« Doctor Who: Voyage of the Damned plans | Main | Tool for Managing LiveJournal Custom Friends Groups? »
January 3, 2008
I know, the title is totally cliche but horribly, disappointingly true. According to this doc from Cryptome, the same network that the inflight entertainment kiosks run on the new Boeing 787-8s also host the Flight-safety-related control and navigation and required systems (aka Aircraft Control Domain) and the Airline business and administrative support (aka Airline Information Domain).
Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems that provide flight critical functions. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities that could be caused by unauthorized access to aircraft data buses and servers. Therefore, special conditions are imposed to ensure that security, integrity, and availability of the aircraft systems and data networks are not compromised by certain wired or wireless electronic connections between airplane data buses and networks.
Absolutely unbelievable. In theory, someone could access the systems controlling the plane from the seats and crash them or possibly even control them. It's also possible that someone could access the Airline Information Domain on the ground and hack into the same in-flight Aircraft Control Domain. They're all on the same network!
From what I gather, the only plan is to put in a "firewall" rather than to "air gap" or put the systems on different networks. It says the flight crew will be able to disable passenger access to the other two systems but I'm not impressed. This article from earlier in the year showing how to crash all other Inflight Entertainment Kiosks from a single one does not make me any more confident.
I am far from a person who would spread FUD but this is ridiculous. I'm guessing (hoping) that the release of this information will pressure Boeing and airlines to air gap the systems from each other. Then we can cease the speculation that such vulnerabilities could crash a plane or allow a plane to become a remotely-guided bomb.
ETA: I told my wife this story with what I can only guess was wild eyes and flailing (Paul Gross) arms her response was: "oh - so they can track what you're watching?" focusing on the clear invasion of privacy angle. I assumed that was part of the package re: inflight entertainment.
So I explained that no - it was the chance that evil hackers could break into the Aircraft Control Systems from the Inflight Entertainment! (sounding like many vendor companies and security charlatans I've interacted with). Her response again? "Eh - highly unlikely". So I sputtered a bit declaring loudly that the systems should be "air gapped" and that there have been similar critical infrastructure vulnerability scenarios declared "highly unlikely" usually shortly before someone (usually benevolent) finds a glaring hole easily exploited or some stupid idiot kid blunders into some Flood Control System or Air Traffic Control system of a small airport and unwittingly causes minor damage.
I don't really want to wait to be in the air for some security researcher to figure out if they can cause the flight controls to crash due to a buffer overflow initiated via the seat-based inflight entertainment. Please, no. Thanks.