New Boeing 787 vulnerable to hacking
Hijacking is so passé
ACCORDING TO to the U.S. Federal Aviation Administration, the new Boeing 787 Dreamliner aeroplane may have a serious security vulnerability in its on-board computer networks that could allow passengers to access the plane's control systems.
The computer network for the Dreamliner's passengers, designed to give passengers in-flight internet access and entertainment, is connected to the plane's control, navigation and communication systems, the FAA report reveals (the report is mirrored here).
It also connects to the airline's business and administrative-support network, which communicates maintenance issues to ground crews.
The design "allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane," says the FAA report. "Because of this new passenger connectivity, the proposed data-network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane."
Boeing said it's aware of the issue and has designed a solution it will test shortly.
More worryingly, there seems to be some confusion at Boeing as to what exactly the situation is, as Boeing spokeswoman Lori Gunter said the wording of the FAA document is misleading, and that the plane's networks don't completely connect. Why are you testing a new solution then?
Gunter said Boring is employing a combination of solutions that involves some physical separation of the networks, known as "air gaps," and software firewalls. Gunter also mentioned other technical solutions, which she said are proprietary and didn't want to discuss in public.
Short of the necessity to pause programming for announcements by the crew, which could surely be routed by some safe means, we just cannot contemplate why on earth the navigation and control systems need to be connected to the on-boardpassenger entertainment network, and why this was ever thought plausible and safe in the first place.
In our opinion a system like this is never 100% safe unless the two networks are completely physically separated.
The INQ will stick to flying airships from now on. µ
Comments
Base station?
In our opinion a system like this is never 100% safe unless the two networks are completely physically separated.whereby they almost certainly link down to the same base station?
its supposed to be hacked, BY THE FEDS
But the whole point was so the feds could take control of the planefrom the ground if it were hi jacked. If you look on the internet
there are articles about the feds wanted to be able to take control of
an aircraft from the ground if its reported its been hi jacked by
terrorists, so its the FAA who is putting national security at risk by
making this information public. Why would you tell the public the
technical specification of an aircraft, is that not tipping off the
bad guys? The good guys the feds have been trying to get aircraft like
this for a long time, but it was supposed to be secret that the feds
are able to take over an aircraft from the ground to stop terrorists
from doing another 9/11. Sure we need to address this issue so un
authorised folks can't take control of the aircraft, but I don't think
any of this should of been made public for security reasons, this
could of all of been sorted out behind closed doors.
Uh-oh
Gives new meaning to a BSOD! I would imagine that the FAA would have a separate backdoor in the system that could take over the functions of the plane in the case of a hijacking event. Passengers should have no ability to remote connect to anything but the entertainment networks. Why not have physically separate networks with different routing points?love the typo
Gunter said BoringSecurity through obscurity is not good enough.
Just because it's not publicized doesn't mean it's secure.OMG!
Good grief... Makes you wonder what kind of network expertise they called on when designing such a system. I would assume it was the one guy in the office who had made a lan for his house.Any network professional who thought mixing public data with critical systems needs to have his head examined!
My company has recently been jumping backwards through hoops to comply with the PCI regs regarding handling of credit card data, and that kind of network c*ck up would have you laughed out of the audit in the first couple of minutes.
I guess a Boeing is less important than a Barclaycard.
In flight entertainment a bit too realistic
I heard Virgin are including in flight weather updates - and if you don't like the weather there you can just take control and fly somewhere else! Brilliant!airbus the same
http://www.heise.de/ct/schlagseite/03/01/gross.jpg