Ethiopian plane crash
Discussion
b
hstewie said:
hstewie said: Doesn't get any better for Boeing https://www.darkreading.com/vulnerabilities---thre...
What the Researchers were getting in to was the pilots 'Crew Information System'. A bit like a text message system.What they were not getting in to was the Avionics suite.
'Santamarta conducted his research in a lab setting and notes that the ultimate effect on the avionics system is unclear without access to an actual 787 aircraft. Even so, he says, an attacker exploiting the firmware could bypass security controls on the network and reach the avionics network. He or she then could attempt to update firmware of avionics systems, for instance, he says.'
He can say what he likes in a lab.
When I go out to reprogram a jet (not a 787), I take with me a maintenance laptop, an Interface adaptor, and a box of cables to connect everything up. I have to specifically identify the jet I am working on AND the serial number of the computer I am reprogging. I still can't do anything until I have switched a guarded switch in the cockpit and pulled circuit breakers.
The article goes on about 'GateLink' enabling firmware updates. I would imagine that at the very least they would require Serial numbers, switches/CBs to enable maintenance activities and the aircraft to be on the ground (Weight-on-Wheels) to do this.
FF
Eric Mc said:
Eric thanks, I've watched one of his other videos on this and they're great albeit about a sad circumstance.Fat Fairy said:
bhstewie said:
hstewie said: Doesn't get any better for Boeing https://www.darkreading.com/vulnerabilities---thre...
What the Researchers were getting in to was the pilots 'Crew Information System'. A bit like a text message system.What they were not getting in to was the Avionics suite.
'Santamarta conducted his research in a lab setting and notes that the ultimate effect on the avionics system is unclear without access to an actual 787 aircraft. Even so, he says, an attacker exploiting the firmware could bypass security controls on the network and reach the avionics network. He or she then could attempt to update firmware of avionics systems, for instance, he says.'
He can say what he likes in a lab.
When I go out to reprogram a jet (not a 787), I take with me a maintenance laptop, an Interface adaptor, and a box of cables to connect everything up. I have to specifically identify the jet I am working on AND the serial number of the computer I am reprogging. I still can't do anything until I have switched a guarded switch in the cockpit and pulled circuit breakers.
The article goes on about 'GateLink' enabling firmware updates. I would imagine that at the very least they would require Serial numbers, switches/CBs to enable maintenance activities and the aircraft to be on the ground (Weight-on-Wheels) to do this.
FF
I’ve talked about this with our avionics guys and engineers also and they had the same conclusion as you. There’s also been a lot on information from Boeing about it over the years.
Fat Fairy said:
bhstewie said:
hstewie said: Doesn't get any better for Boeing https://www.darkreading.com/vulnerabilities---thre...
What the Researchers were getting in to was the pilots 'Crew Information System'. A bit like a text message system.What they were not getting in to was the Avionics suite.
'Santamarta conducted his research in a lab setting and notes that the ultimate effect on the avionics system is unclear without access to an actual 787 aircraft. Even so, he says, an attacker exploiting the firmware could bypass security controls on the network and reach the avionics network. He or she then could attempt to update firmware of avionics systems, for instance, he says.'
He can say what he likes in a lab.
When I go out to reprogram a jet (not a 787), I take with me a maintenance laptop, an Interface adaptor, and a box of cables to connect everything up. I have to specifically identify the jet I am working on AND the serial number of the computer I am reprogging. I still can't do anything until I have switched a guarded switch in the cockpit and pulled circuit breakers.
The article goes on about 'GateLink' enabling firmware updates. I would imagine that at the very least they would require Serial numbers, switches/CBs to enable maintenance activities and the aircraft to be on the ground (Weight-on-Wheels) to do this.
FF
In system designs, sometimes assumptions are made that a person needs access via your controls to make a change, therefore no sanity checks are made once passed the approved update entry point. If you can circumvent this first stage, you’re in and you’re in with complete control and no challenge.
El stovey said:
Absolutely. You can’t just plug in a laptop in the flightdeck and access stuff. There’s loads of switches and steps that this guy ignores.
I’ve talked about this with our avionics guys and engineers also and they had the same conclusion as you. There’s also been a lot on information from Boeing about it over the years.
Are your guys hax0rs? The amount of times I’ve embarrassed engineers, architects, experts by showing their assertions to be wrong is unfortunately why I’m in work.I’ve talked about this with our avionics guys and engineers also and they had the same conclusion as you. There’s also been a lot on information from Boeing about it over the years.
If something shares a bus and is not 100% physically separated, it’s at risk.
George Smiley said:
Fat Fairy said:
bhstewie said:
hstewie said: Doesn't get any better for Boeing https://www.darkreading.com/vulnerabilities---thre...
What the Researchers were getting in to was the pilots 'Crew Information System'. A bit like a text message system.What they were not getting in to was the Avionics suite.
'Santamarta conducted his research in a lab setting and notes that the ultimate effect on the avionics system is unclear without access to an actual 787 aircraft. Even so, he says, an attacker exploiting the firmware could bypass security controls on the network and reach the avionics network. He or she then could attempt to update firmware of avionics systems, for instance, he says.'
He can say what he likes in a lab.
When I go out to reprogram a jet (not a 787), I take with me a maintenance laptop, an Interface adaptor, and a box of cables to connect everything up. I have to specifically identify the jet I am working on AND the serial number of the computer I am reprogging. I still can't do anything until I have switched a guarded switch in the cockpit and pulled circuit breakers.
The article goes on about 'GateLink' enabling firmware updates. I would imagine that at the very least they would require Serial numbers, switches/CBs to enable maintenance activities and the aircraft to be on the ground (Weight-on-Wheels) to do this.
FF
In system designs, sometimes assumptions are made that a person needs access via your controls to make a change, therefore no sanity checks are made once passed the approved update entry point. If you can circumvent this first stage, you’re in and you’re in with complete control and no challenge.
eccles said:
I think the point being made was with the boxes in the lab in front of you, you can hack them, but when they're physically fitted to an aircraft, it's not such a simple thing to do as there are many more hoops to to jump through, not least of which would be physically getting access to the aircraft.
Certainly makes it harder. By no means impossible, for example stuxnet. George Smiley said:
Are your guys hax0rs? The amount of times I’ve embarrassed engineers, architects, experts by showing their assertions to be wrong is unfortunately why I’m in work.
If something shares a bus and is not 100% physically separated, it’s at risk.
That is one of the problems for a hacker, yes. The Flight Control Computers will not be on the same databus as the Communications.If something shares a bus and is not 100% physically separated, it’s at risk.
I thoroughly enjoyed the 'hacker' opening the A400 para door in the last MI movie. I was a bit annoyed when I got back to work and had to use a handle...
FF
Fat Fairy said:
That is one of the problems for a hacker, yes. The Flight Control Computers will not be on the same databus as the Communications.
I thoroughly enjoyed the 'hacker' opening the A400 para door in the last MI movie. I was a bit annoyed when I got back to work and had to use a handle...
FF
Yes that made me laugh but at the same time the issues with the boring architecture may be susceptible to attack. I thoroughly enjoyed the 'hacker' opening the A400 para door in the last MI movie. I was a bit annoyed when I got back to work and had to use a handle...
FF
Give the chaps a plane to try on.
George Smiley said:
Yes that made me laugh but at the same time the issues with the boring architecture may be susceptible to attack.
Give the chaps a plane to try on.
It does raise an interesting question of whether any kind of pen testing of that kind of thing is mandated as part of the certification?Give the chaps a plane to try on.
bhstewie said:
hstewie said: It does raise an interesting question of whether any kind of pen testing of that kind of thing is mandated as part of the certification?
I would imagine the assertion that entertainment bus can’t talk to controls bus is sufficient Certainly I know of inflight entertainment systems that have been broken into. Why give a bloody active USB port for charging?
George Smiley said:
I would imagine the assertion that entertainment bus can’t talk to controls bus is sufficient
Certainly I know of inflight entertainment systems that have been broken into. Why give a bloody active USB port for charging?
Beats me given there are cheap alternatives.Certainly I know of inflight entertainment systems that have been broken into. Why give a bloody active USB port for charging?
Then again it beats me how it sounds as if a plane was flying because the manufacturer said it could and was taken at face value.
bhstewie said:
hstewie said:George Smiley said:
I would imagine the assertion that entertainment bus can’t talk to controls bus is sufficient
Certainly I know of inflight entertainment systems that have been broken into. Why give a bloody active USB port for charging?
Beats me given there are cheap alternatives.Certainly I know of inflight entertainment systems that have been broken into. Why give a bloody active USB port for charging?
Then again it beats me how it sounds as if a plane was flying because the manufacturer said it could and was taken at face value.
El stovey said:
Absolutely. You can’t just plug in a laptop in the flightdeck and access stuff. There’s loads of switches and steps that this guy ignores.
I’ve talked about this with our avionics guys and engineers also and they had the same conclusion as you. There’s also been a lot on information from Boeing about it over the years.
Are you sure you can trust the laptop? If I wanted to do something ghastly (in terms of software) to an aeroplane, I’d target stuff that gets plugged into it. I’ve talked about this with our avionics guys and engineers also and they had the same conclusion as you. There’s also been a lot on information from Boeing about it over the years.
When pilots ignore cyber folk because the engineers said no.
Chaps read up on stuxnet the reason folks like me make a living is because engineers and project managers don’t think outside the box.
I’m not saying it’s possible, I’m saying it’s not impossible until proven otherwise. Even myself, I’ll design a system without security checks which is fine if the archtecture (if followed) removes any potential risk from the outside.
If the entertainment bus is completely physically separated then fine but otherwise you would hope there’s adequate checks (such as signed communications). I’m going to bet my right kidney they don’t have such a check as it’s never been anticipated that it would be necessary.
On top of the above I’ve see systems we tested and approved later get amended resulting in data pathways that removed the trust model but no one thought about that element. Look at remote hacking of cars, you think plane avionics are less susceptible?
A swissair entertainment system caused a flight to crash due to overload in the wires. Could someone playing with the entertainment systems controller on a Dreamliner cause the battery temps to go too hot ? Was that even tested?
If you think this is OTT then ask yourself what testing happened with MCAS or how it became a bigger problem after the original architecture was changed.
Chaps read up on stuxnet the reason folks like me make a living is because engineers and project managers don’t think outside the box.
I’m not saying it’s possible, I’m saying it’s not impossible until proven otherwise. Even myself, I’ll design a system without security checks which is fine if the archtecture (if followed) removes any potential risk from the outside.
If the entertainment bus is completely physically separated then fine but otherwise you would hope there’s adequate checks (such as signed communications). I’m going to bet my right kidney they don’t have such a check as it’s never been anticipated that it would be necessary.
On top of the above I’ve see systems we tested and approved later get amended resulting in data pathways that removed the trust model but no one thought about that element. Look at remote hacking of cars, you think plane avionics are less susceptible?
A swissair entertainment system caused a flight to crash due to overload in the wires. Could someone playing with the entertainment systems controller on a Dreamliner cause the battery temps to go too hot ? Was that even tested?
If you think this is OTT then ask yourself what testing happened with MCAS or how it became a bigger problem after the original architecture was changed.
George Smiley said:
With all due respect FF you’ve missed the point. As a legitimate end user, you are forced through all the checks and balances but an attacker circumventing the procedures you mention may not have to.
In system designs, sometimes assumptions are made that a person needs access via your controls to make a change, therefore no sanity checks are made once passed the approved update entry point. If you can circumvent this first stage, you’re in and you’re in with complete control and no challenge.
Exactly - blind faith. I’m an ex tester - you need to consider all vectors.In system designs, sometimes assumptions are made that a person needs access via your controls to make a change, therefore no sanity checks are made once passed the approved update entry point. If you can circumvent this first stage, you’re in and you’re in with complete control and no challenge.
If they had access to the firmware, they could modify it and place it back on the server ready for a tech ‘following all the correct process’ to upload it to the plane for you with your own backdoor embedded.
This is what is alleged to have happened to server management controllers (bmc), which means hackers have access to a server even when it’s not even powered on let alone running an operating system.
I’m sure there’s no such thing as Norton Antivirus - Boeing 787 edition - which means exploits and back doors go unnoticed.
Read the edward snowden files to see how the spooks target the firmware to get underneath the OS running on a firewall for example.
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff