.