Along with the standard spiels about exit rows and seat belts, flight attendents of the future might add this to their repetoires: “The captain has requested that all passengers close their browsers until he regains control of the aircraft.”
Recently the AP reported on a possible unintended consequence of offering Internet access to all passengers on Boeing’s 787 Dreamliner. Here’s an except:
Before Boeing Co.‘s new 787 jetliner gets the green light to fly passengers, the aircraft maker will have to prove that offering Internet access in the cabin won’t leave the flight controls vulnerable to hackers and hijackers.
Boeing claims it has engineered safeguards to shut out unauthorized users, but some security analysts worry navigation and communications systems could be vulnerable.
“The odds of this being perfect are zero,” said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. “It’s possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone’s done that.”
But Boeing spokeswoman Lori Gunter said 787’s aviation electronics “are not connected in any way to the Internet.”
Boeing has designed the 787 to allow airlines to offer passengers more in-flight entertainment and Internet options than previous planes have allowed.
Those new features and other aspects of 787’s computer network go beyond the scope of existing regulations, so the Federal Aviation Administration is requiring Boeing to show the new technology won’t pose a safety threat.
In a “special condition” the FAA has ordered Boeing to satisfy, the agency notes that the 787 “allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane.
“Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane.”
Read the entire AP report here.
– Ward
{ 14 comments… read them below or add one }
there’s not much to say about this from a technologist vs paranoia standpoint other than: this is stupid
wait, i feel i should elaborate instead of just leaving it at that. there is NO reason why flight and entertainment/passenger communications systems can’t or won’t be completely and physically separate. boeing would have to be intentionally incompetent in their systems designs to place any link between the two.
there are already two-way passenger satellite communications systems onboard, this wouldn’t be any different. the LAN would be connected to the passenger comms system and that’s it. there aren’t any systems on commercial aircraft that use 802.11 frequencies for any communications or controls.
this is simply the result of some paranoid technologically un-savvy politician or committee member trying to make waves.
Worried about hackers when we all know that the main danger is snakes inside the plane!
How do you hack pass an air-gap? Social engineer the flight attendant with a cross-over cable.
…give me a break…
Why would they connect the flight controls to the network?
The flight control computers are not going to be affected – this is a misunderstanding (and an understandable one, the way the article is worded).
Flight control computers are a completely isolated structure – each systems is. There are (3-4 usually to allow the identification of a failed computer). Each computer often runs on a seperate program to ensure that there aren’t any identical errors.
However here is the explanation – what they referred to in the experpt “allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane”
These isolated networks are data transfer for weather and/or other information that would be passed to the pilot – but nothing that can’t also be communicated via a radio.
Yes this affects the pilot decision (and thus flight safety) – but to be truthful it’s an exaggeration of a tiny problem. I personally think it’s more likely that someone would transmit false information on VHF to pilots, which is easier to accomplish.
Silly issue to raise when other threats are more significant (ie. small arms fire on landing a/c) – personally I think it’s a clear attack on Boeing’s integrity rather than anything else. (while I do work in aerospace, no I don’t work for Boeing – so it’s merely an outside opinion)
First off: I have never seen a mention of wireless for this system. Why are we assuming this is wireless? It is far more likely to be wired.
Second: The two systems should be physically separated. There is no good reason not to physically separate them, but Airbus seems to defend Boeing here (also from an AP report):
“Boeing rival Airbus SAS argues that the only way to satisfy the new requirement would be to physically separate the passenger information and entertainment systems from all other systems on the plane.
Airbus told the FAA in a written comment that such a solution “is not technically and operationally viable.”
Why not?
No, the avionics are not directly connected to the web, but apparently a physical path with only logical barriers exists. Is that really good enough in the real-world? To date, experience says ‘no’. Don’t forget, the security concerns do not just exist when a passenger is sitting in their seat on their laptop — the plane itself now has an address on the internet, and while it is on, anyone anywhere can be trying to get in. Given all of the attention to ‘cyber-warfare’ on this site you would think that some more people would be thinking of those ramifications. Maybe a nation-state isn’t going to hack your public airplane and bring it down, but what about a more sophisticated terrorist network? Maybe the current crop can’t, but don’t expect that to last.
Personally, I’ll side with the group who says physically separate it or leave it out. As Scneier said, It’s possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone’s done that.”
CH:
the plane does not have an address on the internet. the router has an address, the laptops have an address, the entertainment server has an address. it’s so fantastically easy to separate systems. anecdotal evidence: we have a closed network here at the office with no wireless access point. there isn’t ANYTHING that’s not connected to the physical network that can get into any of the nodes on that nework short of someone with some pretty advanced monitoring equipment next to the systems. at that point you’re compromised anyway.
another note: Norwegian Airlines just announced it would offer wireless internet etc on it’s flights:
http://news.yahoo.com/s/nm/20080115/wr_nm/norwegian_mobile_dc
Quantas is rolling it out in 2008, as is Virgin Atlantic. this isn’t some new frontier, it’s Airbus trying to stall the 787.
Seems to me that Boeing would have to intentionally engineer in some form of connectivity for the internet/entertainment systems to the aircraft ARINC and Mil-STD-1553 busses that the various aircraft avionics systems use to communicate with each other. It seems to me that it would be pretty simple to run a dedicated ethernet network throughout the aircraft for each passenger to plug their laptop into if they want to surf the net at Fl 380. Just put a jack at each seat and run it to a dedicated server with satellite access to the internet. Charge the customers a fee for connectivity and away you go. Then you simply have to figure a way to keep the server from being hacked, but at least there is no threat to the aircraft or its systems.
Why would anyone ever connect the two systems? The article certainly implies that
The only rational connection I would imagine that would make sense would be a shared power supply, and a simple fuse limiting power draw from the entertainment system ought to solve that problem.
C,
I’m not interested in a flamewar over this, but avoid the trivial semantics. The router has an address, it is on the plane. One can safely generalize and say the plane has an address. If someone offers to deliver something to your front door do you say you don’t have a front door, that your house has a front door? If someone says they have internet access do you tell them that they don’t, that it is their cable/adsl/whatever modem that has it? The avionics are apparently not on a closed system, so I can call it the plane’s address.
I m not opposed to internet connection on a plane. I agree with those raising concerns over an internet connection that is not completely and physically separated from the avionics systems on a plane. By physically separated, I do not mean a router or firewall, but complete physical separation. There should never be a chance for a packet to ever make it from one system to the other ever. Much like the closed network you mention in your office.
Things like routers/firewalls are not foolproof. Exploits do appear that allow ne’er-do-wells to gain complete administrative access to them. Once that happens your defenses are severely compromised.
Airbus was not sandbagging Boeing on this. They said that to meet the new requirements it would require two physically separate systems and that wasn’t viable. Sounds to me, like both are saying that the two systems must be interconnected.
“Boeing rival Airbus SAS argues that the only way to satisfy the new requirement would be to physically separate the passenger information and entertainment systems from all other systems on the plane.
Airbus told the FAA in a written comment that such a solution “is not technically and operationally viable.”
Let’s be honest, system security is expensive and complicated and it doesn’t sound like Boeing is offering a closed system, but rather one that is in some way interconnected. Why would an airline want to take this on?
On a side note, I don’t get why columns about cyberwar are popular and no one particularly argues the doomsday scenarios they offer, but somehow think that some commercial airliner is going to be any better protected.
CH, i’m not trying to start a flame war, but you must understand the principles of a closed system. i’ll redact my viewpoint that Airbus isn’t “sandbagging” Boeing when i see a white paper explaining why flight and entertainment systems have to be interconnected.
you know what, i’m going to cede here. regarding airbus vs boeing, i read that article wrong. carry on!
By the way, I couple of years ago I myself used wireless internet on a Lufthansa Boeing – but apparently the project was later abandoned