Last month, technology news sites and blogs breathlessly reported on a Federal Aviation Administration document suggesting that Boeing's new 787 Dreamliner passenger jet may be vulnerable to computer hackers.
Specifically, the FAA was concerned that a passenger could use the on-board entertainment network, which personal laptops can plug into, to access the plane's navigation system and disable or take over the plane
"The proposed architecture of the 787," the FAA stated, "allows new kinds of passenger to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane."
All three variants of the jetliner — the medium-range 787-8, going into service next year, the short-range 787-3 and long-range 787-9, expected in 2010 — have three on-board computer networks.
One network is for flight safety and navigation, a second is for administrative functions and the third handles passenger entertainment
The problem is that all three are linked.
"Any time you have a physical connection (between computer networks), there is a possibility someone could bridge from one to the other," says Jonathan Ezor, an assistant professor at the Touro College Institute for Business, Law & Technology in Central Islip, N.Y.
As security experts know, any link between systems is exploitable. That's why you pay for Internet protection software — and why government defense and intelligence agencies keep some of their computers completely off-line.
The FAA's document, called a "special condition," goes on to say: "The proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane."
In other words, it's possible this plane could be hacked.
"Special conditions" are issued by the FAA when it finds problems with technologies so new that they're not yet covered by existing regulations.
In such cases, manufacturers must meet the new criteria before aircraft can be certified as safe to carry passengers. Ten special conditions have been issued for the 787-8.
Boeing denies that a computer-security problem exists, and says further that if it does, it's already been corrected.
"There is a limited amount of information between networks (on the 787)," said company spokeswoman Lori Gunter. "The least amount is between passenger and flight control."
She added that Boeing is not working on a solution to the security problem — because the company has already resolved it, having known the FAA was drafting the special condition months in advance.
"All aspects of the condition are addressed in the airplane," said Gunter.
Multiple onboard servers operate the three networks, which do not run commercial operating systems, she said.
Instead, they use a non-proprietary operating system "written to aerospace standards" by multiple contractors, and Boeing will be testing every line of code to the FAA's satisfaction, tracing each decision branch along the way.
Within each network, Gunter assured, there are multiple layers of
As an example, she described how an input panel in the main cabin lets flight attendants type in how many passengers are aboard each flight.
The data is passed to the administrative servers, which automatically adjust the humidity level in the passenger cabin according to capacity.
"There is no return path," said Gunter about the connection.
In other words, even if a hacker could access the humidity function, he'd be unable to get any further without a returning stream of data.
But don't all network interactions require some kind of acknowledgement — a "handshake" — between computers?
"The answer really depends by what Boeing means by 'no return path,'" says Ezor. "Do they mean there's no physical connection, or do they mean the software doesn't solicit info coming back? If it's software making it only go one way, then a hacker may be able to compromise it with more software."
Gunter says initial deliveries of the 787-8 will be only "Internet tech enabled."
Ethernet ports will be built into seat handles, and wiring will be in place to support those ports, but they'll be dead links.
Exactly what kind of Internet access each airplane offers, and how it is delivered, will be left to the airlines.
There may also be another vulnerability, one the FAA did not seem to address.
Gunter, the Boeing spokeswoman, mentioned that maintenance technicians with laptops will be able to wirelessly access and download information from the 787's administrative network while the plane is on the ground.
Likewise, gate personnel in the terminal can upload flight plans and passenger information via Wi-Fi to the cabin crew's onboard intranet.
Gunter noted that actual maintenance requires physical access to the plane, and that Wi-Fi's short range prevents hackers on the ground from accessing a plane in flight.
But it doesn't take a Tom Clancy to imagine an anonymous bad guy wirelessly hacking into a plane's flight systems while he's sitting at the gate, tapping away at his laptop while waiting to board with all the other passengers.
Ezor cited a 2003 case in which two young men got into the central network of the Lowe's home-improvement chain, located in Charlotte, N.C., via a Wi-Fi connection accessible outside a Lowe's store in Southfield, Mich.
Once inside, they installed a program to capture customers' credit-card information, though they netted few numbers before being caught. The men pleaded guilty to wire fraud and conspiracy, with one receiving a 9-year federal prison sentence.
The Wi-Fi danger to the 787 doesn't end on the ground.
If a plane's Wi-Fi access isn't turned off after takeoff, wouldn't it be possible for a malicious in-flight passenger to bypass the Ethernet network entirely — and just wirelessly access the admin or passenger-cabin systems from his laptop or iPhone?
"There are ways to build entirely secure Wi-Fi networks that are absolutely separated logically from other networks," counters Fleishman. "This is the basic principle behind how corporate Wi-Fi has evolved: using government-grade security and often using 'two-factor' logins, where a user name and password has to be paired with a number read off a hardware key that you have to have on you and which changes every minute."
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment