FAA: Terrorists Could Hack New Boeing Jetliner
Aviation regulators have refused to certify Boeing’s new 787 Dreamliner passenger jet until it redesigns its computer system to protect against … terrorists [using] the Dreamliner’s in-flight Internet system to connect to “systems critical to the safety and maintenance of the aircraft
I cannot even BEGIN to believe that anyone engineering an aircraft would have the entertainment network that delivers Video on Demand, Games, Information and general Data Services to each seat, and not have a COMPLETELY SEPERATE and AIR-GAPPED flight network which, you know, controls the fucking aircraft.
There’s just NO WAY that someone said “You know what’d save resources? We should totally integrate these things.”
Not a chance.
January 11, 2008 at 1:17 am
http://www.schneier.com/blog/archives/2008/01/hacking_the_boe.html
January 11, 2008 at 2:06 am
Ha, that’s a whole new dimension to ‘in-flight entertainment’.
It wouldn’t be terrorists, though, it’d be people just trying to see if they could.
January 11, 2008 at 2:30 am
“Hmm, lets see, can we make this thing do a loop-de-loop and then divert to Rio?”
January 11, 2008 at 2:48 am
“When I clear the level, all the seat-backs in First Class drop.”
“My Halo 3 experience will be way more authentic if we turn out all the interior lighting and drop the oxygen masks.”
January 11, 2008 at 2:10 am
I can see it more along the line of “Wouldn’t it be cool if we had, like, an on-board website, with pages that showed the location of the plane, and its altitude, and the temperature outside, and all that cool stuff. And maybe even something for the wanna-be pilots in the audience where they could see technical stuff, like the planes attitude, and whether the gear was up or down, or how the flaps are. It’d be really easy – we just tie into the flight control systems _here_….”
And then some kiddie in coach owns the webserver, and wonders what happen if you send a ‘set’ rather than a ‘get’ to engines.leftwing.thrustreverser.0
January 11, 2008 at 2:34 am
engines.leftwing.thrustreverser.0
SNMP much? 8P
January 11, 2008 at 6:41 am
Opto-isolation should suffice.
Just make sure that the sensor data is transmitted in a one-way fashion through a specially designed isolation module and that the network connectors are utterly incompatible between the instruments-and-control network (class 1, I believe such things are called) and whatever network is used for the unimportant network (class 2).
Actually, I’m not too keen on any kind of network being used for flight controls. Just one faulty transceiver can really screw things up.