Stories
Slash Boxes
Comments

SoylentNews is people

Boeing 747s Receive Critical Software Updates Over 3.5" Floppy Disks

posted by martyb on Wednesday August 12 2020, @07:06PM   Printer-friendly
from the Please-insert-disk-7-of-42 dept.

An Anonymous Coward writes:

Pen Test Partners: Boeing 747s receive critical software updates over 3.5" floppy disks:

The eye-catching factoid emerged during a DEF CON video interview of PTP's [Pen Test Partners] Alex Lomas, where the man himself gave a walkthrough of a 747-400, its avionics bay and the flight deck.

Although airliners are not normally available to curious infosec researchers, a certain UK-based Big Airline's decision to scrap its B747 fleet gave Pen Test Partners a unique opportunity to get aboard one and have a poke about before the scrap merchants set about their grim task.

"Aircraft themselves are really expensive beasts, you know," said Lomas as he filmed inside the big Boeing. "Even if you had all the will in the world, airlines and manufacturers won't just let you pentest an aircraft because [they] don't know what state you're going to leave it in."

While giving a tour of the aircraft on video (full embed below), Lomas pointed out the navigation database loader. To readers of a certain vintage it'll look very familiar indeed.

"This database has to be updated every 28 days, so you can see how much of a chore this has to be for an engineer to visit," Lomas said, pointing out the floppy drive – which in normal operations is tucked away behind a locked panel.

Youtube Video

[...] The key question everyone wants to know the answer to, though, is whether you can hack an airliner from the cheap seats, using the in-flight entertainment (IFE) as an attack vector. Lomas observed: "Where we've gone deliberately looking, we've not found, at this point, any two-way communication between passenger domain systems like the IFE and the control domain. There is the DMZ of the information services domain that sits between the two; to jump between two layers of segregation would be tricky in my view."

Original Submission

 
This discussion has been archived. No new comments can be posted.
Boeing 747s Receive Critical Software Updates Over 3.5" Floppy Disks | Log In/Create an Account | Top | 33 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by fustakrakich on Wednesday August 12 2020, @07:10PM (3 children)

    by fustakrakich (6150) on Wednesday August 12 2020, @07:10PM (#1035724) Journal

    Yes, any robust dialectric will do. Use a Faraday cage for RF.

    To avoid crosstalk, IFE and the control domain shouldn't even be on the same airplane

    --
    La politica e i criminali sono la stessa cosa..

  • (Score: 0) by Anonymous Coward on Wednesday August 12 2020, @07:41PM

    by Anonymous Coward on Wednesday August 12 2020, @07:41PM (#1035743)

    DMZ defeat=start from the other side, lot's of rf there.

  • (Score: 3, Insightful) by MostCynical on Wednesday August 12 2020, @09:48PM (1 child)

    by MostCynical (2589) on Wednesday August 12 2020, @09:48PM (#1035818) Journal

    got to keep the cattle entertained, or they might demand comfortable seats and edible food.

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex

    • (Score: 2, Interesting) by fustakrakich on Wednesday August 12 2020, @10:14PM

      by fustakrakich (6150) on Wednesday August 12 2020, @10:14PM (#1035831) Journal

      They really should just spike the drinks, it solves all the major problems, except incontinence maybe

      --
      La politica e i criminali sono la stessa cosa..