Go Back  PPRuNe Forums > Flight Deck Forums > Tech Log
Reload this Page >

Hack my plane why don't you!

Tech Log The very best in practical technical discussion on the web

Hack my plane why don't you!

Old 30th May 2012, 20:19
  #1 (permalink)  
Thread Starter
 
Join Date: Jun 2010
Location: Goodwood, Sussex, UK
Age: 70
Posts: 264
Likes: 0
Received 0 Likes on 0 Posts
Hack my plane why don't you!

Could a vulnerable computer chip allow hackers to down a Boeing 787? 'Back door' could allow cyber-criminals a way in?

A hidden 'back door' in a computer chip could allow cyber-criminals a way to override and control computer systems on Boeing 787s.The vulnerability is in an Actel chip used in their computer systems, and seems to be hard-wired into the devices.This could mean the vulnerability - in chips used in Boeing's flagship Dreamliner - is near-impossible to eradicate.The security researchers who found the vulnerability have alerted governments around the world to the 'back door' - which could leave critical aircraft systems vulnerable.


Boeing 787 vulnerable

This sort of vulnerability is unusual - most hacks use software, but a 'back door' in such a critical system could allow malicious attackers a way 'past' computer protection systems.'Back doors' are commonly built into computer systems by programmers to allow quick and easy access - but on a chip of this sort, represent a dangerous vulnerability.Security researcher Chris Woods of Quo Vadis Labs told The Guardian, 'An attacker can disable all the security on the chip, reprogram cryptographic and access keys … or permanently damage the device.

'The real issue is the level of security that can be compromised through any back door, and how easy they are to find and exploit.'Security researchers have previously suggested that Chinese companies build vulnerabilities into chips that are exported to the West for use in military systems.


'Back doors' are commonly built into computer systems by programmers to allow quick and easy access - but on a chip of this sort, represent a dangerous vulnerability

In this case, however, the 'back door' may be innocent - although now it has been discovered, it remains a threat.Rik Ferguson of Trend Micro security, told The Guardian, 'This kind of flaw that gives somebody access right into the device has inherent flaws. The fact that it’s in the hardware will certainly make it harder – if not impossible – to eradicate.'

Could a vulnerable computer chip allow hackers to down a Boeing 787? 'Back door' could allow cyber-criminals a way in | Mail Online
Earl of Rochester is offline  
Old 30th May 2012, 20:37
  #2 (permalink)  
 
Join Date: May 2004
Location: Bear Island
Posts: 598
Likes: 0
Received 0 Likes on 0 Posts
Devil

Ah the Daily Mail ...
Gosh think of the big bucks to be made here erradicating a perceived threat. Am I alone In recalling that Y2K was hailed as cyber-armageddon ? Of course due to the timely and extensive intervention of the IT industry, it never happened. :-)
Teddy Robinson is offline  
Old 30th May 2012, 20:39
  #3 (permalink)  
 
Join Date: Nov 1999
Location: Ireland
Posts: 1,621
Likes: 0
Received 0 Likes on 0 Posts
And how are these supposed criminals meant to get physical access to the chip (or the LRU it's on) in order to reprogram it? Knock on the cockpit door and pop in for a few minutes?
Cyrano is offline  
Old 30th May 2012, 20:51
  #4 (permalink)  
 
Join Date: Jan 2006
Location: Dorking
Posts: 491
Received 0 Likes on 0 Posts
Happy to be corrected, but I remember reading that Boeing did decide to link at least some of the flight deck IT to the infotainment in the back. How much was never revealed - again, to my knowledge. I was concerned at the time.
boguing is offline  
Old 30th May 2012, 20:55
  #5 (permalink)  
 
Join Date: Aug 2007
Location: england
Posts: 851
Received 2 Likes on 2 Posts
Did I read somewhere that the IFE on the 787 shares the same data bus as the FBW system?


Beaten to the punch by above poster.....

Last edited by hunterboy; 30th May 2012 at 20:56.
hunterboy is offline  
Old 30th May 2012, 20:59
  #6 (permalink)  
 
Join Date: Jan 2006
Location: Between a rock and a hard place
Posts: 1,262
Likes: 0
Received 0 Likes on 0 Posts
Watch this TED talk, physical possession of the computer that needs a brush up not always needed.


Could someone hack your pacemaker? At TEDxMidAtlantic, Avi Rubin explains how hackers are compromising cars, smartphones and medical devices, and warns us about the dangers of an increasingly hack-able world.

Avi Rubin is a professor of computer science and director of Health and Medical Security Lab at Johns Hopkins University. His current research is focused on the security of electronic medical records.

Last edited by 172_driver; 30th May 2012 at 21:01.
172_driver is offline  
Old 31st May 2012, 00:13
  #7 (permalink)  
 
Join Date: Dec 2005
Location: No. Cal, USA
Age: 72
Posts: 112
Likes: 0
Received 0 Likes on 0 Posts
I usually keep a low profile here because I'm a lowly private pilot. That said, I've worked on embedded computer systems for the last 20 years and I do know something about them.

The Actel issue revolves around securing the custom programming in their field-programmable gate array chips. These chips are purchased from the manufacturer as blanks and are then programmed to implement complex logic functions. The programming itself requires attached equipment and a development environment of some sort. Although it could be done, reprogramming these parts is virtually never possible through network connections. The real issue here is not the possibility of the chips being maliciously modified, but the possibility of a competitor reading out the programming and duplicating them. The manufacturer claimed that the programmed data was encrypted and impossible to read out and a researcher claims that it is possible to get it out.

I'd also point out that most avionics have flash memory chips that are not encrypted and much easier to read out and reprogram than an Actel FPGA chip. Assuming an intruder had access to the avionics bay and wanted to cause trouble, this would be a much simpler approach.
grumpyoldgeek is offline  
Old 31st May 2012, 00:43
  #8 (permalink)  
 
Join Date: Jul 2002
Location: Canberra
Posts: 244
Received 2 Likes on 2 Posts
Teddy R

Don't throw in comments irrelevant (about Y2K) to this issue and that you would appear to know from what you read in the newspaper. I can't speak about whether this one is a real threat or not, but Y2K certainly was and took much effort to resolve. Chapter and verse available if you wish to pursue.

Grumpyoldgeek's comments would seem to point to where the security focus should be on this threat.

Last edited by Jetdriver; 31st May 2012 at 15:47.
layman is online now  
Old 31st May 2012, 00:43
  #9 (permalink)  
Trash du Blanc
 
Join Date: Mar 2001
Location: KBHM
Posts: 1,185
Likes: 0
Received 0 Likes on 0 Posts
Somebody tell me again about the remotely-piloted airliners in our future....
Huck is offline  
Old 31st May 2012, 01:00
  #10 (permalink)  
 
Join Date: Jun 2005
Location: Here There Yonder
Posts: 244
Likes: 0
Received 0 Likes on 0 Posts
Similar comments came up when the A320 first arrived. Anything can happen if we wait long enough, I suppose.
Ndicho Moja is offline  
Old 31st May 2012, 08:45
  #11 (permalink)  
 
Join Date: May 2008
Location: London
Posts: 29
Received 0 Likes on 0 Posts
i don't think it's something to worry about - i'm sure pretty much all airliners from now will have similar control systems internally. unless someone knows the exact architecture of the systems inside it'll be nigh on impossible to reprogram, let alone decrypt, and recode using similar encryption.

software designers do this kind of coding professionally and thoroughly (one would hope). only the top maybe 1-2% of hacker/programmers in the world would be able to do anything to the system for it to be remotely affected - and the chances of those people getting access to the aircraft for enough time?

Last edited by AndoniP; 31st May 2012 at 08:45.
AndoniP is offline  
Old 31st May 2012, 08:47
  #12 (permalink)  
 
Join Date: Aug 2007
Location: Brazil
Posts: 69
Likes: 0
Received 0 Likes on 0 Posts
Judging by the original paper, http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf, you need physical access and quite a bit of time. Not very likely to be possible to connect your notebook into the IFE and access the avionics. Be taking flight-sim to a new level.
belfrybat is offline  
Old 31st May 2012, 14:17
  #13 (permalink)  
 
Join Date: Feb 2005
Location: UK
Age: 85
Posts: 697
Likes: 0
Received 0 Likes on 0 Posts
It is not out of this world to have a program embedded surreptitiously in any computer chip that will cause some unpredicted actions at some later date.
funfly is offline  
Old 31st May 2012, 21:13
  #14 (permalink)  
 
Join Date: Feb 2002
Location: UK
Age: 58
Posts: 3,462
Received 135 Likes on 73 Posts
It's hard enough to connect the maintenance laptop to the beast when you know what you're doing never mind trying to hack in remotely.

Non-story I'm afraid. Typical Daily Mail tripe. Not that the truth should get in the way of a good story.
TURIN is offline  
Old 31st May 2012, 22:17
  #15 (permalink)  
 
Join Date: Aug 2007
Location: dBoonies
Posts: 29
Likes: 0
Received 0 Likes on 0 Posts
The 787 has this chip which has this back door, but the 787 does not have any ability to recieve reprogramming instructions into the FMC while airborne.

Data is transmitted to ground stations for monitoring purposes like ADS/CPDLC etc. but the FMCs do not acccept commands unless the cockpit crew choose to accept it. ie route loading, atc clearances etc.

The chips if hacked may corrupt the software logic of systems but the worst is a systemic shut down of automation.

Those familliar with Boeing system logic will see that when the auto mode is corrupted, it reverts back to primary basic mode; if the system continues to malfunction, the system is isolated!

So the threat may exist, but hackers bringing down a 787 is very isolated.
dflyer is offline  
Old 31st May 2012, 22:48
  #16 (permalink)  
 
Join Date: Feb 2012
Location: Cape Town / UK / Europe
Posts: 728
Likes: 0
Received 0 Likes on 0 Posts
By all means knock it as "Typical Daily Mail tripe," but the Guardian, admittedly a lefty rag, but one with a higher credibility rating, ran the same story.

Cyber-attack concerns raised over Boeing 787 chip's 'back door' | Technology | guardian.co.uk
Tableview is offline  
Old 1st Jun 2012, 00:04
  #17 (permalink)  
 
Join Date: Mar 2011
Location: engineer at large
Posts: 1,409
Likes: 0
Received 0 Likes on 0 Posts
thankfully, there are only about 3 people in the world who know how to do this....
and I know who the other 2 are...so be careful!
FlightPathOBN is offline  
Old 1st Jun 2012, 00:22
  #18 (permalink)  
 
Join Date: Jan 2011
Location: Seattle
Posts: 715
Likes: 0
Received 1 Like on 1 Post
It's hard enough to connect the maintenance laptop to the beast when you know what you're doing never mind trying to hack in remotely.
So the hack will be getting to the maintenance laptop. From there an infected loading program will bypass the (hacked) chip security and push the trojaned firmware into the targeted LRU. That's how Stuxnet got its payload into Iranian centrifuge PLCs. Nobody actually had to sneak into the plant and gain physical access. When a firmware update is issued by the manufacturer, someone will slip their hack into that process.

Back when I was at Boeing, the ATE (Automated Test Equipment) people switched from HP-UX systems to Windows. One of the sales pitches our IT people made was that the shop floor techs could access their Outlook e-mail on the ATE consoles while not running tests. There is no faster way to infect a PC than that.
EEngr is offline  
Old 1st Jun 2012, 00:55
  #19 (permalink)  
 
Join Date: Mar 2011
Location: engineer at large
Posts: 1,409
Likes: 0
Received 0 Likes on 0 Posts
One of the sales pitches our IT people made was that the shop floor techs could access their Outlook e-mail on the ATE consoles while not running tests.
They had to 'sell' you with email?

Last edited by FlightPathOBN; 1st Jun 2012 at 14:02.
FlightPathOBN is offline  
Old 1st Jun 2012, 02:33
  #20 (permalink)  
 
Join Date: Aug 2010
Location: Germany
Posts: 1
Likes: 0
Received 0 Likes on 0 Posts
AJacobson is offline  

Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.