|
Hack my plane why don't you!
Could a vulnerable computer chip allow hackers to down a Boeing 787? 'Back door' could allow cyber-criminals a way in?
A hidden 'back door' in a computer chip could allow cyber-criminals a way to override and control computer systems on Boeing 787s.The vulnerability is in an Actel chip used in their computer systems, and seems to be hard-wired into the devices.This could mean the vulnerability - in chips used in Boeing's flagship Dreamliner - is near-impossible to eradicate.The security researchers who found the vulnerability have alerted governments around the world to the 'back door' - which could leave critical aircraft systems vulnerable. http://i.dailymail.co.uk/i/pix/2012/...43_634x326.jpg Boeing 787 vulnerable This sort of vulnerability is unusual - most hacks use software, but a 'back door' in such a critical system could allow malicious attackers a way 'past' computer protection systems.'Back doors' are commonly built into computer systems by programmers to allow quick and easy access - but on a chip of this sort, represent a dangerous vulnerability.Security researcher Chris Woods of Quo Vadis Labs told The Guardian, 'An attacker can disable all the security on the chip, reprogram cryptographic and access keys or permanently damage the device. 'The real issue is the level of security that can be compromised through any back door, and how easy they are to find and exploit.'Security researchers have previously suggested that Chinese companies build vulnerabilities into chips that are exported to the West for use in military systems. http://i.dailymail.co.uk/i/pix/2012/...44_634x478.jpg 'Back doors' are commonly built into computer systems by programmers to allow quick and easy access - but on a chip of this sort, represent a dangerous vulnerability In this case, however, the 'back door' may be innocent - although now it has been discovered, it remains a threat.Rik Ferguson of Trend Micro security, told The Guardian, 'This kind of flaw that gives somebody access right into the device has inherent flaws. The fact that its in the hardware will certainly make it harder if not impossible to eradicate.' Could a vulnerable computer chip allow hackers to down a Boeing 787? 'Back door' could allow cyber-criminals a way in | Mail Online |
Ah the Daily Mail ...
Gosh think of the big bucks to be made here erradicating a perceived threat. Am I alone In recalling that Y2K was hailed as cyber-armageddon ? Of course due to the timely and extensive intervention of the IT industry, it never happened. :-) |
And how are these supposed criminals meant to get physical access to the chip (or the LRU it's on) in order to reprogram it? Knock on the cockpit door and pop in for a few minutes? :ugh:
|
Happy to be corrected, but I remember reading that Boeing did decide to link at least some of the flight deck IT to the infotainment in the back. How much was never revealed - again, to my knowledge. I was concerned at the time.
|
Did I read somewhere that the IFE on the 787 shares the same data bus as the FBW system?
Beaten to the punch by above poster..... |
Watch this TED talk, physical possession of the computer that needs a brush up not always needed.
Could someone hack your pacemaker? At TEDxMidAtlantic, Avi Rubin explains how hackers are compromising cars, smartphones and medical devices, and warns us about the dangers of an increasingly hack-able world. Avi Rubin is a professor of computer science and director of Health and Medical Security Lab at Johns Hopkins University. His current research is focused on the security of electronic medical records. |
I usually keep a low profile here because I'm a lowly private pilot. That said, I've worked on embedded computer systems for the last 20 years and I do know something about them.
The Actel issue revolves around securing the custom programming in their field-programmable gate array chips. These chips are purchased from the manufacturer as blanks and are then programmed to implement complex logic functions. The programming itself requires attached equipment and a development environment of some sort. Although it could be done, reprogramming these parts is virtually never possible through network connections. The real issue here is not the possibility of the chips being maliciously modified, but the possibility of a competitor reading out the programming and duplicating them. The manufacturer claimed that the programmed data was encrypted and impossible to read out and a researcher claims that it is possible to get it out. I'd also point out that most avionics have flash memory chips that are not encrypted and much easier to read out and reprogram than an Actel FPGA chip. Assuming an intruder had access to the avionics bay and wanted to cause trouble, this would be a much simpler approach. |
Teddy R
Don't throw in comments irrelevant (about Y2K) to this issue and that you would appear to know from what you read in the newspaper. I can't speak about whether this one is a real threat or not, but Y2K certainly was and took much effort to resolve. Chapter and verse available if you wish to pursue. Grumpyoldgeek's comments would seem to point to where the security focus should be on this threat. |
Somebody tell me again about the remotely-piloted airliners in our future....
|
Similar comments came up when the A320 first arrived. Anything can happen if we wait long enough, I suppose.
|
i don't think it's something to worry about - i'm sure pretty much all airliners from now will have similar control systems internally. unless someone knows the exact architecture of the systems inside it'll be nigh on impossible to reprogram, let alone decrypt, and recode using similar encryption.
software designers do this kind of coding professionally and thoroughly (one would hope). only the top maybe 1-2% of hacker/programmers in the world would be able to do anything to the system for it to be remotely affected - and the chances of those people getting access to the aircraft for enough time? |
Judging by the original paper, http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf, you need physical access and quite a bit of time. Not very likely to be possible to connect your notebook into the IFE and access the avionics. Be taking flight-sim to a new level.
|
It is not out of this world to have a program embedded surreptitiously in any computer chip that will cause some unpredicted actions at some later date.
|
It's hard enough to connect the maintenance laptop to the beast when you know what you're doing never mind trying to hack in remotely.
Non-story I'm afraid. Typical Daily Mail tripe. Not that the truth should get in the way of a good story. :yuk: |
The 787 has this chip which has this back door, but the 787 does not have any ability to recieve reprogramming instructions into the FMC while airborne.
Data is transmitted to ground stations for monitoring purposes like ADS/CPDLC etc. but the FMCs do not acccept commands unless the cockpit crew choose to accept it. ie route loading, atc clearances etc. The chips if hacked may corrupt the software logic of systems but the worst is a systemic shut down of automation. Those familliar with Boeing system logic will see that when the auto mode is corrupted, it reverts back to primary basic mode; if the system continues to malfunction, the system is isolated! So the threat may exist, but hackers bringing down a 787 is very isolated. |
By all means knock it as "Typical Daily Mail tripe," but the Guardian, admittedly a lefty rag, but one with a higher credibility rating, ran the same story.
Cyber-attack concerns raised over Boeing 787 chip's 'back door' | Technology | guardian.co.uk |
thankfully, there are only about 3 people in the world who know how to do this....
and I know who the other 2 are...so be careful! |
It's hard enough to connect the maintenance laptop to the beast when you know what you're doing never mind trying to hack in remotely. Back when I was at Boeing, the ATE (Automated Test Equipment) people switched from HP-UX systems to Windows. One of the sales pitches our IT people made was that the shop floor techs could access their Outlook e-mail on the ATE consoles while not running tests. There is no faster way to infect a PC than that. :eek: |
One of the sales pitches our IT people made was that the shop floor techs could access their Outlook e-mail on the ATE consoles while not running tests. |
|
| All times are GMT. The time now is 19:44. |
Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.