Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Thursday April 16 2015, @09:29AM   Printer-friendly
from the who'd-have-thought-this-would-ever-happen dept.

U.S. Government Accountability Office (GAO) warns that the computers that control and monitor the aircraft isn't protected enough by on-board firewalls intended to protect avionics from hackers. These could be breached if flight control and entertainment systems use the same wiring and routers had they in turn, been connected to the on-board WiFi. The GAO report authors stated that the affected planes include the Boeing 787 Dreamliner, the Airbus A350 and A380. All have advanced cockpits that are wired into the same WiFi system used by passengers.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @09:45AM

    by Anonymous Coward on Thursday April 16 2015, @09:45AM (#171492)

    You gonna pay for separate networks, are you? Forget about safety, think of the profits, man, the profits! Human lives are expendable, but money is forever.

    • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @10:55AM

      by Anonymous Coward on Thursday April 16 2015, @10:55AM (#171511)

      Until the first terrorist attack uses this vulnerability. Then the demand for vulnerable airplanes will plummet.

      • (Score: 4, Touché) by Ryuugami on Thursday April 16 2015, @11:05AM

        by Ryuugami (2925) on Thursday April 16 2015, @11:05AM (#171513)

        Then the demand for vulnerable airplanes will plummet.

        --
        If a shit storm's on the horizon, it's good to know far enough ahead you can at least bring along an umbrella. - D.Weber
      • (Score: 5, Funny) by GreatAuntAnesthesia on Thursday April 16 2015, @11:51AM

        by GreatAuntAnesthesia (3275) on Thursday April 16 2015, @11:51AM (#171536) Journal

        Nope. What will happen then is that the airport security will bring in some stupid, ineffective rule that all laptops and tablets must be opened at the airport and "scanned for terrorist software" (using some shitty Windows 8-only software scanner that only scans [1] for the one specific known threat that actually worked. Naturally this software is rarely, if ever, updated to cover new potential threats) All those pesky phones, [2]) USB sticks, HIDs and Apple devices that are also potential attack tools will be exempt simply because LALALALAWECAN'THEARYOU. Any hardware running other OSes will be viewed as suspicious and confiscated, and the owner placed on a terrorist watchlist.

        Meanwhile, on the plane side, the vulnerable systems will remain completely unchanged for all existing aircraft. New aircraft however will have to have a secondary independent flight control system in place, built on Windows XP and IE6, with a government backdoor that allows law-enforcement to remotely take control of the plane from the ground and guide it safely down in the event of an aircraft being hacked / hijacked. Don't worry, this backdoor could never ever ever be abused in any way. Oh no.

        Did I miss anything?

        [1] With significantly less than 100% accuracy
        [2] But nevertheless cost the taxpayer several hundred million to implement via some favoured government contractor.

  • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @10:30AM

    by Anonymous Coward on Thursday April 16 2015, @10:30AM (#171503)

    > advanced cockpits that are wired into the same WiFi system used

    So, not only the avionics is sharing bandwidth with my 30 Rock stream, but it's also connected to the internet!

  • (Score: 3, Informative) by WizardFusion on Thursday April 16 2015, @11:12AM

    by WizardFusion (498) Subscriber Badge on Thursday April 16 2015, @11:12AM (#171516) Journal

    So, its something like...

            Burden < (Probability * Loss)

    http://en.wikipedia.org/wiki/Calculus_of_negligence [wikipedia.org]

    • (Score: 2, Informative) by Anonymous Coward on Thursday April 16 2015, @11:29AM

      by Anonymous Coward on Thursday April 16 2015, @11:29AM (#171522)

      My job was to apply the formula.
      The infant went through the windshield.
      A new car built by my company
      leaves somewhere traveling at 60mph.
      The rear differential locks up.
      The teenager's braces
      are stuck to the ashtray.
      Might make a good anti-smoking ad.
      The car crashes and burns
      with everyone trapped inside.
      Now, should we initiate a recall?
      The father must have been huge.
      See where the fat burned to the seat?
      The polyester shirt?
      Very modern art.
      Take the number of vehicles in the field, A.
      Multiply it by the probable rate of failure, B.
      Multiply the result by
      the average out-of-court settlement, C.
      A x B x C
      equals X.
      lf X is less than the cost of a recall,
      we don't do one.

  • (Score: 2, Insightful) by yarp on Thursday April 16 2015, @11:18AM

    by yarp (2665) on Thursday April 16 2015, @11:18AM (#171518)

    It doesn't seem all that long ago that operating anything more powerful than a pacemaker would allegedly interfere with an aircraft's control circuitry leading to fiery death for all aboard. Was that being pessimistically cautious in the same way we are warned against using a mobile phone at a petrol station as it could cause a spark and ignite all the fuel or was there a real basis which has since been made safe?

    Also I can't understand how you can have expensive multiply-redundant control mechanisms and yet share an important data network with non-essential services allowing untrusted devices. Actually, I can: separate data networks probably just haven't entered the regulations yet so it's cheaper not to bother.

    • (Score: 3, Interesting) by WizardFusion on Thursday April 16 2015, @11:40AM

      by WizardFusion (498) Subscriber Badge on Thursday April 16 2015, @11:40AM (#171529) Journal

      The mobile phone and petrol stations was a completely american issue (as far as I remember), and the problem was that the pumps have a little catch that allows people to walk away when the petrol is still being delivered. The spark came from people with cheap clothes getting in and out of their cars and the friction causing a static spark that would ignite the fumes.

      Here in the UK, we don't have those little catches, so you have to stay where you are when pumping.

      • (Score: 1) by yarp on Thursday April 16 2015, @12:50PM

        by yarp (2665) on Thursday April 16 2015, @12:50PM (#171557)

        I'd read the story of sparks being caused by clothing, but never twigged that it would have been exacerbated due to entry and exit of a vehicle while a pump was running automatically.

        Still, I wonder why we still have the signs up on forecourts. It's not helped that mobile phone manufacturers also give the same warning in their user manuals (not that anybody reads them).

      • (Score: 2) by Snow on Thursday April 16 2015, @09:11PM

        by Snow (1601) on Thursday April 16 2015, @09:11PM (#171730) Journal

        You can solve the problem of having to stand by your car by jamming our car's fuel cap under the handle of the dispenser. Ta-da! Auto Fill!

        When it's really cold and windy, I'll take my chances with fire over the certainty of freezing my ass off.

        • (Score: 2) by LoRdTAW on Thursday April 16 2015, @09:54PM

          by LoRdTAW (3755) on Thursday April 16 2015, @09:54PM (#171749) Journal

          A funny anecdote I heard from a friend is that the stickers placed on pumps in jurisdictions that forbid the catch (NY is one) reads: "It is illegal to place gas cap in handle." So people started using tennis balls since they were not forbidden by the sticker. Doubt it is a real practice or stand up in court.

  • (Score: 2) by Justin Case on Thursday April 16 2015, @11:27AM

    by Justin Case (4239) on Thursday April 16 2015, @11:27AM (#171521) Journal

    When can we get a law that lets us take certain decision makers, tie them to a pole in the public square, and throw rotten eggs at them until they wake up and tune in to planet Earth?

    No the cockpit does not need to be running Windows XP over unencrypted wifi! I don't care if that's what your kid uses.

    • (Score: 1, Insightful) by Anonymous Coward on Thursday April 16 2015, @11:32AM

      by Anonymous Coward on Thursday April 16 2015, @11:32AM (#171523)

      Stupid people are the decision makers because they are the majority. You are the minority. You are the loser. You are the one who is out of tune with planet Earth. Get it straight.

      • (Score: 2) by kaszz on Thursday April 16 2015, @12:24PM

        by kaszz (4211) on Thursday April 16 2015, @12:24PM (#171542) Journal

        Decision makers are compatible with monkey language, thus they get their position by promotion by same monkeys ;)

  • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @11:35AM

    by Anonymous Coward on Thursday April 16 2015, @11:35AM (#171526)

    Did Al-Qaeda write the design spec?

    Otherwise, what kind of moron came up with ideas like sharing a time critical network with bandwidth-hungry passengers, and connecting the whole thing to the internet?

    Firewalls? Forget it, you use a firewall when you want to have connections between the two networks, with certain restrictions. When you really don't want the passengers to change the auto-pilot, or that guy an Abottobad with the cell phone to do the same, the solution is not a firewall, it's a simple "blue cable is for the passenger network, red cable is for the cockpit,. and whoever puts a red connector on a blue cable gets a long interview with the FBI.

    FFS, they knew how to do that when I went to school. The RS232 cables for the terminals, while not having different connectors (DB25), they were wired differently, so you couldn't just switch the cables around to connect a student terminal to the administrative network.

    • (Score: 3, Insightful) by Anonymous Coward on Thursday April 16 2015, @11:37AM

      by Anonymous Coward on Thursday April 16 2015, @11:37AM (#171527)

      Did Al-Qaeda write the design spec?

      Al-Qaeda is a wholly owned subsidiary of the United States of America, so yes, yes we did.

  • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @11:43AM

    by Anonymous Coward on Thursday April 16 2015, @11:43AM (#171530)

    So sure, airgap your networks, firewall everything twice and lock everything down your OSI model...

    But about about the explosion of crapware in the embedded systems market? Everything thinks they're safe from System D ("Hey, it's just on my desktop machine or my web server, no big deal") but it won't be long now until most of the OTS SoCs and micro form-factor machines (think: aileron and rudder management systems) in our fly-by-wire world will be running some version of System D.

    Think about that (and say a prayer to Lennard) next time you hop on a plane.

    • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @11:46AM

      by Anonymous Coward on Thursday April 16 2015, @11:46AM (#171532)

      Lady Ada to the rescue! She'll save us.

      • (Score: 1, Interesting) by Anonymous Coward on Thursday April 16 2015, @03:45PM

        by Anonymous Coward on Thursday April 16 2015, @03:45PM (#171623)

        Quick! To the debugging crowbar! [sydneypadua.com]

    • (Score: 2) by kaszz on Thursday April 16 2015, @12:27PM

      by kaszz (4211) on Thursday April 16 2015, @12:27PM (#171546) Journal

      Classify systemD as not airworthy? and make any system manufacturer using it open to unlimited claims?

      Anyway your point is kind of spooky. Systems with systemd isn't reliable.

  • (Score: 5, Informative) by Shimitar on Thursday April 16 2015, @12:05PM

    by Shimitar (4208) on Thursday April 16 2015, @12:05PM (#171538) Homepage

    This news smells of stupid people giving stupid announcements to prove their work is valuable.

    First of all, the AVIONICS does not share the same busses of the inflight entertainment... The avionics is usually connected over a CAN Aerospace bus or other dedicated busses, in a few cases an ethernet connection might be used, but we are talking of double-redoundant connections over point-to-point lines.

    The article is stupid. There is a thing called "civil certification" to get an airworthness certificate which imposes a lot of rules, and WiFi is NOT certified for airworthiness. Not even plain old ethernet is, in the way we use it at home or in the office.

    Heck, not even most military graded busses are certified for flight! (MIL-STD-1553 for example only has a few configurations actually ever certified for civil flight).

    As for connection to external world, yes, there are data links and part of the avionics suite is indeed connected to the ground and other air vehicles (CPDLC, ADS-B, ADS-C, Link16, and whatever more are used on civil planes) which can all be a security threat, maybe. But, honestly, the cyber terrorist hacking from the ecomy class inflight entertainment is really laughable.

    --
    Coding is an art. No, java is not coding. Yes, i am biased, i know, sorry if this bothers you.
    • (Score: 2) by kaszz on Thursday April 16 2015, @12:31PM

      by kaszz (4211) on Thursday April 16 2015, @12:31PM (#171549) Journal

      How near is these entertainment systems in connection with critical systems?

  • (Score: 5, Funny) by tibman on Thursday April 16 2015, @02:33PM

    by tibman (134) Subscriber Badge on Thursday April 16 2015, @02:33PM (#171600)

    Don't they remember the Battlestar Galactica documentary?

    --
    SN won't survive on lurkers alone. Write comments.
  • (Score: 2) by cafebabe on Friday April 17 2015, @01:15AM

    by cafebabe (894) on Friday April 17 2015, @01:15AM (#171821) Journal

    I've mentioned this topic before [soylentnews.org] and it has been a topic at DefCon [soylentnews.org] but people doubt the claims.

    --
    1702845791×2