

747s as flying Unix hosts: SCADA in the sky - michaelzhao
http://boingboing.net/2011/09/25/747s-as-flying-unix-hosts-scada-in-the-sky.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+boingboing%2FiBag+%28Boing+Boing%29

======
elithrar
> "You probably remember SCADA from the starring role it played in the Stuxnet
> worm"

Nitpick: The article writes like 'SCADA' is a product from a single vendor.
It's not. It's just an acronym for Supervisory Control and Data Acquisition,
of which PLC's/DCS's/RTU's/PC's make up as a full system. SCADA didn't play a
role in Stuxnet; Siemens PLC's (and a _lot_ of specific know-how) did.

~~~
rbanffy
It's still alarming researchers got access to engine management systems from
the on-board entertainment system.

~~~
objclxt
I'm not entirely sure that's what they're saying: the original post simply
says "they [the engineering team] had added a new video system that ran over
IP".

I would be somewhat surprised if that "new video system" was the IFE system.
It's more likely to be something flight deck related.

I say this with some knowledge of working in that industry and understanding
how the two biggest IFE systems manufacturers install their gear.

------
kristoffer
There is certainly nothing critical running Solaris on a 747 or any other
airplane. All airborne software needs to get certified by FAA and is developed
and evaluated through the lens of the DO-178B standard.

~~~
thristian
Did you click through the blogspam and read the original article?

> _I was contracted to test the systems on a Boeing 747. They had added a new
> video system that ran over IP. They segregated this from the control systems
> using layer 2 - VLANs. We managed to break the VLANs and access other
> systems and with source routing could access the Engine management systems._

Perhaps there's nothing critical running Solaris, but apparently the critical
systems are accessible from the systems running Solaris.

~~~
kristoffer
He states that the "engine management system" ran Solaris, and that was what
he managed to access. I don't know what he means by "engine management system"
but I am quite sure it was not critical ...

~~~
ramidarigaz
Well, if engineers can 're-tune' the engines mid-flight, then I suspect those
systems are critical.

~~~
kristoffer
Another option is that the guy does not know what he is talking about ...

I guess we will never know for sure.

------
arethuza
Is there any independent information confirming anything like this? I'd be
absolutely horrified if anything like this was true.

------
runjake
Non-blogspam link: [https://www.infosecisland.com/blogview/16696-FACT-CHECK-
SCAD...](https://www.infosecisland.com/blogview/16696-FACT-CHECK-SCADA-
Systems-Are-Online-Now.html)

------
runjake
I hate to say it, but it seems like the author of the article had a bone to
pick with ex-employers. I'd certainly never hire him, with all the names he
named and specifics he published.

The embedded/industrial space is plagued with these security issues.

------
shocks
Here's a similiar story, also very interesting:
<http://www.theregister.co.uk/2011/05/03/cop_car_hacking/>

------
joejohnson
Gives a new meaning to saying your server "crashed".

------
borism
dunno what he means by "engine management system", but FADECs most certainly
don't run Solaris, but very specialized real-time OSes.

maybe he means Flight Management Computers? those don't have direct control
over avionics anyway, AFAIK.

~~~
yock
Sure they do. The on-board FMC is meant to enhance the capabilities of the
autopilot. If you can reprogram the FMC then you can change where the aircraft
is pointed.

