backtop


Print 22 comment(s) - last by PandaBear.. on Jan 8 at 6:18 PM


  (Source: Seattle Times)
No, you can't crash a Boeing 787 from the in-seat Internet access

As if the next-generation aircraft race between Boeing and Airbus was not convoluted enough, a scathing report from Wired Magazine claims the new 787 Dreamliner aircraft contains serious flaws regarding its internal network security.

Boeing caught flak last year when it announced its standard configuration for the Dreamliner used a wireless passenger network -- dubbed the Passenger Information and Entertainment Domain. Eventually the company reversed its position on wireless networks; opting for the increased bandwidth of a wired network.

A network security analyst ironically interviewed by Wired claimed, "This isn’t a desktop computer. It's controlling the systems that are keeping people from plunging to their deaths. So I hope they are really thinking about how to get this right."

A Boeing engineer, speaking on background, disagrees with the "absurd" Wired post. Strongly. "This is not an issue about hacking an aircraft, this is an issue about how the FAA will regulate the wiring." 

The engineer assured DailyTech, "Yes, it's not a desktop computer. Desktop computers don't take tens of billions of dollars and 15 years to engineer."

The FAA cautionary statement, mirrored by transparency advocate Cryptome.org, states the following wordy summary:
The proposed architecture of the 787 is different from that of
existing production (and retrofitted) airplanes. It allows new kinds of
passenger connectivity to previously isolated data networks connected
to systems that perform functions required for the safe operation of
the airplane. Because of this new passenger connectivity, the proposed
data network design and integration may result in security
vulnerabilities from intentional or unintentional corruption of data
and systems critical to the safety and maintenance of the airplane.
The statement when not read in its entirety alludes that there are network vulnerabilities -- or at least the possibility for network vulnerabilities -- in the Dreamliner. 

Boeing spokeswoman Lori Gunter claims the document is "misleading" and that such networks do not pose a threat.  "There are places where the networks are not touching, and there are places where they are," she adds.

Specifically, one of the two in-flight networks, the Aircraft Information Domain, monitors the number of connections and connectivity of the passenger network.

The FAA would not comment on the document, but states the obvious risks of having such networks coexist pose a potential risk for passengers and crew.  The FAA concludes, on record:
The design shall prevent all inadvertent or malicious changes to, and all adverse impacts upon, all systems, networks, hardware, software, and data in the Aircraft Control Domain and in the Airline Information Domain from all points within the Passenger Information and Entertainment Domain.
At the end of the day, the FAA special conditions mandate only claims Boeing must take caution to prevent passenger networks from making changes to its in-flight network. Boeing sures claims

But then again, Boeing sometimes reverses its opinion on things -- on the fly.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

An unlikely possibility...
By Micronite on 1/7/2008 11:43:25 PM , Rating: 5
Couldn't and wouldn't Boeing separate the flight-important systems from the internet systems? I can see how they would transmit both Internet data and navigation data across the same pipe, but any engineer with common sense would isolate the two as much as possible.

Since I work in the memory industry, I understand the nasty potential of one flipped bit. So if I were engineering this, there would be plenty of CRC and ECC error detection to ensure nothing was getting messed up. I hardly think Boeing has overlooked this point.




RE: An unlikely possibility...
By jhinoz on 1/7/2008 11:50:35 PM , Rating: 5
just to be safe though, i shouldn't check out where i am on google earth in flight should i?


RE: An unlikely possibility...
By FITCamaro on 1/8/2008 7:33:17 AM , Rating: 2
The only potential problem there could be is the level to which the Passenger Information Network (PIN) was tested. In flight software, levels are assigned based on the criticality of the system. A system such as this would likely rate a DO-178B rating of D which means if it fails, it doesn't impact the planes ability to stay in the air.

This means that testing on this system would not have been as rigorous as that of the Aircraft Information Network (AIN) which would have to be certified to level A. Since the two systems probably share some of the same equipment, there could be bugs that might somehow creep into the AIN. It's remote but with software bugs, anything is possible.

About the only real thing I could think of though that a person could intentionally do would be to try a Denial of Service attack on the system. If the PIN and AIN share the same router, you could overload it with traffic and cause the slowdowns in the AINs packets getting delivered. Granted the router would be programmed do give priority to the AINs packets over those of the PINs.


RE: An unlikely possibility...
By helios220 on 1/8/2008 9:23:18 AM , Rating: 2
They are still being somewhat scant on the details of the vulnerabilities to this point, which I personally have no problem with. As long as the people who need to be aware (FAA, Boeing, Rockwell) why do we need to tell the rest of the world knowing specifically what they should start practicing?

That being said, in regards to D0-178B when two software partitions of different criticality levels share a common resource there has to be safeguards that prevent the lower criticality software from adversely impacting the higher criticality software (Health Monitors etc.) in order to achieve certification. While Boeing may not have actually pulled this off in their design, the FAA will likely not confer a level A certification on the system until they are satisfied.

I'm going to be intentionally vague as I've worked on 787 before but suffice to say with Ethernet alone and the ability to hit the right network you could in theory more than arbitrarily manipulate the flight displays. It all depends on the interconnectivity of these networks.

Personally, I think 787 is kind of a rush job and that a serious network vulnerability may have existed at one point late into the design but I am very very skeptical that ZeroCool and The Plauge are going to be bringing down any 787's anytime soon.


RE: An unlikely possibility...
By TheDoc9 on 1/8/2008 11:16:18 AM , Rating: 5
This isn't a hollywood movie, I don't believe for one second that anyone could manipulate in flight displays or take over any part of a plane. There may be company software that allows someone limited access to these things but otherwise wired magazine should get back to reality and stop making things up and throwing in sensationalist journalism for something they don't understand.


RE: An unlikely possibility...
By helios220 on 1/8/2008 4:02:58 PM , Rating: 4
You are very correct, it is not a Hollywood movie. If it were the act of 'taking over' any element of the plane would be achieved by navigating some three-dimensional landscape covered in quasi-matrix computer code or by somehow typing on 15 different command prompts at once.

Reality is obviously somewhat different, and whether or not you believe it is entirely possible. Is it going to happen? No, I never said that. I said that if I were somehow given access to some very specific Ethernet lines I could manipulate the flight displays. That being possible because I am very familiar with the software that runs the 787 flight displays and the specific protocols used by the graphics server used on the AFD-2100 ATS used for the primary flight displays.

If you didn't write the damn software for them could you do it? No I doubt it, but it's not quite a case of 'anyone' as much as it is 'very very few'. All of that is largely irrelevant because it's not going to happen, the network access isn't there and safeguards are in place for software of that criticality.


RE: An unlikely possibility...
By Yames on 1/8/2008 2:45:21 PM , Rating: 2
Based on this "Specifically, one of the two in-flight networks, the Aircraft Information Domain, monitors the number of connections and connectivity of the passenger network."

It sounds like these two networks may only be connected in where the AID sniffs or in some other limited way queries the passenger network. I am sure that Boeing has put in the correct effort in protecting the critical network systems on the AID. They may be more separate than this article makes them out to be.


It happens...
By hashmoney on 1/8/2008 1:02:40 AM , Rating: 5
Look what the Cylons did to the Battlestars in Battlestar Galactica. Only Galactica survived because of not having networked computers.




RE: It happens...
By ZoZo on 1/8/08, Rating: 0
RE: It happens...
By tdktank59 on 1/8/2008 2:56:52 AM , Rating: 2
Wheres the fun in that tho...


RE: It happens...
By KitKat06 on 1/8/2008 2:50:54 PM , Rating: 2
There isn't any fun in it. That's the point. Real life for the loss.


RE: It happens...
By Ringold on 1/8/2008 5:04:32 PM , Rating: 2
Apparently Star Trek should be ignored because in The Original Series, Captain Pike's Enterprise had lasers and, holy cow, we know lasers today could NEVER be used in warfare!

I think the reference to BSG here was clearly for fun, but to take a wider view, I think we'd be pretty naive if we believed that the next war between two major powers didn't involve both sides attempting to do exactly what the Cylon's did to the Colonials; mass disruption of all computer networks, particularly with respect to communication networks.

SciFi often attempts to discuss current-era and near-future issues and problems by moving them in to the future and making it entertaining; social human issues as well as political and military ones. Every episode of The Next Generation, for example, tried to preach a social lesson. Moore's version of BSG, in contrast, simply shows the darker side of man that we all know exists (just as Deep Space 9 did with the Dominion War story arc), and the Cylon network infiltration thing was entertaining -- and not at all implausible.

It was basically your standard Windows trojan horse, anyway. That hardly sounds like "fiction" to me. If it is, why oh why do I pay for ESET to protect me from them?


Ironic interview or ironic claim?
By C'DaleRider on 1/8/2008 4:24:31 AM , Rating: 2
quote:
A network security analyst ironically interviewed by Wired claimed...


I don't think you really meant what was written above, did you? How do you ironically interview anyone?

I believe the sentence should have been written, "A network security analyst interviewed by Wired claimed ironically...."




By RIPPolaris on 1/8/2008 4:43:42 AM , Rating: 2
I think they do mean ironic interview, since Wired is the same publication that released the scathing review.


By James Holden on 1/8/2008 5:27:53 AM , Rating: 4
quote:
Eventually the company reversed its position on wireless networks; opting for the increased bandwidth of a wired network.

A network security analyst ironically interviewed by Wired claimed...

It's a double entendre guised in the irony that "Wired" networks started this whole mess...


Funny...
By zaxxon on 1/8/2008 7:19:46 AM , Rating: 2
>The engineer assured DailyTech, "Yes, it's not a desktop
>computer. Desktop computers don't take tens of billions of
>dollars and 15 years to engineer."

Yes, not computers. Those are operating systems. Vista springs to mind.




RE: Funny...
By Micronite on 1/8/2008 9:12:59 AM , Rating: 2
And Duke Nukem Forever


RE: Funny...
By KitKat06 on 1/8/2008 2:52:18 PM , Rating: 1
buhuhuh. Vista. The only part that I currently like better then XP, is the cool window animation thingy mabobber, and the fact that it makes cute little noises at me when it feels like being obnoxious. Otherwise, I'd take XP over it any day : /


I'm confused
By TP715 on 1/8/2008 2:11:30 PM , Rating: 2
I'm confused by the article and the posts. The FAA blurb clearly seems to imply the passenger/entertainment network is connected to the flight control network. Is that true? I don't know about you, but I'd prefer those networks to be physically separate, not "separated" by software and/or protocols. Is Boeing trying to save weight by using the same network?




RE: I'm confused
By PandaBear on 1/8/2008 6:18:40 PM , Rating: 2
I am sure it is cheaper to separate the 2 network physically (even in 2 separate metal tube just to prevent fire from one to the other) to lower insurance and certification/testing cost. Let alone the amount of engineering needed to keep the passangers network cheap and affordable, rather than up to the aero graded safety of the flight control network.

Separate the 2, problem solved (cheap).


why not
By ikkeman on 1/8/2008 11:50:22 AM , Rating: 2
why not build two completely seperate systems. They have 3 control systems already, why not double and seperate wiring for the IFE?. Surely the added weight is less than the 20% weight gain from using composites?
Why would you design an aircraft system that "Could" be hacked. Just seperate the hell out of it - it will also allow airlines to more easily modify and costumize their IFE. I'm sure the bandwith is more than adequate for today but these birds will be flying for 20-30 years (if the composites prove to be as long lived as hoped). How does your bandwidth use today compare with 20 years ago?

Why don't wired and the FAA addres the real vulnerability - the aircraft will be linked through IP's to the maintenace base (I think, may be wrong)... someone shut down an engine in flight please...




O Wi-fi were art thou....
By HighWing on 1/8/2008 2:26:08 PM , Rating: 1
and the great thing about this will be that by the time it gets in the air, no one will have a wired connection on their laptops because everything will have gone wireless.

*laughs* well maybe not so, but I can't help but think of how this is limiting to laptops, when more and more people are moving to smaller devices like UMPC's and smart phones.




"We are going to continue to work with them to make sure they understand the reality of the Internet.  A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki