
Access codes for United cockpit doors accidentally posted online - gk1
https://techcrunch.com/2017/05/14/access-codes-for-united-cockpit-doors-accidentally-posted-online/
======
saurik
My first thought was "aren't these rotated often? even just generated for
every flight?", but then I rapidly thought about who would need to set them,
and I decided it strange that the flight attendant would know the password at
all... if the goal is to protect against an attacker, giving the password to
anyone outside of the cockpit just makes them a target and a weakness; but
once you go that far, I wonder why they need access codes at all?... the
pilots should just lock themselves into the cockpit and they need neither a
key nor an access code at that point, right? Isn't this needless complexity to
have these codes?

~~~
closeparen
Pilots get up to use the lavatory, and are brought food. The code is an
authenticated knock, and replaces the speakeasy-style "secret" knocking
patterns that were used before 9/11\. Someone in the cockpit views the person
who entered the code on a CCTV monitor and decides whether or not to buzz the
door open. This is a control against someone who knows the code but is under
duress. If the pilot inside doesn't explicitly deny the request to enter after
some number of seconds, it's automatically granted (useful if the pilot is
unconscious, say).

This all came up in the Germanwings pilot suicide. The suicidal pilot waited
till the other pilot was outside the cockpit, then repeatedly denied acccess
to the cockpit when he entered the code to get back in.

~~~
SimbaOnSteroids
Wait how would this stop a pilot doing what he did in the case of the
Germanwings pilot suicide? Are you saying it came up during the
investigation/coverage or were you saying that it as fixed as a result of
this.

~~~
piquadrat
The "fix" for the issues that the Germanwings tragedy laid bare was a
"2-person policy": if one of the pilots has to leave the cockpit, another
member of the crew will take their place. But this introduced new problems,
e.g. the time that the cockpit door needed to be open increased considerably,
creating new opportunities for forcibly entering the cockpit. Many airlines
are in the process of rolling back this policy.

[http://onemileatatime.boardingarea.com/2017/04/30/two-
person...](http://onemileatatime.boardingarea.com/2017/04/30/two-person-
cockpit-rule-abolished/)

~~~
FabHK
By way of background, US airlines apparently always had the 2-person policy
(after 9/11). But the reason was, from what I understand, that one person had
to get up to the door to look through a peephole to authenticate the pilot
requesting access back in.

European airlines, by contrast, had a monitor in view of the pilots, so they
could authenticate visually from their seat.

In the wake of the GermanWings tragedy, they were chastised for not having the
2-person policy, introduced it (partially under the pressure of media and the
public, in my opinion, and because "you've gotta do someting!!!1!!"), and now,
as this has faded from public attention, they revert to their original
(entirely sensible) policy.

------
westworld_
This doesn't seem as bad as when the TSA published pictures of their master
keys - it sounds like the codes have already been changed & the pilots still
have to do visual confirmation even if a correct code was used.

The endless struggle between convenience and security continues. Considering
the statistics I actually think the airline industry and its associated
governing bodies have accomplished an incredible feat of balancing these two
sides of the seesaw. It can be a hassle flying, but there are 895 million
passenger trips per year in the US (stat from 2015) and the last fatal US
passenger airliner accident was in 2009!

I'd worry much more about new regulations pushing large quantities of Li-Ion
batteries into airplane holds than about these cabin access codes being
published.

~~~
froindt
>and the last fatal US passenger airliner accident was in 2009!

Asiana flight 214 (San Francisco crash with the fake names announced by a
major news outlet) was in 2013.

[https://en.m.wikipedia.org/wiki/Asiana_Airlines_Flight_214](https://en.m.wikipedia.org/wiki/Asiana_Airlines_Flight_214)

~~~
alistairSH
<pedant>Asiana isn't an American airline</pedant>

Either way, the main point still holds - the American airline industry, along
with its foreign counterparts in Europe and Asian, do an amazing job keeping
the flying public safe.

~~~
mikeash
It really is amazing that we can go years between fatalities.

To put it in perspective, air travel in the US involves about 10% of the
passenger-miles of road travel. If air travel had a similar fatality rate as
road travel, then we'd see 3,000-4,000 fatalities per year from airliner
crashes, in the US alone.

