Oh, Wonderful

Continuing with my series on air travel this week, I see this little snippet:

A security researcher has reportedly discovered a code leak in a Boeing 787 Dreamliner that would allow hackers access to the in-flight entertainment system and possibly systems like controls.

I just flew on a 787 last week for my return to Dallas.  Yeah, this makes me feel SO good about flying, when some neckbeard asshole (or, for that matter, some recently-shaved Islamist asshole) could mess around with the airliners’ control system while in the air.

Somebody remind me why I hate the Internet Of Things so much… oh never mind, I just remembered.

“Alexa, go fuck yourself.”
“I’m sorry, Kim, I can’t do that.”

10 comments

  1. As the attack would require hooking up a computer with a keyboard to the aircraft’s computer network, and that’s not going to happen, there’s probably no reason to worry.
    These claims have been made about the 777 and various Airbus models as well, and have the same limits. You need physical access to the internal network infrastructure of the aircraft in order to insert a computer into that network that can then be used to execute the attack.

    It’s the same as DHS warning that a hacker could break into the engine management system of a light aircraft and cause it to give false data to the pilot, but only if he found a way to insert some hardware directly into the aircraft wiring to do that.
    Sure, it can happen, but only if there is a serious breach of security and procedure at the airfield.

    1. “As the attack would require hooking up a computer with a keyboard to the aircraft’s computer network”

      Depending on what they’re trying to do–specifically, if a hypothetical attacker already had a preplanned attack that didn’t require actual typing, this is a far smaller problem than you think–a microcontroller and battery soldered to a USB plug takes up very little space.

      Boeing says that this is not a real vulnerability because there’s other layers protecting the various hardware buses, but of course they would.

      1. you’d still need physical access to the computer systems.
        The article is written to make you think a passenger in flight can take over an airliner, or someone on the ground with a laptop can hook into some WiFi network and do it.

        That’s not the case.

        1. Yeah. I just meant that under circumstances you wouldn’t necessarily (for example) have to plug in a laptop–something the size of a flash drive is a lot less noticeable, and some needs-physical-access exploits can get away with that. Dunno about this one.

  2. A hacker would have physical access to the passenger entertainment system…which has no business being interfaced with the flight-critical systems…

    1. I personally know a man who hacked into a corporation’s mainframe via the security system in Reception. Tell me again about nominally-“discrete” systems.

      1. Given that that system probably needs access to the employee database, not surprising they’re connected.

  3. The Internet of Things.
    What’s the joke that ends: “The First woodpecker would destroy civilization”?
    I keep saying that we’re living through Robert Heinlein’s “Crazy Years”. but I’m beginning to think that Heinlein was an optimist.

  4. of course the entertainment and flight control systems should be completely isolated and airgapped, but sometimes people make mistakes or poor decisions and make connections they shouldn’t.

Comments are closed.