FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack

Mxsmanic wrote in
:

John Mazor writes:

The R.A.P. Irony-O-Meter just pegged over to the stop.

Why?


There it goes again.


Bertie

"Mxsmanic" wrote in message
...
John Mazor writes:

The R.A.P. Irony-O-Meter just pegged over to the stop.

Why?

Why not?

On Sun, 06 Jan 2008 07:54:34 -0500, Bob Noel
wrote in
:


Notice that the Special Condition published in the 13 April 2007 Federal
Register (and later on 2 Jan 2008) adds the following requirement
for the 787 Type Certificate:

"The design shall prevent all inadvertent or malicious changes
to, and all adverse impacts upon, all systems, networks, hardware,
software, and data in the Aircraft Control Domain and in the Airline
Information Domain from all points within the Passenger Information
and Entertainment Domain."

If complied with, why complain?

Apparently Boeing is not currently in compliance, hence the conflict
with FAA over certification of the Dreamliner.

In article ,
Larry Dighera wrote:

On Sun, 06 Jan 2008 07:54:34 -0500, Bob Noel
wrote in
:


Notice that the Special Condition published in the 13 April 2007 Federal
Register (and later on 2 Jan 2008) adds the following requirement
for the 787 Type Certificate:

"The design shall prevent all inadvertent or malicious changes
to, and all adverse impacts upon, all systems, networks, hardware,
software, and data in the Aircraft Control Domain and in the Airline
Information Domain from all points within the Passenger Information
and Entertainment Domain."

If complied with, why complain?

Apparently Boeing is not currently in compliance, hence the conflict
with FAA over certification of the Dreamliner.

What conflict?

--
Bob Noel
(goodness, please trim replies!!!)

On Sun, 06 Jan 2008 14:18:41 -0500, Bob Noel
wrote in
:

Apparently Boeing is not currently in compliance, hence the conflict
with FAA over certification of the Dreamliner.

What conflict?



http://www.wired.com/politics/securi...liner_security
Boeing's new 787 Dreamliner passenger jet may have a serious
security vulnerability in its onboard computer networks that could
allow passengers to access the plane's control systems, according
to the U.S. Federal Aviation Administration.

Larry Dighera wrote in
:

On Sun, 06 Jan 2008 14:18:41 -0500, Bob Noel
wrote in
:

Apparently Boeing is not currently in compliance, hence the conflict
with FAA over certification of the Dreamliner.

What conflict?



http://www.wired.com/politics/securi...liner_security
Boeing's new 787 Dreamliner passenger jet may have a serious
security vulnerability in its onboard computer networks that could
allow passengers to access the plane's control systems, according
to the U.S. Federal Aviation Administration.


Wow, you even think like a policeman.


Bertie

In article ,
Larry Dighera wrote:

On Sun, 06 Jan 2008 14:18:41 -0500, Bob Noel
wrote in
:

Apparently Boeing is not currently in compliance, hence the conflict
with FAA over certification of the Dreamliner.

What conflict?



http://www.wired.com/politics/securi...liner_security
Boeing's new 787 Dreamliner passenger jet may have a serious
security vulnerability in its onboard computer networks that could
allow passengers to access the plane's control systems, according
to the U.S. Federal Aviation Administration.

Larry, I don't see a conflict there between the FAA and Boeing.

--
Bob Noel
(goodness, please trim replies!!!)

On Jan 6, 6:54*am, Bob Noel
wrote:


Notice that the Special Condition published in the 13 April 2007 Federal
Register *(and later on 2 Jan 2008) adds the following requirement
for the 787 Type Certificate:

"The design shall prevent all inadvertent or malicious changes
to, and all adverse impacts upon, all systems, networks, hardware,
software, and data in the Aircraft Control Domain and in the Airline
Information Domain from all points within the Passenger Information
and Entertainment Domain."

If complied with, why complain?

Bob Noel

If they can safely accomplish this, that's great. I hope they do.
But just because the FAA writes a regulation saying it should be
foolproof, that doesn't mean it will be.

Phil

If Boeing does make a coupled cabin/flight control system initially
'foolproof', there always seems to be some unanticipated vulnerability a
bright, driven hacker could exploit. Also, software and hardware is
periodically fixed and improved. It is the nature of such complex systems
that later generations of developers will not completely understand the
built-in safeguards and may make the system more vulnerable.
Not allowing data to flow between the two systems is the safe way to avoid
later problems.

--
Best Regards,
Mike

http://photoshow.comcast.net/mikenoel


"Phil J" wrote in message
...
On Jan 6, 6:54 am, Bob Noel
wrote:


Notice that the Special Condition published in the 13 April 2007 Federal
Register (and later on 2 Jan 2008) adds the following requirement
for the 787 Type Certificate:

"The design shall prevent all inadvertent or malicious changes
to, and all adverse impacts upon, all systems, networks, hardware,
software, and data in the Aircraft Control Domain and in the Airline
Information Domain from all points within the Passenger Information
and Entertainment Domain."

If complied with, why complain?

Bob Noel

If they can safely accomplish this, that's great. I hope they do.
But just because the FAA writes a regulation saying it should be
foolproof, that doesn't mean it will be.

Phil

Bob Noel writes:
1) Exactly what is the extent of the connection (physical and logical) between
cabin systems and cockpit systems? Unfortunately, the specifics are likely
to be considered proprietary and not in the public domain.

2) Why have any connection at all?

Top 10 reasons why there is a connection between the entertainment and
flight control system:

10. Each seatback computer has a CPU and RAM in it. Can you imagine
a Beowulf cluster of all of these computers? What a powerful machine!
This cluster soaks up spare machine cycles predict the weather that
the plane is about to encounter.

9. Counter-terrorism. Each seatback can run a flight simulator
program. To increase realism, it gets real data from the flight deck,
making the simulation more entertaining. If a passenger has the magic
unlock code, they can enable the reverse connection -- taking control
of the plane. Normally only the undercover air marshals have the
codes, but if hijackers enter the flight deck then the codes are
broadcast to all of the passengers in the plane.

8. Cool screen savers. In addition to the "plane's current position
on a map" display, you can watch the fuel levels, control surface
deflections, autopilot programming, and current radio frequencies.
The plane compares the pilot's performance to an internal model of an
idealized pilot, and shows the passengers what the pilot is doing
right or wrong. A special game mode lets you pilot a simulated plane
and see if you can out-score the real pilot.

7. Surveilance cams. Each tray table has a built in webcam which
lets passengers videoconference from the comfort of their own chair!
From the flight deck pilots can also turn on any camera they please to
check out suspicious passengers, or to relieve boredom. This data is
also interleved on an uplink to ATC so they can keep an eye on the
sky.

6. More efficient multicast. What if a passenger is downloading a
GPS firmware update, and the flight deck is downloading the same
update at the same time? You wouldn't want to transmit those bits
twice -- if they share a common network multicast can be used to
improve performance.

Okay, I ran out of ideas. Perhaps you can help finish this list?

Chris