Re: I'm no sysadmin
But given the incredibly conservative nature of the aero industry, how did they end up with 3 separate systems that have ANY connections at all? I'd have assumed they were totally independent systems.
Or is the fact you can't get into the system (no WiFi or handy ethernet sockets) used as a claim of security - like how even an unpatched XP box is perfectly safe as long as it never goes on the internet and has all its USB ports ripped out?
Of course now WiFi IS starting to appear on planes, and they let you use your own devices to access in-flight entertainment, any such 'air-gapping' is threatened. Is that what's happening here?
Genuinely interested, if anyone can explain or point me at a good article.
Happy to oblige. Avionics systems are not built out of PCs running Linux and the flavour of Ethernet or WiFi that we're all used to in our PCs and servers..
Typical component parts include INTEGRITY, a rock-hard formally developed embedded RTOS ideal for this kind of application (you can't beat it for process separation): AFDX - Ethernet tweaked to give deterministic transfer rates / latencies: CPUs without things like speculative execution (certain types of PowerPC is really good for real time systems): data diodes / air gaps - literally physical data links that go only one way (e.g. a single strand of fibre optic), ideal for getting data out of, say, the avionics systems and into the in flight entertainment without exposing a physical return path for passenger-delivered nasties. Both Airbus and Boeing use a lot of the same technology for a very good reason; it's the most appropriate for the task.
The problem with the 737MAX is that they've tried to imbue it with more software sophistication without (AFAIK) using these things, and without appropriate architectural design either.
Radio links (e.g. WiFi) aren't used on critical systems - it's near impossible to prove that it'll work all the time, with complete dependency. A cable, properly assembled and properly installed and not interfered with, won't ever break. And of course you run several through different routes, just in case.
Some aspects of what Boeing have been doing of late are exceptionally poor (e.g. MCAS, the evident supremecy of their beancounters over engineers and test pilots, etc), but I don't see any particular reason to doubt the architecture or implementation of the discussed systems on 787. Though it is supremely unfortunate to have left a load of source code lying around for all to see...
What's particularly lame about the presentation reported in this article is that some extremely lazy speculations have been made, when even the most cursory of glances at the Wikipedia page for the Boeing 787 would indicate that Boeing have data dioded / air-gapped the 3 networks. It's trivial to correctly use an air gap to make it very impossible for a software nasty to be able to traverse the wrong way across that gap. Assuming Boeing have at least mastered that, I think that IOActive have rather made fools of themselves. I wonder if they're short of business at the moment?
(BTW I'm not associated with Boeing in anyway whatsoever).