back to article Pen Test Partners: Boeing 747s receive critical software updates over 3.5" floppy disks

Boeing 747-400s still use floppy disks for loading critical navigation databases, Pen Test Partners has revealed to the infosec community after poking about one of the recently abandoned aircraft. The eye-catching factoid emerged during a DEF CON video interview of PTP's Alex Lomas, where the man himself gave a walkthrough of …

  1. DougMac

    Honestly..

    Honestly, in this day and age, I'd *rather* information updates to the avionics systems came on something like floppy disk rather than tethering to the Internet.

    Sure, they could upgrade to Flash disk or something. But then again, the 747 was first produced in _1968_

    I'd imagine there have been quite a few package upgrades since then.

    1. Version 1.0 Silver badge

      Re: Honestly..

      It looks modern to me, I still have a pile of 9-track tapes and a few cartridges in a box.

      1. HildyJ Silver badge
        Angel

        Re: Honestly..

        At least they weren't 5 1/4 inch floppies (of which I have a few still floating around).

        Ah, the good old days when floppies flopped.

        1. harmjschoonhoven

          Re: Honestly..

          At least they weren't 5 1/4 8 inch floppies (of which I have a few still floating around). FTHFY

          1. Alan Brown Silver badge

            Re: Honestly..

            Hard or soft sectored?

            1. The Man Who Fell To Earth Silver badge
              Alert

              Re: Honestly..

              At least they weren't using Zip drives. If they had, the "Click of Death" might have been literal.

              1. Nevermind

                Re: Honestly..

                I think some do...I sold some unused surplus a few (4? 5?) years back to a guy who worked for a company that supplied nav data to some aircraft. Haven't flown since as I can't remember which plane type it was.

          2. Doctor Syntax Silver badge

            Re: Honestly..

            And many, many more of us thought along the same lines!

      2. Louis Schreurs Bronze badge

        Re: Honestly..

        I STILL have a notepad (paper) and pencil (wood).

    2. Blackjack Silver badge

      Re: Honestly..

      Unfortunately any non flat floppy disk, more so those made from the middle of the 90s and up fail terribly.

      I say that from personal experience. Heck not even using RAR compressed files with recovery file included to store files could save stuff from the crappy things sometimes.

      Flat floppy disks may not be eternal but the ones I had lasted about two decades working just fine.

      1. Will Godfrey Silver badge
        Happy

        Re: Honestly..

        I've got some for the BBC B that are still going.

      2. nematoad Silver badge

        Re: Honestly..

        "Flat floppy disks may not be eternal ..."

        When they do fail where would someone like BA get new ones?

        As far as I know they haven't been made for years.

        1. Anonymous Coward
          Anonymous Coward

          Re: Honestly..

          Available on amazon... Maxell...£20 for 10, delivered tomorrow

        2. vtcodger Silver badge

          Re: Honestly..

          When they do fail where would someone like BA get new ones?

          It's entirely possible that BA has back up copies. And they might well have the files backed up to hard drives and/or tapes (Now if you're looking for a dubious storage medium, try tape). And the drives themselves? Hundreds of millions were made. There are lots around. Some still work. There are even USB floppy drives. I have one out in the garage. Rather to my amazement, it actually works ... well, at least it used to.

          Can one still buy blank floppy disks? Rather to my surprise, one apparently can still get them from Walmart, Amazon, etc.

          1. christooo

            Re: Honestly..

            They came from Jepperson in the States. They replaced the numerous maps that the pilots carried in their flight bags and were updated monthly with new navigation changes. news like runway 240 in Hong Kong closed for repairs from 12/6/ to 15/6.during the hours 0000z to 0600z. . .

          2. Trygve Henriksen

            Re: Honestly..

            Nothing wrong with tape...

            Unless you used DAT or Video8 tapes...

            DAT was never designed for the strain of multiple Fast Forward and Reverse that the tape system will be subjected to during a Write and Verify operation does.

            Now, an old Tanberg SLR tape... is probably close enough to bulletproof that the pilots might consider lining the door into the cockpit with the tapes...

      3. Charlie Clark Silver badge

        Re: Honestly..

        Far longer than you can expect any USB-stick to… though I don't think that's necessarily the main factor here: it's the consistency of the interface rather than the durability of the media that matter.

        Of course, they could always follow the lead of the automobile industry and allow the control systems to be hacked from the entertainment system. I mean, what could possibly go wrong?

        1. Louis Schreurs Bronze badge

          go wrong?

          autopilot any fanbois?

    3. Dan 55 Silver badge

      Re: Honestly..

      Perhaps they should install a replacement Gotek drive as you could with any other retro computer.

      I'm not sure if I'm joking or this would be a viable solution on a 747.

      1. Cozzer79

        Re: Honestly..

        It is viable, although they tend to go with a full fat HxC instead. Far easier to create a number of floppy images on a USB stick and then flick through them than keep swapping floppies that may or may not still work.

    4. Marketing Hack Silver badge
      Go

      Re: Honestly..

      This explains so much! I thought I was going nuts when I heard the unmistakable screech of a 56K baud modem connecting during my last flight!

    5. Richard Jones 1
      Happy

      Re: Honestly..

      It could have been worse, some systems from about that time used punched tape or stacks of punched cards. Woe betide anyone who dropped the tape or cards scrambling their order, tore the tape or got either one wet. Even worse, loaded it the wrong way and chewed it up completely. Yes, it was across the water from where I lived, but I knew they did several of the punched tape sins while a system was down and out for a long outage,

      1. This post has been deleted by its author

      2. henryd

        Re: Honestly..

        No problem, columns 75 through 80 on the card are for sequence number. Now where did I put that Card sorter?

    6. DS999

      Re: Honestly..

      I'd imagine there have been quite a few package upgrades since then.

      Hopefully I'll be dead before "automated updates over 5G" come to aircraft.

      1. Neil Barnes Silver badge

        Re: Honestly..

        It's possible that the two events will be simultaneous.

        1. Doctor Syntax Silver badge

          Re: Honestly..

          Almost.

    7. Anonymous Coward
      Anonymous Coward

      Re: Honestly..

      Yeah - the original version had 8" disks???!!!!

    8. jelabarre59 Silver badge

      Re: Honestly..

      Well, they certainly didn't have floppy disks (*especially* 3.5" floppies) when my day was a quality inspector on the original models back in 1969.

      I remember us driving past the plant in Everett WA, 747's lined up out on the field. At the time yjey had staggered shifts that would start on 15 minute intervals, just to avoid traffic congestion from everyone showing up at once.

      Unfortunately Boeing was an early innovator of IBM's redundancy methodology, and once the early order crunch was over, dad was out along with some sizeable chunk of other staff that moved into the area just to work there (eventually prompting the famous "...last person leaving Seattle..." billboard https://www.historylink.org/File/1287 ). Which was OK, he eventually went on to work on to documenting other interesting projects, such as a submarine recovery system "for Howard Hughes".

    9. christooo

      Re: Honestly..

      That was an upgrade from the original 747.! Previously you inputted your waypoints manually into the INS from the Jeppeson manuals. The floppy presented all the info on the screen and you selected and downloaded your flight plan to the INS. (Inertial Navigation Systm.) and then a catering truck jolted the aircraft and you had to start initilising the system again! Happy days.

  2. Dwarf Silver badge

    Cloud

    You would assume that connectivity of planes to the cloud should be a simple thing to do - at least for part of their working day

    I guess that could be termed a fly-by download rather than a drive-by download.

    1. monty75

      Re: Cloud

      Be glad it's not Apple compatible. I don't think I'd enjoy an Airdrop on a plane.

    2. Yet Another Anonymous coward Silver badge

      Re: Cloud

      Simple, all you need to do is ensure that everything in the system from the ethernet cable to the link to the cloud and all the systems at the cloud data center are FDA approved and then get all the other aviation agencies around the world to agree (including the French) and you're done

      1. J. Cook Silver badge
        Headmaster

        Re: Cloud

        I'm pretty sure you meant the Federal Aviation Administration, not the Food and Drug Administration.

        Cheers!

        1. Yet Another Anonymous coward Silver badge

          Re: Cloud

          I make occasional typos - that's why I'm not president !

          1. rcxb Silver badge

            Re: Cloud

            Sounds perfectly covfefe to me.

      2. Dwarf Silver badge

        Re: Cloud

        I was referring to the one made out of water vapour that results in a bit of turbulence when you fly through them.

        I'd guess you just need a wireless connection to the cloud.

        On reflection, perhaps I should have added the joke icon to the previous posting.

        1. Yet Another Anonymous coward Silver badge

          Re: Cloud

          Too subtle for a Monday morning

        2. Doctor Syntax Silver badge

          Re: Cloud

          S'OK. Some of us got it.

    3. Snapper

      Re: Cloud

      No, it would be an upload if they were flying above the cloud layer.

    4. Doctor Syntax Silver badge

      Re: Cloud

      "a fly-by download"

      Or fly-through.

  3. TheRealRoland
    Facepalm

    "It's such a chore doing these data updates in person". Sure. On the other hand, probably more secure than having all planes connected to a mothership, where someone opens up that what looks like the latest ad for the favorite shop, opens that pdf with the latest ads, and...

    also.

    *please don't provide any steering input while the firmware is being updated*

    "Jack! Why did you decide to update the firmware while flying?!" "Well, i do that on my laptop as well. as soon as an update comes by, i just install it! Really just muscle memory, innit?"

    1. Dan 55 Silver badge

      That particular system might not be connected to the mothership (3.5" floppy disks came out in 1982), but modern jet engines do send realtime analytics back to the mothership and the manufacturer advises the airline if they believe any work should be done on any particular part.

      1. Dave 126 Silver badge

        If I recall correctly, real time data from the engines back to Rolls Royce was an optional service that they offered, but not every airline took them up on it - famously the Malaysian Airlines jet that disappeared a few years ago.

      2. Doctor Syntax Silver badge

        "the manufacturer advises the airline if they believe any work should be done on any particular part"

        The trick bit is when they tell them it needs to be done right now.

  4. P.B. Lecavalier

    King's Quest

    Reminds me of the install process of King's Quest VI: "Insert disk 2 out of 12."

    Now you just casually download a 30-50 GB thing in the background. You lose the building tension of maybe not finding a disk! Actually that wasn't a thing. At the speed it went, you had a lot of time on hand to nicely order your stack of disks.

    1. Glen 1 Silver badge

      Re: King's Quest

      Its not the download that causes the teeth gnashing, its not beginning the download until you try to play the game.

    2. Def Silver badge

      Re: King's Quest

      12 disks was manageable. Hearing the tape stop after 10 minutes but the loading screen doesn't disappear was not.

      1. Doctor Syntax Silver badge

        Re: King's Quest

        Or "Insert next tape" and you'd already inserted the last tape you had. And it was a database restore. Took me most of a weekend to find the tape someone kindly hadn't labelled.

      2. Trygve Henriksen

        Re: King's Quest

        10 minutes?

        I bet you had a C64.

        We managed to get some of our more popular ZX Spectrum games transferred to the Microdrive. 48KB in less than 10 seconds!

        (You had to load the game from tape, stop it after the basic part had loaded and before the MC could load, rewrite the BASIC to use the Microdrive, save it to MD, load the MC and save it too, to the MD and hope that it worked... )

    3. Dave 126 Silver badge

      Re: King's Quest

      I still have the tension of not knowing if the damned game will actually run after waiting an hour for the download... Then I have to play a thrilling game of trying to reinstall Microsoft Runtime Environment 2015 or whatever the hell it is, with no guarantee of success (Civilization VI). First game I decide to play for years, and shonkiness of the process took be right back to the nineties!

    4. jelabarre59 Silver badge

      Re: King's Quest

      Reminds me of the install process of King's Quest VI: "Insert disk 2 out of 12."

      Hah! You never installed NetWare 3.11 then...

      1. GerryMC

        Re: King's Quest

        Or OS/2 + NetWare networking stack. IIRC was something like 50 diskettes.

    5. macjules Silver badge

      Re: King's Quest

      Worse than that: try the Mac Baldur's Gate 2 6x CD installer set that does not actually work in sequence but sometimes asks you to install Disk 3, followed by Disk 6 etc.

  5. karlkarl Silver badge

    I imagine planes need to be as deterministic as possible. As soon as you connect to that cesspit known as "the cloud", all bets are off.

    I am surprised a 3.5" floppy was used and not something earlier. Didn't they come out later than the initial 747s? This suggests their update machinery went through a number of revisions in a relatively short time.

    1. Yet Another Anonymous coward Silver badge

      The initial 747s probably didn't have much of a flight management system. What they had was a flight engineer with a proper aviation grade mustache

    2. Ellipsis
      Boffin

      The 3.5ʺ floppy-based ARINC 615 device is the modern (1989 “high speed”) successor to the 1981 ARINC 603 data loader, which used quarter-inch tape cartridges…

    3. Sparkus

      This was a 747-400, first flight in 1988. 3.5 floppies were sota then.......

  6. TeeCee Gold badge

    ... revealed a server-room-esque array of line replaceable units and cabling,

    So, Hollywood. What was that film with Kurt Russell where they killed off Steven Seagal's character in minutes? Just like in that then.

    Bet it doesn't have an access hatch in the floor though. You know the one to attach a Stealth Fighter that magically lacks engine, fuel, etc and thus has room for an assault team and an access tube, restoring normal Hollywood credibility levels.

    1. iron Silver badge

      Best Steven Seagal film I've ever seen! Unfortunately I can't remember the name either.

      1. andypbw

        Executive Decision

        This one?

        https://en.wikipedia.org/wiki/Executive_Decision

      2. bazza Silver badge

        Access Hatch

        AFAIK there is one from the cockpit into the avionics bay below. It's there in case a pilot has to do the ultimate off-on-hit-it-with-a-hammer in flight fix.

        1. JimboSmith Silver badge

          Re: Access Hatch

          AFAIK there is one from the cockpit into the avionics bay below. It's there in case a pilot has to do the ultimate off-on-hit-it-with-a-hammer in flight fix.

          The First Class area on a BA 747 is directly below the cockpit so hopefully there's no Avionics in there. There is I believe hatch in the nose cabin of a 747 that goes down into the avionics bay. Somebody I know was upgraded to First Class one flight across the pond. He described sitting in his very comfortable seat drinking a glass of champagne whilst a couple of engineers opened this hatch. One of them went through it and did something whilst his mate offered advice. After a few minutes he reappeared, everything was resealed and the captain thanked everyone for their patience.

        2. Anonymous Coward
          Anonymous Coward

          Re: Access Hatch

          Similar to that Father Ted episode?

      3. jelabarre59 Silver badge

        Best Steven Seagal film I've ever seen!

        Is there such a thing? Or would it be the cinematic equivalent of https://www.discogs.com/No-Artist-The-Wit-And-Wisdom-Of-Ronald-Reagan/release/1421098 , or "The Handbook of French Military Victories"?

        1. baud Bronze badge

          I'm pretty sure the Handbook of French Military Victories would be thick enough to clobber you on the head with it

          1. A.P. Veening Silver badge

            Yup, everybody always forgets the Foreign Legion, which is French Military though most of the enlisted and non-coms aren't.

    2. Alan Brown Silver badge

      "Bet it doesn't have an access hatch in the floor though."

      The one that the sun was shining in through when you looked down from above? (2:05)

  7. DS999

    How is "visiting a plane every 28 days" a chore?

    I sure hope maintenance people visit the cockpit more often than that! It doesn't exactly take the highest qualified guy on staff to insert a floppy.

    1. LeahroyNake Silver badge

      Re: How is "visiting a plane every 28 days" a chore?

      Have you not read 'On Call' ?

    2. EnviableOne Silver badge

      Re: How is "visiting a plane every 28 days" a chore?

      depends on how often its used, 200-300 flight hours for an A check, so from 8d8h if its in continuous use or over 28 days if its on less than half duty...

      but to do the update you need to make sure the floppy is in the right place at the right time....

  8. Conundrum1885

    PC LOAD

    FLOPPY ?

    (gets coat)

    1. Anonymous Coward
      Anonymous Coward

      Re: PC LOAD

      Isn't "PC LOAD" a printer error message?

  9. LeahroyNake Silver badge

    All well and good

    I wonder if they are still using them on starliner or have gone back to the real floppy ones to save weight ?

    1. Mike 16 Silver badge

      Re: Weight Savings

      The real improvement was the switch from plugboards to cards.

  10. DJV Silver badge

    Mercifully he only managed to KO his own screen

    Well, if he really wanted to screw with the aircraft he should have just flipped the Gary Larson "wings" switch! https://i.pinimg.com/originals/af/08/4b/af084b2f06ab7977d9241bfbcbd08998.jpg

    1. Dave 126 Silver badge

      Re: Mercifully he only managed to KO his own screen

      Gary Larson is creating new material again! Whoohoo!

      https://www.thefarside.com/new-stuff

      1. DJV Silver badge

        Re: Mercifully he only managed to KO his own screen

        Yes, indeed. It's great to see him back but his computer based stuff will take a bit of getting used to until he finds his feet (or hands, more like)! Keep practising, Gary!

  11. Claptrap314 Silver badge

    Read-Write?

    For me, the issue with floppies that you have to maintain strict physical custody in order to ensure that the data on the disk has not be compromised. I would want some sort of WORM medium.

  12. Marty McFly
    Meh

    Where is the surprise??

    747-400 is 1980's technology. A lot of effort goes in to certifying kit for flight operations. Just what is the point of re-designing something to replace something that works? As noted, these aircraft are being retired. Again, where is the surprise? Seeing floppy operations is rather expected actually.

  13. Withdrawn

    "To readers of a certain vintage"

    Thanks, kind of you to put it that way

  14. Nugry Horace

    I'm disappointed no-one's got it to run a copy of Flight Simulator from the floppy.

    1. Anonymous Coward
      Anonymous Coward

      Ah yes. Please insert disk #361 of 511 and press "Return" - Do NOT press "Break".

  15. Sparkus

    So was this article about a DefCon 'tour' or a not-so-subtle advert for FS 2020?

    BTW. X-Plane is still miles ahead ;-)

  16. Anonymous Coward
    Anonymous Coward

    Industry Standard

    This set-up is also found on the Airbus A330 and A320 - I have always questioned why, given the near impossible task of sourcing "new" disks, and the amount of disks that fail on upload or transferring from Jeppessen onto the disk (which requires a computer running Windows XP)...

    Source: I am an Aircraft Maintenance Engineer...

    1. TheMeerkat Bronze badge

      Re: Industry Standard

      I just check Amazon - they sell both 3.5” floppy disks and drives.

      Could not find 5” though...

  17. quartzz

    this is umm, what happens when equipment has to run by it's own rules, and not some 'fantasy' operating system eula.

  18. martinusher Silver badge

    Moam, Moan, Moan...

    At least it was a 3.5" floppy (and nobody checked whether it was single or double sided.....).

    This idea that's drummed into us that we have to have absolutely the latest everything (OR ELSE) is not how real life works. Boring as it may sound a lot of indusitral equipment is extensively tested and that certification process is rather long winded. Every time you change something -- anything -- then you may have to go through the entire certification process all over again. This is a positive disincentive to keep 'upgrading' every five minutes (and given the reliability record of Windows 10 upgrades......).

    What's a bit more worrying is that I've been flying around in 747s that have vxWorks in their flight control systems. I've had quite a bit of experience with it. Not happy. (I wonder what Airbus uses?)

    1. hoola Bronze badge

      Re: Moam, Moan, Moan...

      Unless of course you are Boeing, then you just leave the case the same, replace all the insides & call it the same airframe to avoid re-certification.

  19. 0laf Silver badge

    Aviation is very tightly controlled for the most part. It's probably safe to assume that this is a tried and tested way of carrying out this particular task on this vintage of aircraft. i.e. it works and works well.

    I got a tour of an active Vanguard nuclear missile sub about 10yr ago. Even then the tech on the sub looked antiquated (70s). But it was old because it was reliable and hardened against emp etc.

    Sometimes old stuff works better. As mentioned by one commenter it's a terrifying though that an aircraft might rely on a connection to the internet to do anything.

  20. Overflowing Stack

    It should run direct from floppy

    For the ultimate in reliability and security.

  21. Arachnoid
    Mushroom

    OOH ERR MISSES.... Sorry I can't do that Dave.

    "Disk 2 of 20 is unreadable, please re-insert disk."

  22. Doctor Syntax Silver badge

    "You can't just clip into a pair of wires into the back of the aircraft and gain access to all of these."

    Wait till he discovers them....

  23. Ken Moorhouse Silver badge

    Steve Gibson

    I have a feeling that Boeing would be heavily reliant on the above's SpinRite utility.

    I wonder how many copies they've bought over the years.

  24. adam 40
    Paris Hilton

    3 1/2″??

    Pah, my floppy is 8″, but I don’t use it as a rule…

    (Paris stares intently....)

  25. Anonymous Coward
    Anonymous Coward

    "Unable to lower landing gear. Abort, Retry Ignore"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020