calippl

"Yes I know who Bruce Schneier is, and yes I agree with the general statement that nothing is unhackable given enough time.

However the basic sanity test of viability still very much puts WiFi / remote control of a Boeing 777 firmly into the Hollywood fiction category. I doubt Mr Schneier would disagree with me there."

mixture, what you say here is true however, a hacker doesn't have to take control of the aircraft to cause an incident.

They could just target specific components of the system (for example disable comms) and cause an accident without actually trying to fly the aircraft.

VinRouge

worth pointing out pax oxy pointless above about 25k.

INTEL101

Maybe not, but laptop based scanning & sniffing tools will soon expose open ports and capture and analyze traffic going in & out of the server including interfacing app ID's and passwords (even if encrypted). Non-mainstream O/S's did not stop Flame or Stuxnet which were specially crafted to target SCADA systems. It is not beyond the bounds of probability that sooner or later the bad actors will figure out how to craft malware that has been specifically tailored to interface with aircraft borne servers such as the T7.

The prospect of Windows like O/S's being used on the 787 and A340's is even more scary.

Lost in Saigon

Please explain what you mean.....

SeenItAll

This news report states that Malaysian Airlines does receive ACARS data from its Boeing jets, but that it declined to have these data shared with Boeing. Further, it cites Malaysian Airlines as stating that it received no ACARS data from the missing jet.
Malaysian Air Said to Opt Out of Boeing Plan to Share Jets? Data - Yahoo Finance

Of course the problem with this whole situation is that other than for knowing that the jet has not landed at any major airport, we are sure of absolutely nothing else about this flight. So much has been stated and retracted, nothing can be relied upon.

wiggy

truckflyer (and it seems others)

No, that's not in the Boeing procedure for a rapid descent.

General point and as I believe has been stated - on some 777's (if not all, customer option's and all that) the passenger oxygen is supplied from bottles located under cabin floor and aft of the wing.

LASJayhawk

DME is a very old system. All the ground station does is listen for a pulse pair and sent out a reply after a fixed delay (50uS for X channel 56uS for Y channel) it has no idea what interrogated it.

Lost in Saigon

So you are saying the B777 does not have the correct Pax O2 masks?

SteveZRH

I will not add anything to the speculations on this thread, and I am for sure not suspecting that computer security issues are the source of the problem.

I am not a pilot, but I am an active researcher in the area of computer security, and I want to add my two cents. While it may be science fiction to think of a plane being remotely controlled by an attacker, the possibility of vulnerabilities allowing for serious damage to a modern aircraft is a serious possibility.

Our community has been very successful in surfacing a number of vulnerabilities in modern cars. It is for instance possible to seriously endanger the safety of the occupants by using the embedded GSM connection used for diagnostics by car manufacturers. Similarly, the brakes could be disabled via the audio system. These and many more attacks have been widely documented in the academic research community (and tested on actual cars): Some more information can for example be found on the webpage of a joint research group established by the University of Washington and the University of California, San Diego -- cf. CAESS - Home

With airplanes being far more complex systems, it would be pretentious to expect the absence of vulnerabilities. The only barrier preventing us from finding security issues is the simple unfeasibility of obtaining a whole 777 to play with, rendering it unusable via different types of attacks. But the consensus is certainly that there has been a lack of interaction between the computer security community and the aviation industry -- add to this the fact that the 777 is an older design (in IT years) and we learnt so much about security vulnerabilities over the last 15 years.

Overall, I would never confidently claim such vulnerabilities do not exist, as such claims have always proved themselves wrong in the past. The car industry made at first similar claims, but has in the meanwhile undergone massive investments to improve the situation after the above attacks have been exhibited 4 years ago.

Hope this puts things into perspective a bit better.

isca

Quote:
Yes you are right you cannot reprogam an eprom without removing it because you have to UV erase it, and the eprom essentially is the computer in a simple bit of kit.
However we have progressed most modern ECU use an FPGA which is reprogram in situ and these have been in common use for over 10 yrs. If the aircraft system didn't have them originally you can bet it has been upgrade because program changes become quicker and cheaper than box swapping.

Now that means there is an external access to them so plugging into the PC port or wireless may well make hacking possible.

I subscribe to the belief if you can build it someone will hack it, look at the so say secure financial systems that have been hacked. To see IT guys believing that a system is unhackable is frightening with it's complacency. Do you remember stuxnet?

mixture

Well, sure they could perhaps do something to something.

But how much could they do to safety critical systems ? I suspect the numbers plummet dramatically, if not to zero.

How much could they do to safety critical systems that the flight crew could not overrule by flicking a switch or pulling a CB ? I suspect the number is exactly zero.

Ka6crpe

Lost in Saigon, Unless you have been trained in high altitude breathing then even if you are receiving oxygen, you still wont be able to breathe. At high altitude you must consciously inhale and exhale, there is insufficient air pressure for your body to exhale automatically.


Think of the acclimatisation periods required by climbers ascending Everest, they are training their bodies to breathe with reduced air pressure.

isca

back on page 112 DYE wrote in post 2234 (now 2230)

I have tried to reproduce this using flt SQ68 and MH370 and can't anyone else tried

Going to very embarassing if this is true

jugofpropwash

There still has been no release of a cargo manifest, correct?

wiggy

Must admit I thought (from AvMed lectures at North Luffenham in my fast pointy aircraft days ...) that you can breath pure oxygen oxygen at ambient pressure at up in the high 30,000's of feet....not to be recommended I'm sure but the partial pressure was enough to ensure survival....

The unpressurised 25K limit was, I thought, due to issues with decompression "sickness"...

mixture

There is somewhat a bit of a difference between aircraft systems and financial systems. Financial systems are not safety critical, you won't kill anyone if someone gets into a bank account.... so the ultimate design goals are very different.

And a difference between aircraft systems and stuxnet. You only need to go read up a bit on stuxnet to realise how "special" it was for many reasons (i.e. highly likely to be a well funded, "western" government project with specific targets in mind that they had evidently done much research on before). A LOT of money and manpower went into stuxnet .... more than any tewwowist organisation could ever dream of !

I'm not saying aircraft systems are invincible, I'm just saying its utterly ludicrous to say someone can get 100% remote control over an aircraft, even more so in a manner that the flight crew can't overrule. The chance of an aircraft being hit by a meteorite is far more likely !

givemewings

Wiggy, it definitely seems like a customer option. Every Boeing I've ever worked on (737, 767, 777) has had a fixed chemical system, another poster pointed out that some have bottled.

In my outfit they are chemically generated.

I was under the impression that bottles were an add-on option for airlines who mainly fly through high terrain alts on a regular basis (i.e. QF 747s to UK) Seems I was wrong on that.

But it's definitely varying between operators because mine uses individual generators. They are also one of the largest 777 operators so this may have something to do with it

Lonewolf_50

No! 777 has to have compliant masks or FAA would never have certified them.
Go play your games with someone else.

Old Boeing Driver

Unless the National Reconnaissance Office or the DOD itself whose SBIRS satellites are lying to us, just not saying, there were no flashes, explosions, or bright lights in the area being discussed at the time being discussed.

Lost in Saigon

If what you say is true, why are airliners required to have passenger oxygen?