Comments on: Hacking the Dreamliner?

By: vnl

vnl — Fri, 29 Feb 2008 13:10:30 +0000

By the way, I couple of years ago I myself used wireless internet on a Lufthansa Boeing — but apparently the project was later abandoned

By: C

Thu, 17 Jan 2008 05:16:14 +0000

you know what, i’m going to cede here. regarding airbus vs boeing, i read that article wrong. carry on!

By: C

Thu, 17 Jan 2008 04:53:33 +0000

CH, i’m not trying to start a flame war, but you must understand the principles of a closed system. i’ll redact my viewpoint that Airbus isn’t “sandbagging” Boeing when i see a white paper explaining why flight and entertainment systems have to be interconnected.

By: CH

CH — Wed, 16 Jan 2008 21:22:03 +0000

C,
I’m not interested in a flamewar over this, but avoid the trivial semantics. The router has an address, it is on the plane. One can safely generalize and say the plane has an address. If someone offers to deliver something to your front door do you say you don’t have a front door, that your house has a front door? If someone says they have internet access do you tell them that they don’t, that it is their cable/adsl/whatever modem that has it? The avionics are apparently not on a closed system, so I can call it the plane’s address.
I m not opposed to internet connection on a plane. I agree with those raising concerns over an internet connection that is not completely and physically separated from the avionics systems on a plane. By physically separated, I do not mean a router or firewall, but complete physical separation. There should never be a chance for a packet to ever make it from one system to the other ever. Much like the closed network you mention in your office.
Things like routers/firewalls are not foolproof. Exploits do appear that allow ne’er-do-wells to gain complete administrative access to them. Once that happens your defenses are severely compromised.
Airbus was not sandbagging Boeing on this. They said that to meet the new requirements it would require two physically separate systems and that wasn’t viable. Sounds to me, like both are saying that the two systems must be interconnected.
“Boeing rival Airbus SAS argues that the only way to satisfy the new requirement would be to physically separate the passenger information and entertainment systems from all other systems on the plane.
Airbus told the FAA in a written comment that such a solution “is not technically and operationally viable.“
Let’s be honest, system security is expensive and complicated and it doesn’t sound like Boeing is offering a closed system, but rather one that is in some way interconnected. Why would an airline want to take this on?
On a side note, I don’t get why columns about cyberwar are popular and no one particularly argues the doomsday scenarios they offer, but somehow think that some commercial airliner is going to be any better protected.

By: ohwilleke

ohwilleke — Wed, 16 Jan 2008 20:26:31 +0000

Why would anyone ever connect the two systems? The article certainly implies that
The only rational connection I would imagine that would make sense would be a shared power supply, and a simple fuse limiting power draw from the entertainment system ought to solve that problem.

By: BH

BH — Wed, 16 Jan 2008 18:39:03 +0000

Seems to me that Boeing would have to intentionally engineer in some form of connectivity for the internet/entertainment systems to the aircraft ARINC and Mil-STD-1553 busses that the various aircraft avionics systems use to communicate with each other. It seems to me that it would be pretty simple to run a dedicated ethernet network throughout the aircraft for each passenger to plug their laptop into if they want to surf the net at Fl 380. Just put a jack at each seat and run it to a dedicated server with satellite access to the internet. Charge the customers a fee for connectivity and away you go. Then you simply have to figure a way to keep the server from being hacked, but at least there is no threat to the aircraft or its systems.

By: C

Wed, 16 Jan 2008 16:05:14 +0000

CH:
the plane does not have an address on the internet. the router has an address, the laptops have an address, the entertainment server has an address. it’s so fantastically easy to separate systems. anecdotal evidence: we have a closed network here at the office with no wireless access point. there isn’t ANYTHING that’s not connected to the physical network that can get into any of the nodes on that nework short of someone with some pretty advanced monitoring equipment next to the systems. at that point you’re compromised anyway.
another note: Norwegian Airlines just announced it would offer wireless internet etc on it’s flights:
http://news.yahoo.com/s/nm/20080115/wr_nm/norwegian_mobile_dc
Quantas is rolling it out in 2008, as is Virgin Atlantic. this isn’t some new frontier, it’s Airbus trying to stall the 787.

By: CH

CH — Wed, 16 Jan 2008 15:29:05 +0000

First off: I have never seen a mention of wireless for this system. Why are we assuming this is wireless? It is far more likely to be wired.
Second: The two systems should be physically separated. There is no good reason not to physically separate them, but Airbus seems to defend Boeing here (also from an AP report):
“Boeing rival Airbus SAS argues that the only way to satisfy the new requirement would be to physically separate the passenger information and entertainment systems from all other systems on the plane.
Airbus told the FAA in a written comment that such a solution “is not technically and operationally viable.“
Why not?
No, the avionics are not directly connected to the web, but apparently a physical path with only logical barriers exists. Is that really good enough in the real-world? To date, experience says ‘no’. Don’t forget, the security concerns do not just exist when a passenger is sitting in their seat on their laptop — the plane itself now has an address on the internet, and while it is on, anyone anywhere can be trying to get in. Given all of the attention to ‘cyber-warfare’ on this site you would think that some more people would be thinking of those ramifications. Maybe a nation-state isn’t going to hack your public airplane and bring it down, but what about a more sophisticated terrorist network? Maybe the current crop can’t, but don’t expect that to last.
Personally, I’ll side with the group who says physically separate it or leave it out. As Scneier said, It’s possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone’s done that.”

By: Vstress

Vstress — Wed, 16 Jan 2008 10:21:25 +0000

The flight control computers are not going to be affected — this is a misunderstanding (and an understandable one, the way the article is worded).
Flight control computers are a completely isolated structure — each systems is. There are (3–4 usually to allow the identification of a failed computer). Each computer often runs on a seperate program to ensure that there aren’t any identical errors.
However here is the explanation — what they referred to in the experpt “allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane“
These isolated networks are data transfer for weather and/or other information that would be passed to the pilot — but nothing that can’t also be communicated via a radio.
Yes this affects the pilot decision (and thus flight safety) — but to be truthful it’s an exaggeration of a tiny problem. I personally think it’s more likely that someone would transmit false information on VHF to pilots, which is easier to accomplish.
Silly issue to raise when other threats are more significant (ie. small arms fire on landing a/c) — personally I think it’s a clear attack on Boeing’s integrity rather than anything else. (while I do work in aerospace, no I don’t work for Boeing — so it’s merely an outside opinion)

By: yrch

yrch — Wed, 16 Jan 2008 03:21:10 +0000

Why would they connect the flight controls to the network?