Re: [SystemSafety] Hacking a Boeing 777 electronically

From: Todd Carpenter < >
Date: Mon, 17 Mar 2014 08:58:09 -0500


> Just one small nit-pick about the article, in the "third point":

Peter's post is correct.

> QAR may be a passive device only because it chooses to be so.
> What I mean is that the bus connection hardware might
> be capable of use both as transmitter and receiver,
> but the software only uses the receiver parts.

That is not an appropriate model of how ARINC 659 works. In ARINC 659, statically scheduled hardware controls (1) which module transmits, when, and from which buffer, and (2) which module receives, when, and into which buffer. Only data moves on the backplane, not addresses (either of LRMs or buffers).

> If there were a vulnerability which permitted injection of
> arbitrary code, it *might* be possible to turn it into an active
> device.

Not a valid hypothesis for ARINC 659. Even if an attacker somehow completely rewrote QAR from the bottom up, they still could not inject extra data on the bus without a hardware update. Such hardware updates require significant physical access. Furthermore, calculating the updates (e.g., adding a new message) so that it doesn't just break everything else is itself a computationally complex challenge requiring knowledge of distributed functionality which is not visible from any single LRM, or even the backplane itself.

-TC

On 3/17/2014 3:23 AM, David Haworth wrote:
> Just one small nit-pick about the article, in the "third point":
>
> QAR may be a passive device only because it chooses to be so.
> What I mean is that the bus connection hardware might
> be capable of use both as transmitter and receiver,
> but the software only uses the receiver parts.
>
> If there were a vulnerability which permitted injection of
> arbitrary code, it *might* be possible to turn it into an active
> device.
>
> Still seems fairly unlikely though.
>
> Dave
>
> On 2014-03-17 09:05:32 +0100, Peter Bernard Ladkin wrote:
>> An article in the Sunday Express suggested that MH 370 could have been electronically commandeered
>> by, of all things, a mobile phone from the cabin. After all, this was shown in Amsterdam last year,
>> wasn't it?
>>
>> The answer is no. To both.
>>
>> I had a discussion about it on a closed specialist list yesterday. This post is the result.
>>
>> http://www.abnormaldistribution.org/2014/03/17/hijacking-a-boeing-777-electronically/
>>
>> PBL
>>
>> --
>> Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
>> Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
>>
>>
>>
>>
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety_at_xxxxxx >
> ----------------------------------------------------------------
> Please note: This e-mail may contain confidential information
> intended solely for the addressee. If you have received this
> e-mail in error, please do not disclose it to anyone, notify
> the sender promptly, and delete the message from your system.
> Thank you.
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx >



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Mar 17 2014 - 14:58:21 CET

This archive was generated by hypermail 2.3.0 : Wed Apr 24 2019 - 23:17:07 CEST