Boeing 787 grounded over hacking fears

Discussion in 'Et Cetera, Et Cetera' started by dong20, Jan 12, 2008.

  1. dong20

    Gold Member

    Joined:
    Feb 17, 2006
    Messages:
    6,130
    Likes Received:
    5
    Location:
    The grey country
    The Federal Aviation Authority (FAA) has grounded Boeing's new 787 airliner after concerns about the integrity of its computer systems.

    The FAA said last week that it was unhappy with the possibility of passengers being able to hack into the aircraft's flight systems using the data links built into each seat.

    "The proposed architecture of the 787 allows passenger connectivity to previously isolated data networks connected to systems that perform functions required to the safe operation of the airplane,"the FAA report stated.

    "This new passenger connectivity may result in security vulnerabilities from intentional corruption of data and systems critical to the safety of the airplane."

    Boeing has said that it is working with the FAA to resolve the problem and that it had already built a firewall between the systems.
    The manufacturer claims that the systems would be 100 per cent secure."

    Of course, this is mainstream media so somewhat alarmist ('grounding' an aircraft that has yet to fly for example) but the sheer arrogance (and naivety?) on the part of the manufacturer implied in that last line is what concerns me more than any actual risk, and indeed makes me more cautious.

    The full article is linked below where the next sentences read:

    "However, Bruce Schneier, chief technology officer at security firm BT Counterpane, said that the likelihood of the system being perfect is "zero" .

    "It is possible that Boeing can make the connection to the internet secure. If it does, it will be the first time that anyone has done so," he told Associated Press."

    Thank you, someone who knows what they're talking about.

    Boeing 787 grounded over hacking fears - vnunet.com

    Here's another link as the vnunet links I've posted before sometimes have not worked for some. Odd but on a quick look I can't see any related articles on the FAA website, hmm...why is that?

    Hacker risk to Boeing's 787 jet | Australian IT

    Of course, the problems with Airbus (and other) software should mean this sort of concern should be no surprise to anyone. 100% secure/reliable system or, rather, in this case separation of systems? Dream on.
     
  2. Gillette

    Gold Member

    Joined:
    Apr 2, 2006
    Messages:
    8,309
    Albums:
    1
    Likes Received:
    14
    Gender:
    Female
    Location:
    Nova Scotia
    If they wanted 100% security on the plane's system why didn't they isolate it completely?

    Two systems, one for the plane, one for the passengers.
     
  3. Mem

    Mem
    Gold Member

    Joined:
    Jul 4, 2006
    Messages:
    8,087
    Likes Received:
    8
    Gender:
    Male
    Location:
    FL
    There is always gonna be a jerk pilot who's password is PASSWORD.
     
  4. HazelGod

    Gold Member

    Joined:
    Dec 11, 2006
    Messages:
    7,531
    Albums:
    1
    Likes Received:
    9
    Gender:
    Male
    Location:
    The Other Side of the Pillow
    What stupidity.

    I find it difficult to believe that the design team ever seriously considered interconnecting the flight control systems with the Internet-facing networks.

    If they weren't already, the cockpit and FCS should have been on a physically isolated network. People can't hack what they can't connect to.
     
  5. dong20

    Gold Member

    Joined:
    Feb 17, 2006
    Messages:
    6,130
    Likes Received:
    5
    Location:
    The grey country
    I agree, this is from a similar article:

    "...Airbus, whose comments support Boeing, said that physically separating the passenger and flight networks -- one surefire method of stopping tampering -- means that passengers may not then have access to satellite and other network connections. The company argued that a minimum amount of communication between the networks is necessary..."

    It goes along with airborne use of cellphones. I mean if the world were to come to a sudden and catastrophic end, I'd doubt sending an email or a text message would be of much assistance.

    That said, yes, it would be nice to have web access on board but not at the risk of being sent plummeting out of the sky by a BSOD.:rolleyes:
     
  6. CUBE

    Gold Member

    Joined:
    May 28, 2005
    Messages:
    7,331
    Albums:
    2
    Likes Received:
    1,170
    Gender:
    Male
    Location:
    The OC
    amen
     
  7. HazelGod

    Gold Member

    Joined:
    Dec 11, 2006
    Messages:
    7,531
    Albums:
    1
    Likes Received:
    9
    Gender:
    Male
    Location:
    The Other Side of the Pillow
    This isn't aimed at you, dong...that quote above is utter bullshit.
     
  8. Gillette

    Gold Member

    Joined:
    Apr 2, 2006
    Messages:
    8,309
    Albums:
    1
    Likes Received:
    14
    Gender:
    Female
    Location:
    Nova Scotia
    Agreed. If they really want to provide the passengers with the extra perks (which no doubt they'll be paying through the nose for) they should just suck it up and have a separate satellite connection for that system as well.
     
  9. dong20

    Gold Member

    Joined:
    Feb 17, 2006
    Messages:
    6,130
    Likes Received:
    5
    Location:
    The grey country
    I agree and in that context; for necessary read, cheaper.:rolleyes:
     
  10. EagleCowboy

    EagleCowboy Well-Known Member

    Joined:
    Feb 10, 2007
    Messages:
    1,031
    Albums:
    1
    Likes Received:
    136
    Gender:
    Male
    Location:
    TEXAS
    The company argued that a minimum amount of communication between the networks is necessary..." <---------------Complete bullshit!! No interaction of systems is necessary. They can be completely physically separate and still have the best of both worlds.

    Another thing that concerns me is that the planes are running Windows systems. This is a very bad thing as everyone knows that Windows is NOT reliable nor stable and is far too easily hacked. I will most certainly never trust my life to anything running Windows or some other Microsoft product.

    I can see it now. Hijacking has now been made so easy. Plug your laptop into the system, hack the plane, and instead of flying to Paris, hijack it to Nigeria and no one gets hurt or maybe even knows what's going on. And you never have to leave the seat or threaten anyone. Heaven forbid anyone should be suicidal and wanting to crash the plane.
     
  11. dong20

    Gold Member

    Joined:
    Feb 17, 2006
    Messages:
    6,130
    Likes Received:
    5
    Location:
    The grey country
    Who told you that? No, they're not. Not even close.

    Though I've read that US nuclear a/c carrier CVN77 communications (incl missile launch systems) software runs on a derivative of Windows 2000.:eek:
     
  12. Gillette

    Gold Member

    Joined:
    Apr 2, 2006
    Messages:
    8,309
    Albums:
    1
    Likes Received:
    14
    Gender:
    Female
    Location:
    Nova Scotia
    What would happen if you hit ctrl+alt+delete too many times?:eek:
     
  13. SteveHd

    Gold Member

    Joined:
    Jun 19, 2006
    Messages:
    3,849
    Likes Received:
    6
    Gender:
    Male
    Location:
    Daytona
    I don't know about missile launch systems but the military does use a custom version of Win2000 for a lot of key systems. It's substantially modified versus the consumer version and some of the mods are classified. The servers are essentially dedicated to a single or just a few tasks. Many such servers can run years without having to be booted.

    Getting back to the 787, something that amazes me is the sales rate. They've booked orders for 800+ ... which to me is astounding. It's a "clean sheet" design and isn't yet in service. Many other large aircraft have needed a decade or more of sales to reach that number. The DC-10 only reached ~550.
     
  14. dong20

    Gold Member

    Joined:
    Feb 17, 2006
    Messages:
    6,130
    Likes Received:
    5
    Location:
    The grey country
    Yes, hence me referring to it as a derivative of Windows 2000. You may be right about precise application but I did a quick Google. I've not really looked deeper as it was a tangent. Windows 2000 was the best version of windows ever, I was sorry when it was superseded.

    Navy carrier to run Win 2000
    'Son of Windows' to control carrier

    The order sheet is indeed very impressive (though the highest figure I saw was about 820 and other sources citing around the 790 mark). However, that doesn't make it a safe and reliable aircraft or one well regarded by passengers, merely a well marketed one. I'm sure it will be both but issues such as this don't inspire confidence in security when it's already a key concern to many.
     
  15. JustAsking

    Gold Member

    Joined:
    Nov 23, 2004
    Messages:
    3,249
    Likes Received:
    3
    Gender:
    Male
    Location:
    Ohio
    Windows 2000 was an improved version of Windows NT, which in turn was designed by David Culter of DEC, who was the chief architect of VMS. The vulnerability of Windows OSs in the past is no surprise since MS came from a desktop culture rather than a data center culture.

    However, being the biggest target, their vulnerabilities were readily exploited by hackers who were successful and well publicized. However, good security has become an essential component of Microsoft's survival, since the big money is in server OSs and server software.

    Being a child of VMS, its not outrageous to suggest that there is a government modified version of Windows 2000 that is highly reliable and highly secure.

    However, being in the software development business for 25 years, I say there is no way to trust a company who says their system is 100&#37; secure. The idiocy and arrogance of that statement alone casts more doubts on the security of the 787's system than anything else one could say.

    As many have said here, the best security is complete isolation. It is not 100% guaranteed, but a company like Boeing could easily create an isolated secure system that would take immense resources to break into it. Once that point is reached, anyone wanting to create mayhem would simply choose another target for their work, since taking over a single plane would not be worth the expense and time at that point.

    So I am advocating that Boeing can create a suffiently secure system such that it would simply be uneconomical to hack into it.

    For example, our best encryption technologies are theoretically hackable, except it would take an outrageous amount of time and money and equipment to hack them. It is simply uneconomical at this point in time.
     
  16. SpeedoGuy

    Gold Member

    Joined:
    May 18, 2004
    Messages:
    4,229
    Albums:
    1
    Likes Received:
    10
    Gender:
    Male
    Location:
    Pacific Northwest, USA
    I think Boeing's competetive strategy against Airbus was not to build another large monster to match the A-380. Rather, Boeing's strategy was to design the 787 for high fuel efficiency and long range. With fuel prices going the way they are, that may explain all the orders.
     
  17. SteveHd

    Gold Member

    Joined:
    Jun 19, 2006
    Messages:
    3,849
    Likes Received:
    6
    Gender:
    Male
    Location:
    Daytona
    Note: the sales to date are 800+ ... I updated my previous post.

    *I fact-checked my ass versus the Boeing website.*
     
  18. HazelGod

    Gold Member

    Joined:
    Dec 11, 2006
    Messages:
    7,531
    Albums:
    1
    Likes Received:
    9
    Gender:
    Male
    Location:
    The Other Side of the Pillow
    So true...remember when Oracle donkey punched themselves a few years back with that "unbreakable" campaign of theirs?
     
  19. dong20

    Gold Member

    Joined:
    Feb 17, 2006
    Messages:
    6,130
    Likes Received:
    5
    Location:
    The grey country
    Not at all outrageous. Microsoft Federal Systems presumably create such versions for bespoke applications, like the naval carrier mentioned already.

    Exactly my point. And it's rather like painting a big set of concentric circles on something.

    I agree, my main argument was with the systems builders statement rather than the real practical risk. I doubt a conventional terrorist would bother with such a an oblique approach. A shoulder launched missile outside a major metropolitan airport would be more their style.

    However a more intelligent 'terrorist' could achieve more lasting and deeper financial damage were they able to embed or induce fatal flaws into the microcode as result of any weaknesses left open for questionable reasons. If people believed their airplane would plummet to earth on the press of a button due to hackers...well you can imagine.

    It's been a little while since I did any meaningful software development and I know little of commercial aircraft software systems other than to be sure that if they're designed by humans, they're vulnerable to those humans with sufficient motivation to exploit any (inevitable) flaws.
     
  20. JustAsking

    Gold Member

    Joined:
    Nov 23, 2004
    Messages:
    3,249
    Likes Received:
    3
    Gender:
    Male
    Location:
    Ohio
    Yes, I wasn't even thinking about that. Financial terrorism is an equally likely scenario. Financial terrorism leads to economic terrorism if it undermine people's trust in the technical infrastructure in the longterm.
     
Draft saved Draft deleted