Wonderful. The new Boeing 787 is probably hackable.

[thewayne]

They installed a computer network in it for the passengers. That's cool, kudos for that. But the morons made it touch the aircraft's network, says a spokeswoman: "There are places where the networks are not touching, and there are places where they are."

YOU CANNOT MINGLE CRITICAL NETWORKS! You create two networks -- two separate cable runs (or fiber runs), they NEVER touch! It has been proven time and again that defending a network is an on-going war, and there is no way that Boeing is going to be the least bit proactive about doing this. Their job is making huge-ass airplanes for moving people through the air, it's not network defense.

If the "passengers" network goes down, and a flight attendant pressing a reset button on a server doesn't bring it back up, then the passengers have to amuse themselves for the remainder of the flight. IT'S NOT QUITE THAT EASY IF THE CONTROL NETWORK GOES DOWN.

The only advantage is that the aircraft control network is probably not using protocols that will be familiar to the average 14 year old. Still, what happens if they use a single laptop to do a packet flood and DDOS the aircraft? You don't need to know how something works to take a sledge hammer to it.

Morons.

http://www.wired.com/politics/security/news/2008/01/dreamliner_security

Comments

[apostate-96.livejournal.com]

Jesus Christ, how stupid can people be? If nothing else, paying attention to what Hollywood has been putting out (the latest in the Die Hard series) would've told them that might be a BAD idea.

How much money has to be lost in lawsuits before they'll pay attention? Asshats...

[thewayne.livejournal.com]

I think your last line would be more accurate as "how many lives have to be lost". The FAA has noticed the problem, so hopefully the situation will be fixed before any planes go down.

[apostate-96.livejournal.com]

For a giant like Boeing, it'd come down to how much lost lives cost them, whether in lawsuits or fines. I'd bet they've got a certain amount budgeted for covering the expenses of accidents, just like it was learned companies like Ford did after the debacle with the Pinto. With the big corporations, sadly money is more consistently valued than human life.

[thedragonweaver.livejournal.com]

There's a major plot point in the book Point of Honor that deals with the idea of a VR network that can also be used for air traffic control— everything is going hunky-dory and then it turns out that in hacking into a trunk for more power, somebody created a connection to the ATC network.

In other words, some idiot made a door to a room full of little twinkly lights, and just by stepping in there, really nasty accidents are possible.

And seriously, the only reason I'm not worried about terrorists taking advantage of this is that a) they haven't proven themselves to be that flexible, and b) some unsocialized 14-year-old is going to do it first, as you suggest.

[silveradept]

Owwwww. My head hurts. Why would people put a critical network and a passenger network in such a configuration that one could be accessed from the other? Unless people are supposed to be able to access flight data in some sanitized way or something, I don't see the point.

[thewayne.livejournal.com]

You can make one-way feeds on networks. Keep in mind that Ethernet is two pairs of wires: one pair for transmit, one pair for receive. Thus you have full duplex. So yes, you could have a "live" flight data feed, which would be cool, but I'd rather know that I have fully isolated networks!

Yeah, it made my brain hurt, too.

[shou-lao.livejournal.com]

It sounds like the plot for a new action movie. It sounds like they are going to have plenty of security issues to deal with in the future.