Dropsafe

by Alec Muffett

FAA: Boeing’s New 787 May Be Vulnerable to Hacker Attack

Argh… “would the person in economy who is nmap’ing our navcom please stop, we need to steer”.

WiReD

Boeing’s new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane’s control systems, according to the U.S. Federal Aviation Administration.

The computer network in the Dreamliner’s passenger compartment, designed to give passengers in-flight internet access, is connected to the plane’s control, navigation and communication systems, an FAA report reveals.

The revelation is causing concern in security circles because the physical connection of the networks makes the plane’s control systems vulnerable to hackers. A more secure design would physically separate the two computer networks. Boeing said it’s aware of the issue and has designed a solution it will test shortly.

“This is serious,” said Mark Loveless, a network security analyst with Autonomic Networks, a company in stealth mode, who presented a conference talk last year on Hacking the Friendly Skies (PowerPoint). “This isn’t a desktop computer. It’s controlling the systems that are keeping people from plunging to their deaths. So I hope they are really thinking about how to get this right.”

Currently in the final stages of production, the 787 Dreamliner is Boeing’s new mid-sized jet, which will seat between 210 and 330 passengers, depending on configuration.

Boeing says it has taken more than 800 advance orders for the new plane, which is due to enter service in November 2008. But the FAA is requiring Boeing to demonstrate that it has addressed the computer-network issue before the planes begin service.

According to the FAA document published in the Federal Register (mirrored at Cryptome.org), the vulnerability exists because the plane’s computer systems connect the passenger network with the flight-safety, control and navigation network. It also connects to the airline’s business and administrative-support network, which communicates maintenance issues to ground crews.

[…]

continues at WiReD.

Hat Tip: Lou Springer. 🙂

Comments

6 responses to “FAA: Boeing’s New 787 May Be Vulnerable to Hacker Attack”

  1. Gilles Gravier

    Trusted networking, trusted operating system… I’ve heard that somewhere… oh wait, yes… Sun’s Solaris with Trusted Extensions.

    Now why hasn’t Boeing thought of that? 🙂

    Gilles.

    Reply
  2. diamond

    Reminds me of: http://www.triv.org.uk/~danny/images/bluetooth_airbus.jpg

    Reply
  3. Weex

    What? “She said the safeguards protect the critical networks from unauthorized access, but the company still needs to conduct lab and in-flight testing to ensure that they work.” Hello???

    Reply
  4. Nick Palmer

    I immediately thought of the Airbus cartoon as well; does this mean it’ll be worth taking one of http://www.pcpro.co.uk/reviews/145266/saitek-pro-flight-yoke-system.html on board in my carry on luggage….?

    Reply
  5. Louis F. Springer

    What basis is there for determining the level of the threat? Where is the threat analysis? The suggestion a security audit is in order seems pretty reasonable.

    For the specific point that this stuff is physically connected, what are the threats? What are the mitigations?

    At a risk of leaping to a solution without all the facts, I should think *at least* the same sort of mitigations would apply here as typically apply in financial systems, 911 call centers, and possibly “secure dark sites” for scary TLA. Lives are at stake in the case of security failures of the latter two examples, as they are in this case.

    All three of these situations generally imply physically separate, physically secure networks. This would seem to be the starting point for a typical solution. Anything else begs for a lot of justification that wouldn’t seem to be worth the relative cost difference.

    Reply
  6. Koen’s blog » Blog Archive » links for 2008-01-09

    […] FAA: Boeing’s New 787 May Be Vulnerable to Hacker Attack Boeing’s new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane’s control systems, according to the U.S. Federal Aviation Administration. (tags: boeing hack airplane networks security) […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts