Bambel
Topic Author
Posts: 127
Joined: Sun Jan 18, 2015 8:38 pm

787 Core Network (Somewhat) vulnerable

Fri Aug 09, 2019 11:07 am

Haven't seen that posted before:
https://www.blackhat.com/us-19/briefing ... work-15716

I wonder how long it takes until the yellow press will jump on that.

The "engineering" part of the 787's software seems to work perfectly, while the "network" part works, but implemented rather weak. Over the decades, software development saw a few changes in main objective. In the early years it was all about squeezing your code in the limited hardware of the time. With more capable hardware came more complex software and without an easy way of providing updates (like the internet) it was all about getting the number of bugs low enough to release. And since the internet it's all about not letting the bad boys in. The last part basically means to have bug-free software.

b.
 
anshabhi
Posts: 2100
Joined: Thu Oct 20, 2016 10:40 am

Re: 787 Core Network (Somewhat) vulnerable

Fri Aug 09, 2019 11:33 am

Chill dude.

If you don't have the source code, you either find the vulnerability or you don't. There's no "somewhat" there.
 
Bambel
Topic Author
Posts: 127
Joined: Sun Jan 18, 2015 8:38 pm

Re: 787 Core Network (Somewhat) vulnerable

Fri Aug 09, 2019 1:52 pm

I am chilled as i think that all this does not pose a significant threat. The system itself seems to work flawless as hundreds of 787 in service proof. On the other hand it shows that the 787 software was designed with a "walled garden" kind of thinking but today that system is connected to the internet so the rules are different. Remember Windows XP? Got completely cought pants down and open like a barndoor to the internet and its threats.

b.
 
Bradin
Posts: 274
Joined: Wed Jun 15, 2016 5:12 am

Re: 787 Core Network (Somewhat) vulnerable

Fri Aug 09, 2019 4:03 pm

Hi Everyone,

I'm at BlackHat this week doing coverage of the event. I attended the press conference, and I'm still trying to catch up with Boeing's PR people for additional information. But my initial takeaway from this is that it's bad for both sides.
 
LH707330
Posts: 2189
Joined: Fri Jun 15, 2012 11:27 pm

Re: 787 Core Network (Somewhat) vulnerable

Fri Aug 09, 2019 4:55 pm

 
Lpbri
Posts: 172
Joined: Tue Sep 27, 2016 7:18 pm

Re: 787 Core Network (Somewhat) vulnerable

Sat Aug 10, 2019 5:23 pm

To note, the "Core Network" is not the same as the "Common Core System". The Core Network is the onboard repository for airplane data and software apps. When the airplane parks at designated gates, the Core Network is updated via wifi. It does not install the software. There are secure and unsecure parts. Yes, it's possible to hack into it. But it's the AMTs responsibility to be sure the software is correct before installing it. If the wifi was compromised, I suppose it's possible to disable it, and install software the old fashioned way.
 
stratclub
Posts: 1303
Joined: Fri Jan 05, 2018 10:38 pm

Re: 787 Core Network (Somewhat) vulnerable

Sat Aug 10, 2019 8:14 pm

Bambel wrote:
I am chilled as i think that all this does not pose a significant threat. The system itself seems to work flawless as hundreds of 787 in service proof. On the other hand it shows that the 787 software was designed with a "walled garden" kind of thinking but today that system is connected to the internet so the rules are different. Remember Windows XP? Got completely cought pants down and open like a barndoor to the internet and its threats.

b.

The "walled garden" is something called robust partitioning and is specified in the ARINC 653 specification. On the 787, IFE and critical systems are separated by being on different servers with software being stored on completely separate MSDs (Mass Storage Devices).
http://air.di.fc.ul.pt/air-ii/downloads ... erac08.pdf
https://en.wikipedia.org/wiki/ARINC_653

Being the author does not have access to an actual 787 or Boeing's CCS software repository, I'm wondering how valid his claims are. I guess with computers, eventually someone will find a vulnerability to hack. So there is always that possibility. I think to hack the critical CCS software or even the EFB software you would have to have access to the source codes, Boeing's software repository and an SST (Software Staging Tool)

Who is online

Users browsing this forum: speedygonzales and 21 guests

Popular Searches On Airliners.net

Top Photos of Last:   24 Hours  •  48 Hours  •  7 Days  •  30 Days  •  180 Days  •  365 Days  •  All Time

Military Aircraft Every type from fighters to helicopters from air forces around the globe

Classic Airliners Props and jets from the good old days

Flight Decks Views from inside the cockpit

Aircraft Cabins Passenger cabin shots showing seat arrangements as well as cargo aircraft interior

Cargo Aircraft Pictures of great freighter aircraft

Government Aircraft Aircraft flying government officials

Helicopters Our large helicopter section. Both military and civil versions

Blimps / Airships Everything from the Goodyear blimp to the Zeppelin

Night Photos Beautiful shots taken while the sun is below the horizon

Accidents Accident, incident and crash related photos

Air to Air Photos taken by airborne photographers of airborne aircraft

Special Paint Schemes Aircraft painted in beautiful and original liveries

Airport Overviews Airport overviews from the air or ground

Tails and Winglets Tail and Winglet closeups with beautiful airline logos