It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack

page: 1
0

log in

join
share:

posted on Jan, 6 2008 @ 08:32 PM
link   

Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.

The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems, an FAA report reveals.

The revelation is causing concern in security circles because the physical connection of the networks makes the plane's control systems vulnerable to hackers. A more secure design would physically separate the two computer networks. Boeing said it's aware of the issue and has designed a solution it will test shortly.


src www.wired.com...

What the hell is Boeing thinking. While it's wonderful and very sky friendly to be able to provide Internet service to passengers surely they could have come up with a more sure-proof setup. Passenger PC activity regardless of their intentions should never even come close to navigational systems. From the article I get the impression that the PR machine is in full damage control and some of their statements are extremely disturbing. Like the one security analyst says:


This isn’t a desktop computer. It's controlling the systems that are keeping people from plunging to their deaths.


brill



posted on Jan, 7 2008 @ 06:00 PM
link   
Already being talked about in the aviation section if your interested.



posted on Jan, 7 2008 @ 07:29 PM
link   
Can you provide a link, I can't seem to find it.

thanks,
brill



posted on Jan, 7 2008 @ 10:25 PM
link   
reply to post by brill
 


not directly. The habit of offshoots in a thread on Boeings new orders has touched on it.
www.abovetopsecret.com...

If you want to discuss it I suggest the aviation section as thats where you'll get the most response. Your correct though that there is no actual thread dedicated to it yet.



posted on Jan, 8 2008 @ 01:12 AM
link   
I think you guys should really actually read the FAA report before listening to a magasine website trying to make a few bucks and a, so called 'security analyst' who has no clue about the 787. He even proves it in his quote:

It's controlling the systems that are keeping people from plunging to their deaths. So I hope they are really thinking about how to get this right."

Yep, he really HOPES they are 'thinking' about getting this right, ala he has absolutely no clue as to the risk and what Boeing has designed into the system to make it secure, he just HOPES it is.

I've said it before and I'll say it again, people who have no clue about aircraft, or anything for the matter, should not be making 'expert' statements.

How about we take a look at the REAL report, k?


For these (Novel or Unusual) design features, the applicable airworthiness
regulations do not contain adequate or appropriate safety standards for
protection and security of airplane systems
and data networks against
unauthorized access.

There are no safety standards for data networks in Aircraft.

These special conditions are issued for the Boeing Model 787-8
airplane.


These special conditions contain the additional
safety standards that the Administrator considers necessary to
establish a level of safety equivalent to that established by the
existing standards.

Special conditions are going to be put in place which will make the level of security equivalent to existing aircraft.


Scroll down and let's look at the actual Novel or Unusual Design Features:

It allows new kinds of
passenger connectivity to previously isolated data networks connected
to systems that perform functions required for the safe operation of
the airplane. Because of this new passenger connectivity, the proposed
data network design and integration may result in security vulnerabilities
from intentional or unintentional corruption of data
and systems critical to the safety and maintenance of the airplane
.
So because the passengers are connected to a network that is required for the safe operation of the airplane, there MAY be a risk, and that doesn't even touch on the security that Boeing has included in the system, nor does it touch on the level of security the 787 MUST adhere to, which are:



The Special Conditions

Accordingly, pursuant to the authority delegated to me by the
Administrator, the following special conditions are issued as part of
the type certification basis for the Boeing Model 787-8 airplane.

The design shall prevent all inadvertent or malicious changes
to, and all adverse impacts upon, all systems, networks, hardware,
software,
and data in the Aircraft Control Domain and in the Airline
Information Domain from all points within the Passenger Information
and Entertainment Domain.


But the FAA is requiring Boeing to demonstrate that it has addressed the computer-network issue before the planes begin service.

If the aircraft doesn't meet these standards, it won't get certified.

And now from someone actually from Boeing who can actually tell us what they've done to nullify the security risk.

Gunter wouldn't go into detail about how Boeing is tackling the issue but says it is employing a combination of solutions that involves some physical separation of the networks, known as "air gaps," and software firewalls.


Gunter also mentioned other technical solutions, which she said are proprietary and didn't want to discuss in public.

"There are places where the networks are not touching, and there are places where they are," she said.



"there are protections in place" to ensure that the passenger internet service doesn't access the maintenance data or the navigation system "under any circumstance."



She said the safeguards protect the critical networks from unauthorized access, but the company still needs to conduct lab and in-flight testing to ensure that they work. This will occur in March when the first Dreamliner is ready for a test flight.



Gunter said Boeing has been working on the issue with the FAA for a number of years already and was aware that the agency was planning to publish a "special conditions" document regarding the Dreamliner.


I have doubts a tem billion dollar program ran by the worlds most successful defense contractor, with over seventy billion dollars worth of commitments is going to have something as silly as a security problem, despite Boeing knowing about the requirement for many years, despite they've already included things to make it secure, and despite the plane has to be secure or it can't fly passengers.

Of course, it may still be possible to bypass the security, the still, the level of interconnectivity is still unclear, as is the level of security. I think it's still to early to conclude it's insecure, all the evidence points otherwise.

[edit on 8/1/2008 by C0bzz]



posted on Jan, 8 2008 @ 07:29 AM
link   
This post was orginally a current events post hence my orginal posts being so small and vague please do not assume the intelligence of others and what they may or may not know about the subject when they haven't even commented on the safety of the system and if the orginal post is correct or not. Cobzz you wouldn't of had the chance to comment if this wasn't moved to begin with.



posted on Jan, 8 2008 @ 07:39 AM
link   

Originally posted by C0bzz
And now from someone actually from Boeing who can actually tell us what they've done to nullify the security risk.

Gunter wouldn't go into detail about how Boeing is tackling the issue but says it is employing a combination of solutions that involves some physical separation of the networks, known as "air gaps," and software firewalls.



Gunter said Boeing has been working on the issue with the FAA for a number of years already and was aware that the agency was planning to publish a "special conditions" document regarding the Dreamliner.
[edit on 8/1/2008 by C0bzz]


Bypassing a bit of jabing I think you touch on the point of the posting here. As Gunter is saying there will be some physical gaps that provide a much higher level of protect then a software firewall where the hacker statement of if I can see it I can get in it. There are many factors when you talk about firewall protection but your right that a company like boeing with all of its exp has a better chance doing this and keeping the data safe then anyother company.


Of course, it may still be possible to bypass the security, the still, the level of interconnectivity is still unclear, as is the level of security. I think it's still to early to conclude it's insecure, all the evidence points otherwise.


I'll agree with that statement until evidence or news releases on delays tell me otherwise. lol Trusting a web mag from 100% accurate info on a plane unless its a aviation publication is a silly thing to do.



posted on Jan, 8 2008 @ 07:58 AM
link   
Blah blah blah - whatever.


Who cares about the source and their background.


Key quote is this - replicated from the other thread.


Boeing spokeswoman Lori Gunter said the FAA has issued eight special conditions on the Boeing 787, but that not all of them pertain to the plane's computer systems.



Which means there are other things the FAA are not happy with, for Boeing's sake I hope none of them are to do with damage tolerance of the fuselage barrels.



posted on Jan, 8 2008 @ 08:26 AM
link   

please do not assume the intelligence of others and what they may or may not know about the subject when they haven't even commented on the safety of the system and if the orginal post is correct or not.

I was talking about 'Mark Loveless', a 'security analyst', who really needs to shutup.
Sorry if I offended anyone on ATS.




Which means there are other things the FAA are not happy with, for Boeing's sake I hope none of them are to do with damage tolerance of the fuselage barrels.

I think it means there are no safety standards put in place for specific design features of the 787, so special conditions have been issued which match the equivalent safety standards of current aircraft.

[edit on 8/1/2008 by C0bzz]



posted on Jan, 8 2008 @ 08:50 AM
link   

Originally posted by C0bzz

Which means there are other things the FAA are not happy with, for Boeing's sake I hope none of them are to do with damage tolerance of the fuselage barrels.


I think it means there are no safety standards put in place for specific design features of the 787, so special conditions have been issued which match the equivalent safety standards of current aircraft.


Which means Boeing have not tested for them (nor designed for them), since they did not know what they (the regulations) were.

Again, I hope none of them are related to the damage tolerance of the fuselage barrels.



posted on Jan, 8 2008 @ 09:12 AM
link   

Gunter said Boeing has been working on the issue with the FAA for a number of years already and was aware that the agency was planning to publish a "special conditions" document regarding the Dreamliner.

Why would it be diferant for composite fuselage sections?



posted on Jan, 10 2008 @ 11:10 PM
link   
Obviously someone has been watching "Independence Day" too many times. What makes them think that the frequencies are anything close to "normal" PC connection frequencies. Next scenario will be that a cell phone will have a bad blue-tooth transmitter off frequency and will take over the aircraft thru an embedded virus on the cell phone.

ROFLMAO!!



posted on Jan, 11 2008 @ 12:54 PM
link   

Originally posted by C0bzz
Obviously someone has been watching "Independence Day" too many times. What makes them think that the frequencies are anything close to "normal" PC connection frequencies. Next scenario will be that a cell phone will have a bad blue-tooth transmitter off frequency and will take over the aircraft thru an embedded virus on the cell phone.

ROFLMAO!!


Uhm, if I have the source code to a wifi connector (not that hard to get, considering there are a load of them supported by the opensource community), I can actually retune the transceiver module to a pretty large degree - because of the cost savings, 99% of the transceiver in a wifi card is software (firmware).

And anyway, whats to stop me boarding a 787 with custom hardware designed to do the job in the first place?




top topics



 
0

log in

join