Boeing 787 May Have Security Flaw
EmailBoeing’s new 787 Dreamliner, scheduled to start carrying passengers in November, may have the most unlikely of security flaws, according to Kim Zetter, who writes for WIRED. The plane will be equipped with online access, so that passengers can surf the web or do work in flight. But Zetter quotes an FAA document warning that "the plane’s computer systems connect the passenger network with the flight-safety, control and navigation network. It also connects to the airline’s business and administrative-support network, which communicates maintenance issues to ground crews." The FAA’s "special conditions" document can be found HERE. "The design ‘allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane,’ says the FAA document. ‘Because of this new passenger connectivity, the proposed data-network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane.’" Boeing’s Lori Gunter is quoted as saying the FAA document overstates the case. "There are places where the networks are not touching, and there are places where they are," she tells Wired. She says Boeing has been working with the FAA for a number of years on this, and has agreed on tests that will be done well before the plane carries paying passengers. (Image courtesy Boeing.)
Space Station Flies Over Eastern U.S. at Night 
RSS
Twitter
Facebook
This gives an entirely new meaning to the term “Fly by wire”. I wonder how long it would take some innovative hacker to breach the firewalls and take over the plane using his laptop in coach. Or from the safety of the ground, hack the network and take over a bunch of 787′s while they’re in flight. Having systems that ‘touch’ in ANY place when it comes to networking gives access to everything the network connects to on both sides in some way. NOT a smart move, IMHO.
Posted by: fatesrider | January 8, 2008, 4:20 pm 4:20 pm
I barely let the internet into my house – another good reason not to fly.
Posted by: Republicus Maximus | January 8, 2008, 4:55 pm 4:55 pm
It’s far far easier to cause problems with the plane’s or airline’s systems than it is to “take over” a plane, though that would be small comfort to anyone afflicted by such an incident…
Posted by: Matt F | January 8, 2008, 5:19 pm 5:19 pm
well if the passenger’s network is connected to the network, then theoretically someone could connect to the plane from anywhere, and have the same access as the passengers to the airplanes systems. why wouldn’t they keep the airplanes control systems completely isolated from their own corporate network as well as the passengers network. that seems like basic commen sense? can you imagine a bright terrorist figuring out how to remotely hack into planes and interfere with them? or even a stupid kid, not understanding the true consequences of his actions? crazy if the faa’s points are valid.
Posted by: kb | January 8, 2008, 5:56 pm 5:56 pm
i meant to say if the passengers network is connected to the internet
Posted by: kb | January 8, 2008, 5:58 pm 5:58 pm
OK, who’s bright idea was this?
Posted by: Daleri | January 8, 2008, 6:32 pm 6:32 pm
This flight control system is brought to you by the same group that designed the rudder actuators for the 737 that killed a couple hundred people. They weren’t independently redundant making them susceptible to a catastrophic – single point failure…nice job guys! Apparently, learning from your mistakes isn’t that important at Boeing?
Posted by: Todd | January 9, 2008, 1:14 am 1:14 am
When all is said and done, I don’t think it will be anymore dangerous than the psycho/terrorist that reserves a seat next to that big release handle on the exit door in the front of the coach section. But it does make sensational journalism.
Posted by: LongT | January 9, 2008, 2:39 pm 2:39 pm
Be afraid readers! Be very afraid!
Posted by: LongT | January 9, 2008, 2:46 pm 2:46 pm
The networks should be redesigned and re-engineered to separate the passenger network activities from those of the flight crew. Firewalls could certainly be used, as well as separate hardware and software architecture so the two networks would never meet.
Posted by: chuck | January 9, 2008, 3:24 pm 3:24 pm
Separating the passenger net from the operational network should be a piece-o-cake. I am almost 100% sure it will be done. The FAA will not certify the 787 to fly passengers unless this is proven. The FAA can be a pain in the butt about this sort of thing. I think this type of article is more about journalistic sensationalism than real substance.
Posted by: LongT | January 9, 2008, 5:31 pm 5:31 pm
I agree with seldom-seen chuck and LongT. How this could have happened in the first place will probably remain one of the great mysteries of life. Given the huge flap over terrorism and the fact that this all started with hijacked aircraft taking down the World Trade Center towers, it’s unconscionable that such a situation can exist.
Posted by: Andy | January 10, 2008, 10:07 am 10:07 am
Thanks, Andy. My absence from these hallowed halls was due to an accident where I broke my typing arm. Now that I’ve recovered and don’t have to type with one hand, I promise not to be seldom-seen anymore.
Posted by: seldom-seen chuck | January 10, 2008, 12:06 pm 12:06 pm
Sorry about the flipper. Good to have you back in the fray.
Posted by: Andy | January 10, 2008, 12:43 pm 12:43 pm
Real brains at work here. Like having our utilities’ computers hooked up to the internet as well, so the hackers can play havoc with all that and cause catastrophe. Are their any brains in charge any more?
Posted by: janet o'brien | January 21, 2008, 5:11 pm 5:11 pm