Hacker News new | ask | show | jobs
by RyJones 3862 days ago
If the Jeep hack taught me anything, it's that some engineers have a version of "completely isolated" in mind that is not congruent with mine. I have no more faith in Airbus engineering prowess when it comes to networking than Jeep.
1 comments
kintamanimatt 3862 days ago
Cars and planes are built to very, very different standards. The avionics are separated from all systems such as the entertainment by an air gap to prevent such failures from happening.
link
jacquesm 3862 days ago
> The avionics are separated from all systems such as the entertainment by an air gap to prevent such failures from happening.

Well, they should be, but apparently they are not:

http://www.telegraph.co.uk/news/worldnews/northamerica/usa/1...

Whatever you could conclude from that article the bug bounty clause ruling those systems out would suggest they are indeed connected, as does the FBI statement (which appears to have taken a part of the conversation out of context but is in fact later on verified by the wired people as having some basis in fact, other than that the guy did not actually control the aircraft he should not have been able to get as far as he did).

I agree with you those connections really should not exist but there seem to be at least some wires bridging the air-gap, maybe read only, maybe not depending on the kind of plane.

Fortunately there appear to be enough safeguards in place to limit the damage that could be done and from what I understand these have held up. It also seems that the 'hacker' is a bit of a bragger but he got in a lot further than they initially gave him credit for, and in a way that is so simple that it makes you wonder what else they missed. The safeguards now seem to hinge on knowing what commands to issue and how to bypass authentication but that is stuff we see in an internet context on a daily basis so that seems to be - to me at least - very thin ice to skate on.

An airgap would be better and simpler.

link
kintamanimatt 3862 days ago
They generally are separated, however the 787-8 is apparently an exception, having been granted "special conditions" by the FAA in 2008. [1] The A350 has a similar design and I imagine they've also have similar special conditions, although I haven't done more than a cursory search.

[1] http://cryptome.info/faa010208.htm

link
jacquesm 3862 days ago
That's one interesting document. I find it hard to believe these are even negotiable, and given that the trend is towards more features and connectivity between systems that does not bode well for the future. You'd think that the FAA would hold their foot down on physical separation of those systems but that does not appear to be the case, you can connect the two as long as you then put in another layer protect the domains related to information and aircraft management.

Enfin, they presumably know what they're doing, personally I'd prefer for such a bridge to simply not exist.

link
tim333 3862 days ago
The allegations in the Telegraph article seem pretty dubious. It's based on one odd looking bloke saying he could do it. No other evidence. If it was real I presume some security guy would offer to take reports on a plane and demo it or similar but no. http://www.theguardian.com/technology/2015/may/19/hacker-chr...
link
jacquesm 3862 days ago
They are. The guy is a poser, pure and simple. But that poser was able to access some systems by plugging in to a box under his chair that should have been tamper proof, he was able to get a lot further than he should have once he gained access to the socket underneath. And further digging revealed that there are in fact some (presumably one-way) connections between those systems and the more important bits of the aircraft. All in all, in spite of the dubious source and the questionable character of the guy that did this fairly surprising (to me).

If he had not made these stupid claims it would not have made me feel any better about all this.

link