[driven]

I just found this. I hope the aircraft doesn't run Windows.
"Cause of crash: Buffer overrun."

---
Original article (with spiffy picture) is here:
Science and Society

Boeing 787 May Have Security Flaw

January 08, 2008 3:52 PM

Boeing787_070918_main Boeing's new 787 Dreamliner, scheduled to start carrying passengers in November, may have the most unlikely of security flaws, according to Kim Zetter, who writes for WIRED.

The plane will be equipped with online access, so that passengers can surf the web or do work in flight. But Zetter quotes an FAA document warning that "the plane's computer systems connect the passenger network with the flight-safety, control and navigation network. It also connects to the airline's business and administrative-support network, which communicates maintenance issues to ground crews." The FAA's "special conditions" document can be found HERE.

"The design 'allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane,' says the FAA document. 'Because of this new passenger connectivity, the proposed data-network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane.'"

Boeing's Lori Gunter is quoted as saying the FAA document overstates the case. "There are places where the networks are not touching, and there are places where they are," she tells Wired. She says Boeing has been working with the FAA for a number of years on this, and has agreed on tests that will be done well before the plane carries paying passengers.

(Image courtesy Boeing.)

[imitchellg5]

The 787 hasn't even flown yet. It's not a finished product. They'll find out whether it matters or not. Boeing has a very extensive field testing program, so I wouldn't be worried.

[mduell]

Misunderstood and overblown.

[residentEvil]

just like my cell phone and GPS cause havoc with the plane's electronics; now my laptop can too!

[driven]

"We have been cleared for landing. At this time we are going to ask you to stop your onboard systems hacking until we arrive at the gate and the captain turns off the seat belt sign."

[ghporter]

It would be incredibly stupid for anyone to intentionally allow passengers to have ANY access to the aircraft's systems in any way. It MUST be something that Boeing is aware of and I can't imagine them intending to keep a single network in the production aircraft. How could you bill? "Captain, your network time comes to $56,730 plus tax." This has to be, as mduell puts it, "misunderstood and overblown." But this is from Wired, right? 'Nuf said?

[- - e r i k - -]

Originally Posted by imitchellg5 

The 787 hasn't even overflown yet.

Fixed.

[Tyler McAdams]

I've read a lot about this flaw but I can not find anywhere what type os OS we're talking about here. Does anybody know what the OS used is?

[mduell]

DailyTech - Boeing 787 Network Vulnerability Reports "Misleading"

Originally Posted by Tyler McAdams 

I've read a lot about this flaw but I can not find anywhere what type os OS we're talking about here. Does anybody know what the OS used is?

Various RTOS, including VxWorks.

[ghporter]

That's what I thought. For everyone's information, when one monitors traffic through a boundary firewall, one is not interacting with the users' traffic, and the users can't reach the system that's accessing the management interface of the firewall. They are about as separate as you can get and still be powered by the same electrical grid. The DailyTech article alludes to the connection between the aircraft network and the passenger network as similar to this.