Posted on 03/11/2014 10:28:03 AM PDT by Red Badger
FULL TITLE:
Special Conditions: Boeing Model 777-200, -300, and -300ER Series Airplanes; Aircraft Electronic System Security Protection From Unauthorized Internal Access
EXCERPT:
Discussion
The integrated network configurations in the Boeing Model 777-200, -300, and -300ER series airplanes may enable increased connectivity with external network sources and will have more interconnected networks and systems, such as passenger entertainment and information services than previous airplane models. This may enable the exploitation of network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the airplanes and occupants. This potential exploitation of security vulnerabilities may result in intentional or unintentional destruction, disruption, degradation, or exploitation of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate these types of system architectures. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities which could be exploited by unauthorized access to airplane networks and servers. Therefore, these special conditions are being issued to ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections between the airplane information services domain, aircraft control domain, and the passenger entertainment services.
For the reasons discussed above, these special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.
Indonesia, most likely, from the looks of it.
Bill Clinton did along with our universities and hi-tech businesses hiring H1B goons.
The world’s most populous Muslim country?..........That would ignite a world war with the entire Muslim world..........oh, wait...........
Why? Has that stopped China from killing their own people before?
But I agree with those that say China would simply buy a 777 if they wanted to reverse engineer it. And they probably have sufficient information anyway.
They can just buy one from Boeing if they want to.
Now, since this is likely custom, it would be the best time to hijack a plane by grabbing the pilot with a knife to his throat cuz no one is going to jump the perp at this point.
The thing is somewhere. Any hostages are dead.
Sure is a puzzle...my guess is still a terrorist...with a suitcase.
Smells like a hijacking, but was the pilot and co-pilot in on it, and what did the hijackers do, kill all the passengers, throw them into the ocean, paint the plane a nice new color, fill it up with nukes and use it at a later date?
Perhaps not intentionally provided, but its there nonetheless.
There is a gent named Hugo Teso, a commercial pilot, who wondered whether you could treat a commercial heavy aircraft like you would a computer on the internet.
He’s part of a company called n.runs Professionals, and they do security research.
In April 2013 he gave a presentation for the BlackHat conference that not only shows you can do it, he did it, and he details the exact steps for doing it.
These aircraft use the Automatic Dependent Surveillance-Broadcast (ADS-B 101) which is a ‘radar substitute’. It has a data rate of 1Mbit/sec, and its used for locating and plotting large targets.
It can be exploited either for passive surveillance or you can do message jamming, replaying, or injection.
It has no security on it as late as April 2013.
Then there is ACARS 101 - the Aircraft Comms Addressing and Reporting System, which is a digital datalink for transmission of messages between aircraft and ground stations.
Monoalphabetic cyphers are as sophisticated as the security on that system gets. It can be accessed worldwide and you have access to detailed flight and aircraft info.
Then there is the FMS, the Flight Management System. This was the basis for the demo. n.runs bought an FMS off of e-bay. They bought an ACARS for around $10.00 used. They bought an FMS training package that uses actual aircraft codes for $90.
They then used a Software Defined Radio - works like a hardware radio except that the hardware components are implemented by means of software.
The Flight Management System is the link to Inertial Reference, Air Data, Nav Receivers, Engine and Fuel Systems, Surveillance Systems, Flight Controls, Aircraft Displays, the MCDU, and the air to ground data link. It’s bi-directional, meaning you can read from and send to all of those component flight systems.
So, if you understood none of that, the plane is as secure as the WiFi at Starbucks and you can read from and send data to any system connected to the FMS, including the autopilot.
That doesn’t mean this is what happened here, but it does mean that, currently, you average commercial heavy is as secure as a pallet of heroine in Detroit on Devil’s night.
www.48bits.com is where you can investigate Hugo Teso. I sourced this from his powerpoint preso from BlackHat.
I agree its probably in Yemen now.
Believe me, I understood ALL of that...............and it’s terrifying............
As you say, it doesn’t mean that’s what happened in this case, but I would not rule it out. Clever, nefarious people with destruction on their minds is all it takes...........And if you and I know it, then it must be knowledge that is openly available to them............sickening............
Not that I know of. Freescale used to be Motorola Semiconductor..............
READ post #48.....It will scare the heck out of you.............
Jeepers.
SO, with a few clever programmers and a couple of hundred dollars of hardware and software, they can commandeer a jumbo jet and do with it as they may..........
All this speculation on control of the aircraft is a pipe dream. Professional pilots monitor the heading and course constantly. If there is a deviation of any significance, the pilot can disconnect the autopilot and fly it manually, thus eliminating any outside manipulation of the airplane.
That appears to be the case.
Sounds like a modern version of Airport ‘77.
Wonder what was in the cargo hold (or carryon...diamonds?)...
The disquieting aspect of this sort of exploit is that it isn’t ‘special knowledge’. These are system components that are well understood internationally. They have to be, even in the third world.
In a way, it’s like placing a bank’s ATM machine on the ‘honor system’. “We don’t know who you are, but you look like a decent sort, since you have to be smart enough to know how a commercial heavy works and all . . . “
If 9/11 should have done ANYTHING, it should have shaken people to the realization that a plane SHOULD KNOW who is flying it, and who is giving it advice from the ground, and if it doesn’t, it should be smart enough to hold at an altitude. That a pilot lands at the wrong airport in this day and age is ridiculous, for example.
Put the three letter airport code into the FMS and that should address that issue, same as when the bitch in your GPS starts nagging you when you missed your turn 0.3 miles ago.
If we want guns that know who is holding and shooting them, shouldn’t that tech spring from the absolute certitude that we would want to know who is flying and landing a commercial heavy?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.