[Secgeeks] Hacking a 787 DreamLiner

Dave Klug klugds at gmail.com
Sat Jan 19 00:47:16 EST 2008 

whoa!  maybe the onboard hacker would be reluctant to hack the plane or
bypass the infinitely superior <grin> navi/maintenance firewall, but as they
say communications are a 2 way runway.

now anybody could potentially access a computer on the plane from the
ground, (think of a poorly configured laptop on the plane previously
compromised full of spyware and ftp porn, of the frequent business
traveler), and use it against the plane...how does routing work again?

:)

-d

On Jan 8, 2008 8:42 AM, F1sh <f1sh at verizon.net> wrote:

> So now I'm wondering about airtrn's 7u17s (on one now, not about to start
> nything!)
>
> __________________________
> sent from a portable gadget
>
> -----Original Message-----
> From: "David A. Cafaro" <dac at cafaro.net>
> To: secgeeks at shmoo.com
> Cc: "Raven Alder" <raven at oneeyedcrow.net>; "Matt Fisher" <f1sh at verizon.net
> >
> Sent: 1/8/08 10:08 AM
> Subject: Re: [Secgeeks] Hacking a 787 DreamLiner
>
> And here is a great article describing it all:
>
> http://www.avtoday.com/av/categories/maintenance/932.html
>
> Bow to my firewall is right, that's what they've got separating them:
>
> "A firewall in the core network cabinet isolates lower-criticality,
> cabin applications from higher-criticality, flightdeck systems."
>
> Oh, and even more interesting tid bits:
>
> "Honeywell's crew information system is a network of applications
> that includes EFB and a secure crew wireless local area network
> (LAN). "CIS is really an infrastructure that is going to be installed
> as a server on the airplane [Collins' core network cabinet] that
> provides network security for a kind of airplane intranet," Morrow
> says. "We're also providing wireless LAN interfaces to the hardware
> and software, allowing the offloading of information wirelessly when
> [the aircraft is] close to a terminal--similar to systems in the past
> called gatelink.""
>
>
> Technically very cool, security wise extremely scary.  I get the
> impression that they never consulted anyone with experience in
> securing a network connected to the public network.  It's as if they
> were designing it like it was isolated when it's not.
>
> _______________________________________________
> Secgeeks mailing list
> Secgeeks at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/secgeeks
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/secgeeks/attachments/20080118/b32999f6/attachment.htm

More information about the Secgeeks mailing list