|
You are no doubt referring to the article in Wired Magazine that appeared in January 2008 about the wireless functionality offered in Boeing's new 787 airliner. It's not the Wi-Fi itself that is a concern. Passengers surfing the Internet from the comfort of their own seats on a plane is no more or less dangerous than those same users doing the same thing at a coffee shop, provided that the network they use is isolated from other critical networks.
And that's what's so alarming about the Wired article, which describes an FAA document about special conditions in the new 787's wireless functionality. It appears that the networks associated with "flight-safety-related control and navigation" are "connected by electronics and embedded software" to the networks associated with "passenger entertainment, information and Internet services.".
Given the issues raised in the Wired article and the associated FAA document, consider this scenario. An innocent user on a plane surfs the Internet using an unpatched laptop machine, inadvertently accessing a website run by an attacker on the ground. The attacker delivers an exploit to the laptop, now controlling that one machine on the plane. The attacker may look at the IP address of the system he or she just compromised, realizing that it has come from an airline, possibly inferring that it is a machine on board a plane. Heck, the attacker might even look through the file system of the victim's machine and see the travel itinerary of the passenger stored in email. The attacker could then use the compromised laptop on the plane to try to pivot and attack the other network on the plane, associated with control and navigation. The attacker may attempt a denial of service attack, or perhaps system compromise of machines on the other network.
Call me old fashioned, but I don't think we should interconnect such things together. Each network should be completely isolated, and ideally each should use different protocols just in case they are accidentally connected together. Although using the same equipment and protocols likely lowers cost and weight, it introduces significant danger, in my opinion. Trying to isolate traffic on networks that are physically connected is difficult, and firewalls aren't perfect. To answer your question directly, I think this is a profoundly bad idea.
More information:
|
