The Boeing 787 Dreamliner aircraft makes its public debut July 8, 2007, amidst employees and special guests outside the Boeing assembly plant in Everett, Washington.
Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.
The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems, an FAA report reveals.
The revelation is causing concern in security circles because the physical connection of the networks makes the plane's control systems vulnerable to hackers. A more secure design would physically separate the two computer networks. Boeing said it's aware of the issue and has designed a solution it will test shortly.
"This is serious," said Mark Loveless, a network security analyst with Autonomic Networks, a company in stealth mode, who presented a conference talk last year on Hacking the Friendly Skies (PowerPoint). "This isn’t a desktop computer. It's controlling the systems that are keeping people from plunging to their deaths. So I hope they are really thinking about how to get this right."
Currently in the final stages of production, the 787 Dreamliner is Boeing's new mid-sized jet, which will seat between 210 and 330 passengers, depending on configuration.
Boeing says it has taken more than 800 advance orders for the new plane, which is due to enter service in November 2008. But the FAA is requiring Boeing to demonstrate that it has addressed the computer-network issue before the planes begin service.
According to the FAA document published in the Federal Register (mirrored at Cryptome.org), the vulnerability exists because the plane's computer systems connect the passenger network with the flight-safety, control and navigation network. It also connects to the airline's business and administrative-support network, which communicates maintenance issues to ground crews.
---------------------------------
This isn't good at all. This shows that the designers of the system didn't think about security as much as they should....and now they are trying to retroactively jam some security in....we all know how this turns out.
And when you think it can't get worse...anyone want to guess how they are going to connect the airborne missile defense lasers? Exactly. Superbad.
No comments:
Post a Comment