Boeing 787 grounded over hacking fears

dong20

Sexy Member
Joined
Feb 17, 2006
Posts
6,058
Media
0
Likes
28
Points
183
Location
The grey country
Sexuality
No Response
The Federal Aviation Authority (FAA) has grounded Boeing's new 787 airliner after concerns about the integrity of its computer systems.

The FAA said last week that it was unhappy with the possibility of passengers being able to hack into the aircraft's flight systems using the data links built into each seat.

"The proposed architecture of the 787 allows passenger connectivity to previously isolated data networks connected to systems that perform functions required to the safe operation of the airplane,"the FAA report stated.

"This new passenger connectivity may result in security vulnerabilities from intentional corruption of data and systems critical to the safety of the airplane."

Boeing has said that it is working with the FAA to resolve the problem and that it had already built a firewall between the systems.
The manufacturer claims that the systems would be 100 per cent secure."

Of course, this is mainstream media so somewhat alarmist ('grounding' an aircraft that has yet to fly for example) but the sheer arrogance (and naivety?) on the part of the manufacturer implied in that last line is what concerns me more than any actual risk, and indeed makes me more cautious.

The full article is linked below where the next sentences read:

"However, Bruce Schneier, chief technology officer at security firm BT Counterpane, said that the likelihood of the system being perfect is "zero" .

"It is possible that Boeing can make the connection to the internet secure. If it does, it will be the first time that anyone has done so," he told Associated Press."

Thank you, someone who knows what they're talking about.

Boeing 787 grounded over hacking fears - vnunet.com

Here's another link as the vnunet links I've posted before sometimes have not worked for some. Odd but on a quick look I can't see any related articles on the FAA website, hmm...why is that?

Hacker risk to Boeing's 787 jet | Australian IT

Of course, the problems with Airbus (and other) software should mean this sort of concern should be no surprise to anyone. 100% secure/reliable system or, rather, in this case separation of systems? Dream on.
 

Mem

Sexy Member
Joined
Jul 4, 2006
Posts
7,912
Media
0
Likes
54
Points
183
Location
FL
Sexuality
99% Gay, 1% Straight
Gender
Male
There is always gonna be a jerk pilot who's password is PASSWORD.
 

HazelGod

Sexy Member
Joined
Dec 11, 2006
Posts
7,154
Media
1
Likes
31
Points
183
Location
The Other Side of the Pillow
Sexuality
99% Straight, 1% Gay
Gender
Male
What stupidity.

I find it difficult to believe that the design team ever seriously considered interconnecting the flight control systems with the Internet-facing networks.

If they weren't already, the cockpit and FCS should have been on a physically isolated network. People can't hack what they can't connect to.
 

dong20

Sexy Member
Joined
Feb 17, 2006
Posts
6,058
Media
0
Likes
28
Points
183
Location
The grey country
Sexuality
No Response
What stupidity.

I find it difficult to believe that the design team ever seriously considered interconnecting the flight control systems with the Internet-facing networks.

If they weren't already, the cockpit and FCS should have been on a physically isolated network. People can't hack what they can't connect to.

If they wanted 100% security on the plane's system why didn't they isolate it completely?

Two systems, one for the plane, one for the passengers.

I agree, this is from a similar article:

"...Airbus, whose comments support Boeing, said that physically separating the passenger and flight networks -- one surefire method of stopping tampering -- means that passengers may not then have access to satellite and other network connections. The company argued that a minimum amount of communication between the networks is necessary..."

It goes along with airborne use of cellphones. I mean if the world were to come to a sudden and catastrophic end, I'd doubt sending an email or a text message would be of much assistance.

That said, yes, it would be nice to have web access on board but not at the risk of being sent plummeting out of the sky by a BSOD.:rolleyes:
 

Gillette

Sexy Member
Joined
Apr 2, 2006
Posts
6,214
Media
4
Likes
95
Points
268
Age
53
Location
Halifax (Nova Scotia, Canada)
Sexuality
100% Straight, 0% Gay
Gender
Female
This isn't aimed at you, dong...that quote above is utter bullshit.

Agreed. If they really want to provide the passengers with the extra perks (which no doubt they'll be paying through the nose for) they should just suck it up and have a separate satellite connection for that system as well.
 

EagleCowboy

Cherished Member
Joined
Feb 10, 2007
Posts
1,278
Media
4
Likes
476
Points
228
Location
TEXAS
Sexuality
50% Straight, 50% Gay
Gender
Male
The company argued that a minimum amount of communication between the networks is necessary..." <---------------Complete bullshit!! No interaction of systems is necessary. They can be completely physically separate and still have the best of both worlds.

Another thing that concerns me is that the planes are running Windows systems. This is a very bad thing as everyone knows that Windows is NOT reliable nor stable and is far too easily hacked. I will most certainly never trust my life to anything running Windows or some other Microsoft product.

I can see it now. Hijacking has now been made so easy. Plug your laptop into the system, hack the plane, and instead of flying to Paris, hijack it to Nigeria and no one gets hurt or maybe even knows what's going on. And you never have to leave the seat or threaten anyone. Heaven forbid anyone should be suicidal and wanting to crash the plane.
 

SteveHd

Sexy Member
Joined
Jun 19, 2006
Posts
3,678
Media
0
Likes
79
Points
183
Location
Daytona
Sexuality
90% Gay, 10% Straight
Gender
Male
I don't know about missile launch systems but the military does use a custom version of Win2000 for a lot of key systems. It's substantially modified versus the consumer version and some of the mods are classified. The servers are essentially dedicated to a single or just a few tasks. Many such servers can run years without having to be booted.

Getting back to the 787, something that amazes me is the sales rate. They've booked orders for 800+ ... which to me is astounding. It's a "clean sheet" design and isn't yet in service. Many other large aircraft have needed a decade or more of sales to reach that number. The DC-10 only reached ~550.
 

dong20

Sexy Member
Joined
Feb 17, 2006
Posts
6,058
Media
0
Likes
28
Points
183
Location
The grey country
Sexuality
No Response
I don't know about missile launch systems but the military does use a custom version of Win2000 for a lot of key systems. It's substantially modified versus the consumer version and some of the mods are classified. The servers are essentially dedicated to a single or just a few tasks. Many such servers can run years without having to be booted.

Yes, hence me referring to it as a derivative of Windows 2000. You may be right about precise application but I did a quick Google. I've not really looked deeper as it was a tangent. Windows 2000 was the best version of windows ever, I was sorry when it was superseded.

Navy carrier to run Win 2000
'Son of Windows' to control carrier

Getting back to the 787, something that amazes me is the sales rate. They've booked orders for 900+ ... which to me is astounding. It's a "clean sheet" design and isn't yet in service. Many other large aircraft have needed a decade or more of sales to reach that number. The DC-10 only reached ~550.

The order sheet is indeed very impressive (though the highest figure I saw was about 820 and other sources citing around the 790 mark). However, that doesn't make it a safe and reliable aircraft or one well regarded by passengers, merely a well marketed one. I'm sure it will be both but issues such as this don't inspire confidence in security when it's already a key concern to many.
 

JustAsking

Sexy Member
Joined
Nov 23, 2004
Posts
3,217
Media
0
Likes
33
Points
268
Location
Ohio
Sexuality
100% Straight, 0% Gay
Gender
Male
Windows 2000 was an improved version of Windows NT, which in turn was designed by David Culter of DEC, who was the chief architect of VMS. The vulnerability of Windows OSs in the past is no surprise since MS came from a desktop culture rather than a data center culture.

However, being the biggest target, their vulnerabilities were readily exploited by hackers who were successful and well publicized. However, good security has become an essential component of Microsoft's survival, since the big money is in server OSs and server software.

Being a child of VMS, its not outrageous to suggest that there is a government modified version of Windows 2000 that is highly reliable and highly secure.

However, being in the software development business for 25 years, I say there is no way to trust a company who says their system is 100&#37; secure. The idiocy and arrogance of that statement alone casts more doubts on the security of the 787's system than anything else one could say.

As many have said here, the best security is complete isolation. It is not 100% guaranteed, but a company like Boeing could easily create an isolated secure system that would take immense resources to break into it. Once that point is reached, anyone wanting to create mayhem would simply choose another target for their work, since taking over a single plane would not be worth the expense and time at that point.

So I am advocating that Boeing can create a suffiently secure system such that it would simply be uneconomical to hack into it.

For example, our best encryption technologies are theoretically hackable, except it would take an outrageous amount of time and money and equipment to hack them. It is simply uneconomical at this point in time.
 

SpeedoGuy

Sexy Member
Joined
May 18, 2004
Posts
4,166
Media
7
Likes
41
Points
258
Age
60
Location
Pacific Northwest, USA
Sexuality
99% Straight, 1% Gay
Gender
Male
I
Getting back to the 787, something that amazes me is the sales rate. They've booked orders for 900+ ... which to me is astounding. It's a "clean sheet" design and isn't yet in service. Many other large aircraft have needed a decade or more of sales to reach that number. The DC-10 only reached ~550.

I think Boeing's competetive strategy against Airbus was not to build another large monster to match the A-380. Rather, Boeing's strategy was to design the 787 for high fuel efficiency and long range. With fuel prices going the way they are, that may explain all the orders.
 

SteveHd

Sexy Member
Joined
Jun 19, 2006
Posts
3,678
Media
0
Likes
79
Points
183
Location
Daytona
Sexuality
90% Gay, 10% Straight
Gender
Male
Note: the sales to date are 800+ ... I updated my previous post.

*I fact-checked my ass versus the Boeing website.*
 

HazelGod

Sexy Member
Joined
Dec 11, 2006
Posts
7,154
Media
1
Likes
31
Points
183
Location
The Other Side of the Pillow
Sexuality
99% Straight, 1% Gay
Gender
Male
However, being in the software development business for 25 years, I say there is no way to trust a company who says their system is 100% secure. The idiocy and arrogance of that statement alone casts more doubts on the security of the 787's system than anything else one could say.

So true...remember when Oracle donkey punched themselves a few years back with that "unbreakable" campaign of theirs?
 

dong20

Sexy Member
Joined
Feb 17, 2006
Posts
6,058
Media
0
Likes
28
Points
183
Location
The grey country
Sexuality
No Response
....its not outrageous to suggest that there is a government modified version of Windows 2000 that is highly reliable and highly secure.

Not at all outrageous. Microsoft Federal Systems presumably create such versions for bespoke applications, like the naval carrier mentioned already.

However, being in the software development business for 25 years, I say there is no way to trust a company who says their system is 100&#37; secure. The idiocy and arrogance of that statement alone casts more doubts on the security of the 787's system than anything else one could say.

Exactly my point. And it's rather like painting a big set of concentric circles on something.

So I am advocating that Boeing can create a suffiently secure system such that it would simply be uneconomical to hack into it.

I agree, my main argument was with the systems builders statement rather than the real practical risk. I doubt a conventional terrorist would bother with such a an oblique approach. A shoulder launched missile outside a major metropolitan airport would be more their style.

However a more intelligent 'terrorist' could achieve more lasting and deeper financial damage were they able to embed or induce fatal flaws into the microcode as result of any weaknesses left open for questionable reasons. If people believed their airplane would plummet to earth on the press of a button due to hackers...well you can imagine.

It's been a little while since I did any meaningful software development and I know little of commercial aircraft software systems other than to be sure that if they're designed by humans, they're vulnerable to those humans with sufficient motivation to exploit any (inevitable) flaws.
 

JustAsking

Sexy Member
Joined
Nov 23, 2004
Posts
3,217
Media
0
Likes
33
Points
268
Location
Ohio
Sexuality
100% Straight, 0% Gay
Gender
Male
...However a more intelligent 'terrorist' could achieve more lasting and deeper financial damage were they able to embed or induce fatal flaws into the microcode as result of any weaknesses left open for questionable reasons. If people believed their airplane would plummet to earth on the press of a button due to hackers...well you can imagine...
Yes, I wasn't even thinking about that. Financial terrorism is an equally likely scenario. Financial terrorism leads to economic terrorism if it undermine people's trust in the technical infrastructure in the longterm.