Hacker News new | past | comments | ask | show | jobs | submit login
747s as flying Unix hosts: SCADA in the sky (boingboing.net)
77 points by michaelzhao on Sept 26, 2011 | hide | past | favorite | 18 comments



> "You probably remember SCADA from the starring role it played in the Stuxnet worm"

Nitpick: The article writes like 'SCADA' is a product from a single vendor. It's not. It's just an acronym for Supervisory Control and Data Acquisition, of which PLC's/DCS's/RTU's/PC's make up as a full system. SCADA didn't play a role in Stuxnet; Siemens PLC's (and a lot of specific know-how) did.


Am I not the only industrial automation guy lurking around here?


It's still alarming researchers got access to engine management systems from the on-board entertainment system.


I'm not entirely sure that's what they're saying: the original post simply says "they [the engineering team] had added a new video system that ran over IP".

I would be somewhat surprised if that "new video system" was the IFE system. It's more likely to be something flight deck related.

I say this with some knowledge of working in that industry and understanding how the two biggest IFE systems manufacturers install their gear.


Not particularly. You'd be surprised how many control systems are split from corporate LAN's via VLAN tags (only).


There is certainly nothing critical running Solaris on a 747 or any other airplane. All airborne software needs to get certified by FAA and is developed and evaluated through the lens of the DO-178B standard.


Did you click through the blogspam and read the original article?

> I was contracted to test the systems on a Boeing 747. They had added a new video system that ran over IP. They segregated this from the control systems using layer 2 - VLANs. We managed to break the VLANs and access other systems and with source routing could access the Engine management systems.

Perhaps there's nothing critical running Solaris, but apparently the critical systems are accessible from the systems running Solaris.



He states that the "engine management system" ran Solaris, and that was what he managed to access. I don't know what he means by "engine management system" but I am quite sure it was not critical ...


Well, if engineers can 're-tune' the engines mid-flight, then I suspect those systems are critical.


Another option is that the guy does not know what he is talking about ...

I guess we will never know for sure.


Is there any independent information confirming anything like this? I'd be absolutely horrified if anything like this was true.



I hate to say it, but it seems like the author of the article had a bone to pick with ex-employers. I'd certainly never hire him, with all the names he named and specifics he published.

The embedded/industrial space is plagued with these security issues.


Here's a similiar story, also very interesting: http://www.theregister.co.uk/2011/05/03/cop_car_hacking/


Gives a new meaning to saying your server "crashed".


dunno what he means by "engine management system", but FADECs most certainly don't run Solaris, but very specialized real-time OSes.

maybe he means Flight Management Computers? those don't have direct control over avionics anyway, AFAIK.


Sure they do. The on-board FMC is meant to enhance the capabilities of the autopilot. If you can reprogram the FMC then you can change where the aircraft is pointed.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: