Could a vulnerable computer chip allow hackers to down a Boeing 787? 'Back door' could allow cyber-criminals a way in?

A hidden 'back door' in a computer chip could allow cyber-criminals a way to override and control computer systems on Boeing 787s.The vulnerability is in an Actel chip used in their computer systems, and seems to be hard-wired into the devices.This could mean the vulnerability - in chips used in Boeing's flagship Dreamliner - is near-impossible to eradicate.The security researchers who found the vulnerability have alerted governments around the world to the 'back door' - which could leave critical aircraft systems vulnerable.

http://i.dailymail.co.uk/i/pix/2012/05/30/article-2152284-135F24C8000005DC-843_634x326.jpg
Boeing 787 vulnerable

This sort of vulnerability is unusual - most hacks use software, but a 'back door' in such a critical system could allow malicious attackers a way 'past' computer protection systems.'Back doors' are commonly built into computer systems by programmers to allow quick and easy access - but on a chip of this sort, represent a dangerous vulnerability.Security researcher Chris Woods of Quo Vadis Labs told The Guardian, 'An attacker can disable all the security on the chip, reprogram cryptographic and access keys … or permanently damage the device.

'The real issue is the level of security that can be compromised through any back door, and how easy they are to find and exploit.'Security researchers have previously suggested that Chinese companies build vulnerabilities into chips that are exported to the West for use in military systems.

http://i.dailymail.co.uk/i/pix/2012/05/30/article-2152284-135F25BB000005DC-44_634x478.jpg
'Back doors' are commonly built into computer systems by programmers to allow quick and easy access - but on a chip of this sort, represent a dangerous vulnerability

In this case, however, the 'back door' may be innocent - although now it has been discovered, it remains a threat.Rik Ferguson of Trend Micro security, told The Guardian, 'This kind of flaw that gives somebody access right into the device has inherent flaws. The fact that it’s in the hardware will certainly make it harder – if not impossible – to eradicate.'

Could a vulnerable computer chip allow hackers to down a Boeing 787? 'Back door' could allow cyber-criminals a way in | Mail Online (http://www.dailymail.co.uk/sciencetech/article-2152284/Could-vulnerable-chip-allow-hackers-Boeing-787-Back-door-allow-cyber-criminals-way-in.html)

Ah the Daily Mail ...
Gosh think of the big bucks to be made here erradicating a perceived threat. Am I alone In recalling that Y2K was hailed as cyber-armageddon ? Of course due to the timely and extensive intervention of the IT industry, it never happened. :-)

And how are these supposed criminals meant to get physical access to the chip (or the LRU it's on) in order to reprogram it? Knock on the cockpit door and pop in for a few minutes? :ugh:

Happy to be corrected, but I remember reading that Boeing did decide to link at least some of the flight deck IT to the infotainment in the back. How much was never revealed - again, to my knowledge. I was concerned at the time.

Did I read somewhere that the IFE on the 787 shares the same data bus as the FBW system?


Beaten to the punch by above poster.....

Watch this (http://www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked.html) TED talk, physical possession of the computer that needs a brush up not always needed.


Could someone hack your pacemaker? At TEDxMidAtlantic, Avi Rubin explains how hackers are compromising cars, smartphones and medical devices, and warns us about the dangers of an increasingly hack-able world.

Avi Rubin is a professor of computer science and director of Health and Medical Security Lab at Johns Hopkins University. His current research is focused on the security of electronic medical records.

I usually keep a low profile here because I'm a lowly private pilot. That said, I've worked on embedded computer systems for the last 20 years and I do know something about them.

The Actel issue revolves around securing the custom programming in their field-programmable gate array chips. These chips are purchased from the manufacturer as blanks and are then programmed to implement complex logic functions. The programming itself requires attached equipment and a development environment of some sort. Although it could be done, reprogramming these parts is virtually never possible through network connections. The real issue here is not the possibility of the chips being maliciously modified, but the possibility of a competitor reading out the programming and duplicating them. The manufacturer claimed that the programmed data was encrypted and impossible to read out and a researcher claims that it is possible to get it out.

I'd also point out that most avionics have flash memory chips that are not encrypted and much easier to read out and reprogram than an Actel FPGA chip. Assuming an intruder had access to the avionics bay and wanted to cause trouble, this would be a much simpler approach.

Teddy R

Don't throw in comments irrelevant (about Y2K) to this issue and that you would appear to know from what you read in the newspaper. I can't speak about whether this one is a real threat or not, but Y2K certainly was and took much effort to resolve. Chapter and verse available if you wish to pursue.

Grumpyoldgeek's comments would seem to point to where the security focus should be on this threat.

Somebody tell me again about the remotely-piloted airliners in our future....

Similar comments came up when the A320 first arrived. Anything can happen if we wait long enough, I suppose.

i don't think it's something to worry about - i'm sure pretty much all airliners from now will have similar control systems internally. unless someone knows the exact architecture of the systems inside it'll be nigh on impossible to reprogram, let alone decrypt, and recode using similar encryption.

software designers do this kind of coding professionally and thoroughly (one would hope). only the top maybe 1-2% of hacker/programmers in the world would be able to do anything to the system for it to be remotely affected - and the chances of those people getting access to the aircraft for enough time?

Judging by the original paper, http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf, you need physical access and quite a bit of time. Not very likely to be possible to connect your notebook into the IFE and access the avionics. Be taking flight-sim to a new level.

It is not out of this world to have a program embedded surreptitiously in any computer chip that will cause some unpredicted actions at some later date.

It's hard enough to connect the maintenance laptop to the beast when you know what you're doing never mind trying to hack in remotely.

Non-story I'm afraid. Typical Daily Mail tripe. Not that the truth should get in the way of a good story. :yuk:

The 787 has this chip which has this back door, but the 787 does not have any ability to recieve reprogramming instructions into the FMC while airborne.

Data is transmitted to ground stations for monitoring purposes like ADS/CPDLC etc. but the FMCs do not acccept commands unless the cockpit crew choose to accept it. ie route loading, atc clearances etc.

The chips if hacked may corrupt the software logic of systems but the worst is a systemic shut down of automation.

Those familliar with Boeing system logic will see that when the auto mode is corrupted, it reverts back to primary basic mode; if the system continues to malfunction, the system is isolated!

So the threat may exist, but hackers bringing down a 787 is very isolated.

By all means knock it as "Typical Daily Mail tripe," but the Guardian, admittedly a lefty rag, but one with a higher credibility rating, ran the same story.

Cyber-attack concerns raised over Boeing 787 chip's 'back door' | Technology | guardian.co.uk (http://www.guardian.co.uk/technology/2012/may/29/cyber-attack-concerns-boeing-chip?newsfeed=true)

thankfully, there are only about 3 people in the world who know how to do this....
and I know who the other 2 are...so be careful!

It's hard enough to connect the maintenance laptop to the beast when you know what you're doing never mind trying to hack in remotely. So the hack will be getting to the maintenance laptop. From there an infected loading program will bypass the (hacked) chip security and push the trojaned firmware into the targeted LRU. That's how Stuxnet got its payload into Iranian centrifuge PLCs. Nobody actually had to sneak into the plant and gain physical access. When a firmware update is issued by the manufacturer, someone will slip their hack into that process.

Back when I was at Boeing, the ATE (Automated Test Equipment) people switched from HP-UX systems to Windows. One of the sales pitches our IT people made was that the shop floor techs could access their Outlook e-mail on the ATE consoles while not running tests. There is no faster way to infect a PC than that. :eek:

One of the sales pitches our IT people made was that the shop floor techs could access their Outlook e-mail on the ATE consoles while not running tests.

They had to 'sell' you with email?

http://main.makeuseoflimited.netdna-cdn.com/tech-fun/wp-content/uploads/2011/03/bluetooth.jpg

They had to 'sell' you with email, for you to approve a tool for you to do your job better?You misunderstand which side of that battle I was on (That's OK. I never made that clear.) I supported the HP hardware and software on behalf of engineering. The IT folks stepped in between us and manufacturing management with their 'preferred IT architecture'. Which back in those days was: get Windows on enough processors and your CIO gets a seat next to Bill Gates at his next dinner party. We (engineering) lost that battle.

Windows was (is) a crappy platform for anything you have to keep in configuration for cal/cert or other compliance issues. Every time it gets connected to the network, it starts slurping updates off some server in Redmond. And that's the low risk stuff. Most non-tech savvy people who get a prompt for some administrative function might as well have a button that says "Make the nasty popup go away and show me the nice video of kittens now".

The 787 has this chip which has this back door, but the 787 does not have any ability to recieve reprogramming instructions into the FMC while airborne.

Data is transmitted to ground stations for monitoring purposes like ADS/CPDLC etc. but the FMCs do not acccept commands unless the cockpit crew choose to accept it. ie route loading, atc clearances etc.

The chips if hacked may corrupt the software logic of systems but the worst is a systemic shut down of automation.

Those familliar with Boeing system logic will see that when the auto mode is corrupted, it reverts back to primary basic mode; if the system continues to malfunction, the system is isolated!

So the threat may exist, but hackers bringing down a 787 is very isolated.

I agree the risk is very very remote but perhaps you under estimate how clever some hackers can be? To perform a hack on this type of system the person would need to be very familiar with the systems. That obviously makes much less likely to occur but also means any attack could be very sophisticated. We're talking about someone who might be quite capable of modifying a system (say while undergoing maintenance) in a way that is not readily apparent and which might fool other system into thinking it's working normally. These days the best hackers don't just shout "yahoo we're taking over", they are much too clever for that.

Perhaps worth remembering that two American space satellite systems were hacked in 2007/8...

Cover Story: Hacking Cases Draw Attention To Satcom Vulnerabilities | Defense News | defensenews.com (http://www.defensenews.com/article/20120123/C4ISR02/301230010/Cover-Story-Hacking-Cases-Draw-Attention-Satcom-Vulnerabilities)

In the case of Landsat 7 and Terra, the hackers created highly specialized radio frequency signals and transmitted the signals to the spacecraft from the Svalbard ground station in Norway. They did so on four occasions in 2007 and 2008. The commission was most specific about the probing of Terra. On June 20, 2008, hackers “achieved all steps required to command” NASA’s Terra, “but did not issue commands,” the commission said.

but the FMCs do not accept commands unless the cockpit crew choose to accept it. ie route loading, atc clearances etc.What stops them from accepting commands without FC confirmation? Their software. Think about it.

Stuxnet was designed to spin Iran's centrifuges overspeed (uncommanded) while presenting normal reading to the plant operators.