Boeing 787 Dreamliner Wireless Enabled

By Fabian at 4:07 pm on January 10, 2008 | 2 Comments

Summary

FAA imposed a “special conditions” to let Boeing installed an in-flight internet access for the study/test purposes for the next 787 Dreamliner aircraft. But the new system will not be available on the next release of Dreamliner until it is passed this flight worthiness test. Boeing is confident on the new system will not interfere with the critical flight system as many people might have thought. On the other hand, FAA is not entirely convinced, but willing to see the prospect of the technology for future commercial aircraft feature. FAA and Boeing assure that the internet system and flight system will be on separate from each other and passengers should not be worry of this new improvement. However, further studies need to be conducted, especially in terms of the overall system vulnerabilities against malicious passengers and people on the ground.

Discussion
The in-flight internet access system has been envisioned by many of us since the internet wireless revolution. For some people, it is important to remain connected to the world by any means necessary. They can use the internet for entertainment or even for business depending on the purpose of their trip. The new system can definitely make do similar activity as if you are in front of the computer connected to the internet.

People are so accustomed with wireless technology since it is more convenient without the mess of the cable. It is also a solution to give connectivity to passenger on board without drilling any holes on the aircraft’s wall.

As all of us might remember, Boeing has been announcing delays on the delivery of Dreamliner last year. However, under the Pat Shanahan direction, the Dreamliner is back on track on this January. We can speculate that Boeing is trying to add this internet access feature in the Dreamliner. Interesting fact is that we haven’t quite solved the security for on-the-ground wireless in public places like in the coffee shop. While in the coffee shop, customers are directly connected to the router. In the aircraft, passengers will be not connected to a router which is part of a bigger system, some of which are critical to survival of the aircraft.

Reflection
If the aircraft maker decided to install connectivity to the internet as the feature of the aircraft, then perhaps it will start by making it available via wires. Passengers will user their Ethernet cable to hook up to the internet. Boeing tried to push this idea, but it seems the market and the general population already been bought by the convenience of wireless connectivity idea. The only hindrance back then was the effect of electronic equipment to the flight navigation system; even cell phones need to be turned off before and after a flight.

If the demand for in-flight internet system was so high before the wireless revolution, aircraft maker might develop a completely new system that is independent from the flight system. Thus, it is possible that it will be using different protocol and different frequency that will not interfere with flight communication or navigation. However, this means that current wireless technology will be different and suitable for cabin environment of an aircraft.

Broader Issue
The issue that might arise once the internet system is fully tested and approved of public use is probably the same as the one we have here on the ground. For example security issues, like confidentiality, integrity, and availability of the internet connection in the aircraft. What will prevent a malicious user to attack other user in an aircraft? Who are responsible to protect the user if such incident occurs? If this malicious user is hypothetically caught in mid-air, what will the crew’s action?

Passengers will not hesitant to bring laptop and take advantage the internet for entertainment and business purposes. If more passengers are using laptops, then they will need to recharge the laptop as soon as the battery runs out. This means that aircraft has to be prepared for its battery to supply such energy. It might increase the service cost and make the aircraft fare a slightly higher.

Possible Reaction
Due to the current economy, people lean towards choosing air travel that can give them more savings. The cheapest fare might not be the one with internet access. Thus, people must weigh the benefit of having an internet access or not. In addition, the issue of security still exists and your computer might be exposed to the same danger as if you are connecting through an internet at a coffee shop.

More and more internet security company will market their products and label them to be “in-flight safe”. On the other side, the hackers/crackers will become more creative to hack them. Not to mention the skeptical people who think that in-flight internet is like given a small bit of the aircraft control or a small bit of the puzzle to control the aircraft.

Filed under: Current Events2 Comments »

Storm Update…holiday edition…

By patriw at 2:23 pm on Comments Off on Storm Update…holiday edition…

Summary:
The popular Storm botnet (also known as Peacomm and a bevy of other names…one for each AV company!) has just released yet another round of its malware in spam send out over the christmas / new years holiday period. While the disassembly of the current version is not yet available, older versions have employed a wide array of techniques to ensure the privacy of their code, and the current version is likely to employ these, and more. The network, while once operating on the Overnet p2p network, has now gone private, obfescating their udp packets. A few of the software issues will be discussed, and hopefully, a similar analysis of the most recent variety will be coming soon. However, it is simply an arms race. It takes time to dissect new pieces of malware, and in this time, computers are infected. Once a solution is found, another technique will be created to defeat it.

Assets:

  • While the malware authors want the software distributed as widely as possible, its important to protect the details of the protocol and the command and control portions of the malware. The privacy here is protecting several assets. Without completely dissecting the code, AV signatures are hard to develop, making it easier to successfully infect potential hosts. In addition, the obfuscation of the code protects the protocol used by the bots to communicate. While Storm as recently as September used the popular overnet p2p network to communicate, it has since moved to a private network. This network is the authors biggest asset, as massive ddos attacks are possible with so many infected machines, as well as the ability to send massive amounts of spam.
  • Small footprint. Sending spam, or even being part of a ddos attack doesn’t generate so much traffic that the infected machines are crippled. The spread of high speed internet connections has made hiding in the background much easier.
  • What appears to be a group of very talented minds.
  • Instead of taking advantage of exploits, the malware is spread via social engineering…as people are by default dumb, this method of distribution works great!

Potential Adversaries/Threats:

  • Wide spread adoption of a more secure email protocol than SMTP. Storm currently abuses the fact that smtp does not authenticate the sender of email messages. The authors of the malware seem to be driven by financial gains, and without the ability to send spam, they would be unable to participate in pump and dump scams, nor product advertisement.
  • Honest ISPs. There are currently ISPs that still do not validate the sender’s ip address of UDP packets. There have been reports of these in Russia and China. These provide lovely avenues in which DHT (Older versions utilized the dht used by overnet…I’m assuming there is still a dht in place, despite the change in protocol) values can be inserted without the source being obvious. This doesn’t have to be the case! Just try sending a message from your computer with a forged src ip. It will be blocked! In addition, ISPs could block all Storm traffic (might be illegal…not that Comcast seems to mind dropping customers packets).
  • OpenDNS and other dns servers that are null routing ip’s seen hosting malware. This is rather difficult as storm utilizes fast-flux domain changing, however as Storm is being hosted by many of the already infected machines, blocking all ips seen communicated with infected boxes would potentially reduce the number of hosts.
  • VMWare/VirtualPC and debuggers…These can be used to run the code, dissect the method that the udp packets are being created, and identify bootstrap lists (Hopefully leading to these IPs being notified and cleaned…but apparently this isn’t happening). Widespread use of VMs would also pose a threat to malware in general, as simply resetting the machine to a previous snapshot would clean the machine.
  • Researchers…we’re so curious!
  • Law enforcement…nothing angers the man more than someone getting rich easy.
  • Script kiddies…can you imagine a 15 year old kid in north dakota with the ability to ddos anyone, anytime? Remember Estonia?

Weaknesses:

  • The fact that this piece of software must actually run means that the code cannot be completely hidden. It must be unpacked to run. So running in a debugger will reveal un-obfuscated code.
  • A large volume of udp packets must be sent, both to enter the Storm network, as well as to simply maintain itself in the network. This creates a large amount of traffic to be analyzed.
  • The size of the storm network, while a strength, has also generated a huge amount of interest from both the AV, research and law enforcement fields.
  • To avoid running in a VM, the malware utilizes default settings in the software that can be easily changed to avoid detection.
  • Hard-coded bootstrapping list. A list of several hundred IPs are hard coded into the malware. Without these the program cannot run. There is no evidence of a IRC C&C backup.
Filed under: Current Events,Security ReviewsComments Off on Storm Update…holiday edition…

Keeping an Open Wireless Network?

By Kris Plunkett at 12:16 pm on | 10 Comments

I’d like to briefly share with you an interesting article by famed computer security scientist Bruce Schneier that he recently wrote for Wired. In it he argues against securing your wireless network and for having open networks that others can use. To the obvious arguments against having open networks, such as people stealing your bandwidth, using your connection to perform illegal actions, or breaking into your computers, he replies: “…I don’t think it’s much of a risk.” He claims that virtually all potential negative consequences are either highly unlikely or of no significant consequence after all. It’s very interesting to see such a radically different viewpoint on such a seemingly obvious topic from a prominent computer security expert like Mr. Schneier. I encourage you all to check it out. It’s a quick and fun read.

As for myself, I secure my wireless networks for the same reason I lock my doors. Yeah, I’d like to think that I would be doing the good Samaritan thing by keeping my house open to passer-byers urgently needing to use a bathroom, but the risk that they might take something valuable on the way out just seems too real. On that same note, although Mr. Schneier might be right in saying that the risk of legal prosecution due to me keeping my network open is small, any risk to my life and freedom is too much. So that some “people…[be] rescued from connectivity emergencies by open wireless networks in the neighborhood” is not worth life in jail. If someone needs an open network that bad, they can drive the extra half-mile down the street to the coffee shop. Scary enough is the idea that it only takes one malicious user to make your network a conduit for crime. Also, Mr. Schneier argues that one should not rely on a secure network for computer security in general, because as soon as you take your mobile computing devices to a public place, they are no longer under the umbrella of a secure network and are therefore vulnerable. I say that both the network and the computer should be made as secure as possible. This follows the basic computer security principle of overlapping controls. Or perhaps I’m just too paranoid…

Filed under: Ethics,Miscellaneous,Policy10 Comments »