Will hackers turn the 787 Dreamliner into a flying nightmare?
Do you like airplanes? I know I do. Get me inside an airport terminal and I become glued to the glass watching them move about on the tarmac. Big ones. Small ones. I love them all.
And not just from the outside. I love traveling in planes, too. In fact, I’ve flown in nearly every type of major short or long-haul jet in service. From humongous A380’s to diminutive MD88’s, I’m a seasoned veteran of the air travel game.
In fact, I pride myself on being a kind of connoisseur of commercial airliner interiors. Want to know my thoughts on the Emirates A380? Nice service, but too few toilets for the number of passengers. United Airlines 777? Spartan interior with uncomfortable seats. South African Airways A340? Old plane with an antiquated entertainment system on one of the longest of the long-haul routes (16+ hours from Johannesburg to JFK -- I fly it a couple of times a year).
Indeed, I’ve ridden them all -- well, almost all. There’s one plane type I still haven’t experienced: The Boeing 787 "Dreamliner." Despite numerous globe trotting trips in the past few years, I have yet to set foot in this marvel of carbon fiber technology. And given the new revelations about Boeing’s shoddy software QA practices, I’m not entirely sure I want to, either.
Now, I’ve never been one to fear flying. In fact, I frequently sleep right through the takeoff and landing portions of most flights. My peace of mind is derived from the fact that commercial airplanes are some of the most well-engineered and tested machines mankind has ever created, and that, statistically speaking, I’m far more likely to die crossing the street in New York City than to perish in a plane crash.
However, this latest news about potential security exploits in the OS software underpinning many of the 787’s onboard systems has me questioning my desire to add it to my bucket list of flown airframes. And the worst part is that the flaws in question are so basic -- failing to properly validate access to critical memory locations in Boeing’s customized version of VxWorks -- that they point to a degree of laziness and/or incompetence that boggles this writer’s mind.
In a nutshell, they’ve built an airplane around what sounds like the functional equivalent of Windows 3.0 (at least in terms of the inter-process memory protection model). Everything works just fine if all the code "plays nice." But introduce something malicious and there’s a (admittedly slim) chance that it’ll jump from a non-critical to a critical system. And then the sky’s the limit (literally) as to what havoc a nefarious actor might wreak.
Am I overreacting? Maybe. Perhaps Boeing is correct when they say that the exploits found by the folks at IOActive are isolated to a non-critical network and thus couldn’t be used to compromise things like flight controls or aircraft sensors. But I’d feel a lot better if, in addition to reassuring us that there was no threat, they had also promised to remediate the identified flaws directly. I mean, it’s not like they have the best track record when it comes to airplane software design.
History is replete with examples of catastrophic engineering failures that weren’t supposed to be possible yet still managed to kill hundreds or even thousands of people. Here’s hoping that the 787 is an exception to this trend, and that my highly anticipated future trip aboard a "Dreamliner" doesn’t give me my first real reason to fear flying.
Because, at my age, I need the "beauty sleep" I can get!