[SystemSafety] Hacking a Boeing 777 electronically
Todd Carpenter
todd.carpenter at adventiumlabs.com
Mon Mar 17 14:58:09 CET 2014
> Just one small nit-pick about the article, in the "third point":
Peter's post is correct.
> QAR may be a passive device only because it chooses to be so.
> What I mean is that the bus connection hardware might
> be capable of use both as transmitter and receiver,
> but the software only uses the receiver parts.
That is not an appropriate model of how ARINC 659 works. In ARINC 659, statically scheduled
hardware controls (1) which module transmits, when, and from which buffer, and (2) which module
receives, when, and into which buffer. Only data moves on the backplane, not addresses (either of
LRMs or buffers).
> If there were a vulnerability which permitted injection of
> arbitrary code, it *might* be possible to turn it into an active
> device.
Not a valid hypothesis for ARINC 659. Even if an attacker somehow completely rewrote QAR from the
bottom up, they still could not inject extra data on the bus without a hardware update. Such
hardware updates require significant physical access. Furthermore, calculating the updates (e.g.,
adding a new message) so that it doesn't just break everything else is itself a computationally
complex challenge requiring knowledge of distributed functionality which is not visible from any
single LRM, or even the backplane itself.
-TC
On 3/17/2014 3:23 AM, David Haworth wrote:
> Just one small nit-pick about the article, in the "third point":
>
> QAR may be a passive device only because it chooses to be so.
> What I mean is that the bus connection hardware might
> be capable of use both as transmitter and receiver,
> but the software only uses the receiver parts.
>
> If there were a vulnerability which permitted injection of
> arbitrary code, it *might* be possible to turn it into an active
> device.
>
> Still seems fairly unlikely though.
>
> Dave
>
> On 2014-03-17 09:05:32 +0100, Peter Bernard Ladkin wrote:
>> An article in the Sunday Express suggested that MH 370 could have been electronically commandeered
>> by, of all things, a mobile phone from the cabin. After all, this was shown in Amsterdam last year,
>> wasn't it?
>>
>> The answer is no. To both.
>>
>> I had a discussion about it on a closed specialist list yesterday. This post is the result.
>>
>> http://www.abnormaldistribution.org/2014/03/17/hijacking-a-boeing-777-electronically/
>>
>> PBL
>>
>> --
>> Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
>> Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
>>
>>
>>
>>
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety at TechFak.Uni-Bielefeld.DE
>
> ----------------------------------------------------------------
> Please note: This e-mail may contain confidential information
> intended solely for the addressee. If you have received this
> e-mail in error, please do not disclose it to anyone, notify
> the sender promptly, and delete the message from your system.
> Thank you.
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>
More information about the systemsafety
mailing list