The new Boeing 787 Dreamliner has been widely reported as a feat of technological engineering. The plane has three separate networks on-board: an administrative network, a flight control/navigation network, and a passenger network. Everything about this plane seems cool from the Ethernet jacks in the armrest of every seat, to the completely computerized flight controls system, to the ability for the plane to automatically adjust humidity settings based on the number of passengers on-board. There’s just one problem. Reports indicate[foxnews.com] that the three networks (administrative, flight, and passenger) are not completely separated. There is at least the ability for one-way communications from one of the networks to another. But unless this is a connectionless, no guarantee of delivery, UDP-like fire-the-message-and-hope-it-arrives communications protocol, there are obviously two-way connections, even if control information was designed (in software) to be transmitted in only one direction.
So these networks are not air-gapped, the only foolproof way to prevent one network from talking to another. To make matters worse, it seems that the administrative network is accessible via Wi-Fi (for maintenance personnel), particularly while the aircraft is sitting at the gate. So a sufficiently skilled 16-year-old Johnny Q. Hacker could sit comfortably in an airport terminal with his laptop and attempt to hack into a 787′s administrative network.
I hope they are using WPA2 with AES encryption and rolling keys…
Brett is a Founder and the Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.
More Posts - Twitter
