FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack

Christopher Brian Colohan schrieb:

7. Surveilance cams. Each tray table has a built in webcam which
lets passengers videoconference from the comfort of their own chair!
From the flight deck pilots can also turn on any camera they please to
check out suspicious passengers, or to relieve boredom. This data is
also interleved on an uplink to ATC so they can keep an eye on the
sky.

you meant the DHS.

but maybe one can vote the "chick of the flight"?

6. More efficient multicast. What if a passenger is downloading a
GPS firmware update, and the flight deck is downloading the same
update at the same time? You wouldn't want to transmit those bits
twice -- if they share a common network multicast can be used to
improve performance.

multicast ... my ass. you mean they start useful and working multicast
first on planes (before they do so IRL)?

#m
--
beware of the .sig-monster!

Martin Hotze writes:
6. More efficient multicast. What if a passenger is downloading a
GPS firmware update, and the flight deck is downloading the same
update at the same time? You wouldn't want to transmit those bits
twice -- if they share a common network multicast can be used to
improve performance.

multicast ... my ass. you mean they start useful and working multicast
first on planes (before they do so IRL)?

Are you saying that, given my example, if this worked well it would be
_useful_?

Hmmm. I have to recalibrate here...

Chris

Christopher Brian Colohan wrote in
:

Bob Noel writes:
1) Exactly what is the extent of the connection (physical and
logical) between cabin systems and cockpit systems? Unfortunately,
the specifics are likely to be considered proprietary and not in the
public domain.

2) Why have any connection at all?

Top 10 reasons why there is a connection between the entertainment and
flight control system:

10. Each seatback computer has a CPU and RAM in it. Can you imagine
a Beowulf cluster of all of these computers? What a powerful machine!
This cluster soaks up spare machine cycles predict the weather that
the plane is about to encounter.

9. Counter-terrorism. Each seatback can run a flight simulator
program. To increase realism, it gets real data from the flight deck,
making the simulation more entertaining. If a passenger has the magic
unlock code, they can enable the reverse connection -- taking control
of the plane. Normally only the undercover air marshals have the
codes, but if hijackers enter the flight deck then the codes are
broadcast to all of the passengers in the plane.

8. Cool screen savers. In addition to the "plane's current position
on a map" display, you can watch the fuel levels, control surface
deflections, autopilot programming, and current radio frequencies.
The plane compares the pilot's performance to an internal model of an
idealized pilot, and shows the passengers what the pilot is doing
right or wrong. A special game mode lets you pilot a simulated plane
and see if you can out-score the real pilot.

7. Surveilance cams. Each tray table has a built in webcam which
lets passengers videoconference from the comfort of their own chair!
From the flight deck pilots can also turn on any camera they please to
check out suspicious passengers, or to relieve boredom. This data is
also interleved on an uplink to ATC so they can keep an eye on the
sky.

6. More efficient multicast. What if a passenger is downloading a
GPS firmware update, and the flight deck is downloading the same
update at the same time? You wouldn't want to transmit those bits
twice -- if they share a common network multicast can be used to
improve performance.

Okay, I ran out of ideas. Perhaps you can help finish this list?

Chris

5. Immedate posting to YouTube of any Mile High Club activity caught
on the concealed video cameras.

--
Marty Shapiro
Silicon Rallye Inc.

(remove SPAMNOT to email me)

Larry Dighera wrote:
How naïve of Bowing to think that there computer is not hackable:


How naïve of Larry to look to Wired for news on any subject. The entire
article is based on an FAA document that is calling for certification
requirements that assure that in the 787 and the aircraft like that will
come in the future are secure from being hacked.

On Mon, 07 Jan 2008 10:37:21 -0600, Gig601XLBuilder
wrote in
:

Larry Dighera wrote:
How naïve of Bowing to think that their computer is not hackable:

The entire article is based on an FAA document that is calling for certification
requirements that assure that in the 787 and the aircraft like that will
come in the future are secure from being hacked.

The Wired story is based on more than the FAA document:

"This is serious," said Mark Loveless, a network security analyst
with Autonomic Networks, a company in stealth mode, who presented
a conference talk last year on Hacking the Friendly Skies
(PowerPoint). "This isn’t a desktop computer. It's controlling the
systems that are keeping people from plunging to their deaths. So
I hope they are really thinking about how to get this right."

...

Boeing spokeswoman Lori Gunter said the wording of the FAA
document is misleading, and that the plane's networks don't
completely connect.

Gunter wouldn't go into detail about how Boeing is tackling the
issue but says it is employing a combination of solutions that
involves some physical separation of the networks, known as "air
gaps," and software firewalls. Gunter also mentioned other
technical solutions, which she said are proprietary and didn't
want to discuss in public.

"There are places where the networks are not touching, and there
are places where they are," she said.

Gunter added that although data can pass between the networks,
"there are protections in place" to ensure that the passenger
internet service doesn't access the maintenance data or the
navigation system "under any circumstance."

She said the safeguards protect the critical networks from
unauthorized access, but the company still needs to conduct lab
and in-flight testing to ensure that they work. This will occur in
March when the first Dreamliner is ready for a test flight.

Are you familiar with the term buffer-overrun?

Larry Dighera wrote in
:

On Mon, 07 Jan 2008 10:37:21 -0600, Gig601XLBuilder
wrote in
:

Larry Dighera wrote:
How naïve of Bowing to think that their computer is not hackable:

The entire article is based on an FAA document that is calling for
certification
requirements that assure that in the 787 and the aircraft like that
will come in the future are secure from being hacked.

The Wired story is based on more than the FAA document:

"This is serious," said Mark Loveless, a network security analyst
with Autonomic Networks, a company in stealth mode, who presented
a conference talk last year on Hacking the Friendly Skies
(PowerPoint). "This isn’t a desktop computer. It's controlling the
systems that are keeping people from plunging to their deaths. So
I hope they are really thinking about how to get this right."

...

Boeing spokeswoman Lori Gunter said the wording of the FAA
document is misleading, and that the plane's networks don't
completely connect.

Gunter wouldn't go into detail about how Boeing is tackling the
issue but says it is employing a combination of solutions that
involves some physical separation of the networks, known as "air
gaps," and software firewalls. Gunter also mentioned other
technical solutions, which she said are proprietary and didn't
want to discuss in public.

"There are places where the networks are not touching, and there
are places where they are," she said.

Gunter added that although data can pass between the networks,
"there are protections in place" to ensure that the passenger
internet service doesn't access the maintenance data or the
navigation system "under any circumstance."

She said the safeguards protect the critical networks from
unauthorized access, but the company still needs to conduct lab
and in-flight testing to ensure that they work. This will occur in
March when the first Dreamliner is ready for a test flight.

Are you familiar with the term buffer-overrun?


Are you familiar with the term "Give up"?



Bertie

Larry Dighera writes:

Are you familiar with the term buffer-overrun?

It's a good way to identify incompetent programmers.

Mxsmanic wrote in
:

Larry Dighera writes:

Are you familiar with the term buffer-overrun?

It's a good way to identify incompetent programmers.


Like you?


Bertie

Another article on the subject:


http://cs.schwab.com/clicker/cli?req...sfaaaaardcvupm
Boeing claims it has engineered safeguards to shut out
unauthorized users, but some security analysts worry navigation
and communications systems could be vulnerable.

"The odds of this being perfect are zero," said Bruce Schneier,
chief technology officer at the security services firm BT
Counterpane*. "It's possible Boeing can make their connection to
the Internet secure. If they do, it will be the first time in
mankind anyone's done that."
...



* http://bt.counterpane.com/