Hacking the Friendly Skies

[bkdelong]

I know, the title is totally cliche but horribly, disappointingly true. According to this doc from Cryptome, the same network that the inflight entertainment kiosks run on the new Boeing 787-8s also host the Flight-safety-related control and navigation and required systems (aka Aircraft Control Domain) and the Airline business and administrative support (aka Airline Information Domain).

Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems that provide flight critical functions. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities that could be caused by unauthorized access to aircraft data buses and servers. Therefore, special conditions are imposed to ensure that security, integrity, and availability of the aircraft systems and data networks are not compromised by certain wired or wireless electronic connections between airplane data buses and networks.

Absolutely unbelievable. In theory, someone could access the systems controlling the plane from the seats and crash them or possibly even control them. It's also possible that someone could access the Airline Information Domain on the ground and hack into the same in-flight Aircraft Control Domain. They're all on the same network!

From what I gather, the only plan is to put in a "firewall" rather than to "air gap" or put the systems on different networks. It says the flight crew will be able to disable passenger access to the other two systems but I'm not impressed. This article from earlier in the year showing how to crash all other Inflight Entertainment Kiosks from a single one does not make me any more confident.

I am far from a person who would spread FUD but this is ridiculous. I'm guessing (hoping) that the release of this information will pressure Boeing and airlines to air gap the systems from each other. Then we can cease the speculation that such vulnerabilities could crash a plane or allow a plane to become a remotely-guided bomb.

ETA: I told my wife this story with what I can only guess was wild eyes and flailing (Paul Gross) arms her response was: "oh - so they can track what you're watching?" focusing on the clear invasion of privacy angle. I assumed that was part of the package re: inflight entertainment.

So I explained that no - it was the chance that evil hackers could break into the Aircraft Control Systems from the Inflight Entertainment! (sounding like many vendor companies and security charlatans I've interacted with). Her response again? "Eh - highly unlikely". So I sputtered a bit declaring loudly that the systems should be "air gapped" and that there have been similar critical infrastructure vulnerability scenarios declared "highly unlikely" usually shortly before someone (usually benevolent) finds a glaring hole easily exploited or some stupid idiot kid blunders into some Flood Control System or Air Traffic Control system of a small airport and unwittingly causes minor damage.

I don't really want to wait to be in the air for some security researcher to figure out if they can cause the flight controls to crash due to a buffer overflow initiated via the seat-based inflight entertainment. Please, no. Thanks.

Comments

[jtdiii.livejournal.com]

The major ATC systems tend to be air gapped...

And until recently they were 1960s and 1970s era equipment that most young hackers would have a hard time hacking.

[bkdelong.livejournal.com]

Exactly...so why the change?

[jtdiii.livejournal.com]

Some strange resistance to wire wrapped boards and a total of 64K of magnetic core memory on the server...

[bkdelong.livejournal.com]

Actually, no. One of my colleagues in information security has suggested the exorbitant costs of Internet access while in the air and the desire to stop relying on ground communications and radio relay in favor of more real-time information is driving the consolidation of all 3 functions onto a single service/pipe.

Regardless, I think it's stupid and dangerous.

[jtdiii.livejournal.com]

Sorry, I was answering why they have been upgrading the ATC system...

[lediva.livejournal.com]

Ick. Any way to find out which airlines are using these planes? I suspect coordinated contacts to them saying "I refuse to patronize your airline (or at least flights on 787-8s) until this is fixed, as I would feel unsafe." could make a difference.

[lediva.livejournal.com]

Not to mention... publicize this, contact the media, etc.

I mean, the media's real good at spreading FUD, and I'm not unconvinced that wouldn't be a bad thing in this case.

[bkdelong.livejournal.com]

The time to freak out about this is not yet. Now that it's making the rounds it should get a firm footing in the security community. I bet if I rode on a 787 and passed out fliers of just the paragraph with the vulnerabilities mentioned I'd get arrested and banned for incitement.

Unfortunately, it look like there's orders for *677* of these with 25 of them belonging to a single carrier - Air Berlin. Yikes.

[bkdelong.livejournal.com]

Yes - a nice concise list on Wikipedia with citations. Per usual, YMMV.

[lediva.livejournal.com]

Whoa. I'm watching a story on CNN about this right now.