747s as flying Unix hosts: SCADA in the sky


14 Responses to “747s as flying Unix hosts: SCADA in the sky”

  1. $16228947 says:

    UNIX (Berkeley System V) was my introduction to computing and Internet-working. Once I got over the sheer terror of the learning curve our our “new electronic office wonder and the future of the paper-less office,” all this turned into a lot of fun and I haven’t looked  back, since. I was telnetting (with NAT filtering) to remote systems until just after the turn of the century when the rest of the world was becoming addicted to AOL and Yahoo! The switch to Secure SHells became really important with the advent of broadband – and continuous – connections.

  2. Zacharias Khorlo says:


    In flight, someone could issue:

    svcadm disable engine1



  3. bcsizemo says:

    On the plus side at least you won’t die because of a BSOD….

    just sayin.

  4. Jim Robertson says:

    You do, actually. Except the ‘B’ stands for “Brown”.

  5. Steve Caunce says:

    So how useful is this when Stephen Harper brings in his Lawful Access Legislation and starts spying on the Canadian internet traffic? I live by an airport and have 747s flying over top of me at 15 minute intervals. Can I use them to post blogs critical of the Alberta Tar Sands without having to fear being spied on, charged with terrorism and put away in one of Harper’s shiny new for-profit prisons?

  6. CH says:

    Well… I’m sure there is absolutely _nothing_ that can go wrong there!

    The article is a good read! (Although now I need to go google a few terms…)

  7. Abe Lincoln says:

    “For those who engage in Pen Testing and know what a shoveled shell is… I need not say more.”

    Well a lot of us don’t do those things.  So if you’re going to pretend to disseminate the news how about actually doing that?  Your reference is worthless to anyone who doesn’t do those things.

    • gd23 says:

      I agree that it would be nice for an explanation, but a simple google search on the term would have easily solved the mystery.

      • Abe Lincoln says:

        If I want to spend time looking things like that up I’ll read Physical Review Letters. Why write it down at all if you’re going to make esoteric references? Isn’t the point of news to disseminate information in a meaningful and accessible way? Is it your claim the author did that?

      • Macgruder says:

        Hardly. It ‘solves’ the mystery only for people who understand it in the first place. 

  8. Les Hutchins says:

    Why do I have to be groped by the TSA when, apparently, you don’t even need a bomb to crash a plane, just some hacker skills?

  9. I used to write specifications for factory SCADA systems. Item 1: the system shall not be connected to any external system.

  10. Guest says:

    The issue here is that all that separated the engine control systems and the open network was NAT based filters.

    Does not necessarily mean the engine control systems were accessible from the Internet. Only that they were accessible from whatever network could access the plane.

    I imagine the FADEC (look it up) systems were on a 10.x.x.x private address space along with the rest of the avionics, and things like telnet were port-forwarded to the WAN IP of the radio/satellite uplink. Exactly like every other network in existence.

    This doesn’t mean that the uplink wasn’t either a

    a) point-to-point private circuit or direct radio link.
    b) secure VPN over a public carrier.

    This isn’t a factory where someone can walk over to the controllers. When your SCADA network is 30,000 feet in the air, having no outside access has its ups and downs ;-)

    What is scary, if you RTFA, is that said plane network has the avionics and the in-flight entertainment on the same Ethernet, but with different VLANs. I would worry more about misbehaving devices (or people.. excuse me, what network is that in-flight Wi-Fi riding on??) on the plane than I would outside threats.

    Oh, FYI, a shoveled (or reverse) shell is like a telnet or SSH session, but the server connects OUT to the client, vs the client connecting IN to the server. You don’t need a forwarded port to shovel a shell.

  11. umlcat says:

    I’ll hack your plane… (TF frenzy)

Leave a Reply