[frevd]

Fine. You authorize the whole crew, not by fingerprint and not by code, but by voice recognition and secret code words per person. Then you allow the override to be overridden by a majority (recursively). Sounds way better than making the door break when a majority of people kicks at them. It is faster than remembering and entering codes, and cannot be overridden by one sick authorized person. An attacker would have to control the whole crew to make them do what he wants, to a level where they actually speak the secret words. In an event where the crew anticipates a crash, giving in on pressure would be the worst option to take.

To prevent attackers from muting all but the required majority of crew members, sensors all over the plane must be able to record any emergency code words spoken in the event of an attack, which will enact certain security measures (depending on the code word could lock or unlock the possibility to enter the cockpit, notify air security etc). This system should of course not be able to be deactivated.

And if you really wanted to make things sure, you could install majority-authorization buttons on every seat setup to be pressed by a percentage of boarded people within a period of mere seconds, which would allow the people on the plane to make a decision. For an attacker it is not possible to make all those people press the button, since he would not know who is not complying.

Of course you can also have some remote mechanism of unlocking, although the security implications of remote authorization and transmission of commands would be complicated to get right and open too many attack vectors.

[ceejayoz]

> Then you allow the override to be overridden by a majority (recursively).

Thus rendering the doors essentially useless, as hijackers threaten to kill passengers one-by-one until the crew (who will generally outnumber the 1-2 people in the cockpit) open the door.

[ptaipale]

I guess you are making fun of someone, but that is a good demonstration why too complex procedures are not a good idea.

Any procedure that aircraft crew is supposed to handle also needs to be something that is trained, memorized, and practiced regularly. Certain simplicity is ideal.

[frevd]

No. It is certainly not my intention to make fun of the case that a copilot is able to control a machine and crash it at his will. Lufthansa is saying "there is no system that can prevent this kind of incident". They will have to take the possibility into account that you have to protect the plane against an authorized person as well, and think about possible solutions to this problem. Solving conflicting interests is not an easy task.

[frevd]

In summary, there must be mechanisms to de-authorize personal, by means of majority vote. To prevent an attack vector, biometric systems need to be used to verify other authorized personal safely (it might be far fetched, but measuring certain stress hormons might prevent attackers from controlling authorized personal and using them to override controls as well, and likewise, other authorized people must be able to act, e.g. by having controls that cannot be blocked by any means (re voice recorders all over the plane to enable or disable locks etc, again by majority vote)). Does that sound too futuristic? I wouldn't want to board a plane if I cannot be sure that any and all cases are covered.

[tedunangst]

Or we can not do all that.