FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack

How naïve of Bowing to think that there computer is not hackable:


http://www.wired.com/politics/securi...liner_security
Boeing's new 787 Dreamliner passenger jet may have a serious
security vulnerability in its onboard computer networks that could
allow passengers to access the plane's control systems, according
to the U.S. Federal Aviation Administration. The computer network
in the Dreamliner's passenger compartment, designed to give
passengers in-flight internet access, is connected to the plane's
control, navigation and communication systems, an FAA report
reveals...

According to the FAA document

http://frwebgate6.access.gpo.gov/cgi-bin/waisgate.cgi?WAISdocID=486816490816+0+0+0&WAISacti on=retrieve
published in the Federal Register (mirrored at Cryptome.org
http://cryptome.org/faa010208.htm), the vulnerability exists
because the plane's computer systems connect the passenger network
with the flight-safety, control and navigation network. It also
connects to the airline's business and administrative-support
network, which communicates maintenance issues to ground crews...

Out of the frying pan:


http://cs.schwab.com/clicker/cli?req...pkaaaaarcliw2r
10:00 AM 12/24/07

In-Flight Net Providers: Lessons Learned

Airlines and service providers seeking to deliver high-speed
Internet services to passengers say they've learned from Boeing
Co.'s 2006 decision to pull the plug on its ambitions to outfit
its planes with a similar service.

Analysts say Boeing's failed Connexion online service was costly
to install and operate, resulting in large expenditures before
getting a single paying customer. An industry wide downturn
triggered by the 2001 terrorist attacks made the system an even
tougher sell to struggling airlines.

Among other things, JetBlue Airways Corp., AMR Corp.'s American
Airlines and Virgin America are today turning to air-to-ground
connections to avoid Boeing's expensive satellite fees.

"We wanted to attack every one of the things that were inhibitors
in that first-generation system," said Jack Blumenstein, chief
executive of Aircell LLC, which is providing service for American
and Virgin.

JetBlue's LiveTV subsidiary paid the Federal Communications
Commission $7 million for wireless spectrum that one test JetBlue
aircraft has been using since Dec. 11 to communicate with about
100 cell towers spread across the continental United States.

The 1-megahertz frequency band allows that aircraft to offer free
e-mail and instant-messaging services on laptops and handheld
devices through Yahoo Inc. and BlackBerry maker Research In Motion
Ltd.

Aircell licensed a band three times the size of LiveTV's for $31
million and plans to offer broader Internet services, including
Web surfing, for about $10 a flight _ what Boeing had charged for
the first hour. Pending regulatory approval, Aircell's first
Internet-capable flight is expected on American in 2008, using 92
cell towers on the ground. ...

"Larry Dighera" wrote in message


How naïve of Bowing to think that there computer is not hackable:

I missed the part where Boeing claimed the computers were not
hackable, but your document did reveal "Boeing has been working on
the issue with the FAA for a number of years already." Seems to be
hardly a headline - unless the reader is an Airbus fan.

As a professional in the computer business, you should know that there
are virtually no computer systems that are not vulnerable to security
compromise.

The fact that computers are on the plane in and of itself is a "security
vulnerability" by your definition.

Connecting the cabin entertainment computer system to the
flight control computer is just plane ignorant.

The article you quoted had no specifics on the connections so I have no data
to judge the nature of the vulnerability. Please update us if you have those
specifics. Otherwise, you're just fanning anti-Boeing flames via ignorance.

Please cite a credible reason why the
in-flight entertainment computer system can't be isolated, and not
connected to other systems aboard the aircraft. There is none.

That must be why Boeing has been working with the FAA to correct the issue.

...speaks volumes about
Bowing management's cluelessness.

Pot. Kettle. Come back with facts rather than press releases and we'll have
something to discuss. Until then, you're just floundering in ignorance.

--
John T
http://sage1solutions.com/blogs/TknoFlyer
http://sage1solutions.com/products
NEW! FlyteBalance v2.0 (W&B); FlyteLog v2.0 (Logbook)
____________________

Larry Dighera writes:

As a professional in the computer business, you should know that there
are virtually no computer systems that are not vulnerable to security
compromise. Connecting the cabin entertainment computer system to the
flight control computer is just plane ignorant.

Agreed. The only way to keep the systems separate and secure is to eliminate
all physical connections between them ... but I'm sure that Boeing will
negligently fail to do this.

At least it's no longer necessary for terrorists to try to overpower the crew.
The airplane will crash and the crew will never even know why. The suicide
bomber will be replaced by a passenger with a laptop.

I'm no Airbus fan, but I believe the corruption within Boeing's
management that was exposed and prosecuted during Boeing's attempt to
lease air refueling tankers to the USAF recently speaks volumes about
Bowing management's cluelessness.

Perhaps they are losing their edge. No company can stay on top forever.

John T writes:

The fact that computers are on the plane in and of itself is a "security
vulnerability" by your definition.

By the definitions of many, in fact, but for different reasons.

The article you quoted had no specifics on the connections so I have no data
to judge the nature of the vulnerability. Please update us if you have those
specifics. Otherwise, you're just fanning anti-Boeing flames via ignorance.

If the networks have a physical connection between them, they are vulnerable.

That must be why Boeing has been working with the FAA to correct the issue.

The FAA knows nothing about resolving this type of issue, and apparently
Boeing doesn't, either (or it doesn't want to spend the time and money to do
it right).

Mxsmanic wrote in
:

Larry Dighera writes:

As a professional in the computer business, you should know that
there are virtually no computer systems that are not vulnerable to
security compromise. Connecting the cabin entertainment computer
system to the flight control computer is just plane ignorant.

Agreed. The only way to keep the systems separate and secure is to
eliminate all physical connections between them ... but I'm sure that
Boeing will negligently fail to do this.


No you aren;'t



At least it's no longer necessary for terrorists to try to overpower
the crew. The airplane will crash and the crew will never even know
why. The suicide bomber will be replaced by a passenger with a
laptop.

Yeah, right.



I'm no Airbus fan, but I believe the corruption within Boeing's
management that was exposed and prosecuted during Boeing's attempt to
lease air refueling tankers to the USAF recently speaks volumes about
Bowing management's cluelessness.

Perhaps they are losing their edge. No company can stay on top
forever.

Yeah, not like you would know of course, neverhaving been on top of
anything except your skid mark ridden chair.


bertie

Mxsmanic wrote in
:

John T writes:

The fact that computers are on the plane in and of itself is a
"security vulnerability" by your definition.

By the definitions of many, in fact, but for different reasons.

The article you quoted had no specifics on the connections so I have
no data to judge the nature of the vulnerability. Please update us if
you have those specifics. Otherwise, you're just fanning anti-Boeing
flames via ignorance.

If the networks have a physical connection between them, they are
vulnerable.

That must be why Boeing has been working with the FAA to correct the
issue.

The FAA knows nothing about resolving this type of issue, and
apparently Boeing doesn't, either (or it doesn't want to spend the
time and money to do it right).



Again, wrong

Bertie

On Jan 6, 1:09 pm, Mxsmanic wrote:

If the networks have a physical connection between them, they are vulnerable.


Surprise for you.
Aircraft have had computer systems for quite q while now.
maybe you should complain to Microsoft for not putting redundant
systems in your toy

On Jan 5, 12:55*pm, Larry Dighera wrote:
On Sat, 5 Jan 2008 13:21:29 -0500, "John T"
wrote in
:

"Larry Dighera" wrote in message

How naïve of Bowing to think that there computer is not hackable:

I missed the part where Boeing claimed the computers were not hackable, but
your document did reveal "Boeing has been working on the issue with the FAA
for a number of years already." Seems to be hardly a headline - unless the
reader is an Airbus fan.

As a professional in the computer business, you should know that there
are virtually no computer systems that are not vulnerable to security
compromise. *Connecting the cabin entertainment computer system to the
flight control computer is just plane ignorant. *It's akin to the
residents of Iowa choosing a candidate that rejects Darwin's theory of
evolution to lead our country. *Please cite a credible reason why the
in-flight entertainment computer system can't be isolated, and not
connected to other systems aboard the aircraft. *There is none.

I'm no Airbus fan, but I believe the corruption within Boeing's
management that was exposed and prosecuted during Boeing's attempt to
lease air refueling tankers to the USAF recently speaks volumes about
Bowing management's cluelessness. *

Based on the article, it sounds like the passenger system and the
aircraft control system share some network infrastructure. I'm sure
they will place firewalls between them, but I think it would be a lot
safer to physically separate them. Of course that would probably cost
more money and add complexity. But if I was a pilot of a 787, I
wouldn't want even the ghost of a chance for a passenger to get access
the flight control systems.

BTW, I'm not an Airbus fan. I support Boeing since they are an
American company. But I am a computer geek and I don't really trust
network firewalls to be unhackable.

Phil

On Sat, 5 Jan 2008 14:39:45 -0500, "John T"
wrote in
:

The fact that computers are on the plane in and of itself is a "security
vulnerability" by your definition.

No. I said:

Connecting the cabin entertainment computer system to the
flight control computer is just plane ignorant.

But your decision not to respond to that belies the insincerity of
your followup response.

On Sat, 5 Jan 2008 21:44:52 -0800 (PST), Phil J
wrote in
:

Based on the article, it sounds like the passenger system and the
aircraft control system share some network infrastructure. I'm sure
they will place firewalls between them, but I think it would be a lot
safer to physically separate them. Of course that would probably cost
more money and add complexity. But if I was a pilot of a 787, I
wouldn't want even the ghost of a chance for a passenger to get access
the flight control systems.


What could be the possible motivation be for Boeing to mingle the
cabin computer system accessible by the passengers with the aircraft
control system computer? I fail to understand why their connection is
such an issue, that Boeing would consider doing it, let alone fight
the FAA over it. How could it possibly be justified?

BTW, I'm not an Airbus fan. I support Boeing since they are an
American company.

Our country would be far better off if its consumers all felt the way
you do, but because they don't, it's becoming more and more difficult
to even find American made products in the marketplace. And the US
need for foreign petroleum in particular should never have been
permitted to occur. As it is, the US transfer of wealth to the
mid-east is financing those who plot against us. What were our
leaders thinking?

But I am a computer geek and I don't really trust
network firewalls to be unhackable.

Because it's likely the cabin entertainment computer is physically
access able from the cabin, it's even more vulnerable to attack.