And that's what's so alarming about the Wired article, which describes an FAA document about special conditions...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
in the new 787's wireless functionality. It appears that the networks associated with "flight-safety-related control and navigation" are "connected by electronics and embedded software" to the networks associated with "passenger entertainment, information and Internet services.".
Given the issues raised in the Wired article and the associated FAA document, consider this scenario. An innocent user on a plane surfs the Internet using an unpatched laptop machine, inadvertently accessing a website run by an attacker on the ground. The attacker delivers an exploit to the laptop, now controlling that one machine on the plane. The attacker may look at the IP address of the system he or she just compromised, realizing that it has come from an airline, possibly inferring that it is a machine on board a plane. Heck, the attacker might even look through the file system of the victim's machine and see the travel itinerary of the passenger stored in email. The attacker could then use the compromised laptop on the plane to try to pivot and attack the other network on the plane, associated with control and navigation. The attacker may attempt a denial of service attack, or perhaps system compromise of machines on the other network.
Call me old fashioned, but I don't think we should interconnect such things together. Each network should be completely isolated, and ideally each should use different protocols just in case they are accidentally connected together. Although using the same equipment and protocols likely lowers cost and weight, it introduces significant danger, in my opinion. Trying to isolate traffic on networks that are physically connected is difficult, and firewalls aren't perfect. To answer your question directly, I think this is a profoundly bad idea.
Related Q&A from Ed Skoudis
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ...continue reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.continue reading
By viewing a page's HTML source code and writing malicious scripts to a drop-down list, hackers may be able to re-post the malicous page to the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.