Pen Test Partners: Boeing 747 walk through, from a hacker’s perspective

The Boeing 747 is one of the best known and most popular airliners of all time. Designed in the 1960s and entered service in 1970, it was the largest airliner in the world in terms of passenger capacity for 37 years, until the arrival of the Airbus A380 in 2007.

Recently, British Airways decommissioned its fleet of 747s and a cybersecurity company, Pen Test Partners, had the opportunity to explore the operation of a 747-400 up close.

In an online conference held during the DEF CON many technical details of the inspection were presented, below are some highlights:

  • The navigation database is updated every 28 days, using 3.5-inch diskettes [1]
  • The “server-room” is located beneath the floor of the lower passenger deck
  • Cabling is almost all Ethernet, but used in a different way from normal computer networks, according to the ARINC 629 standard
  • The OS is a real-time VxWorks, which is used in a number of airliners’ internal networks

Pen Test Partners’ analysts published a video containing a detailed exploration of 747’s systems, including the 3.5 floppy disk:

Are you surprised by backwardness of Boeing 747’s systems? It gets worse: Boeing 787s, far more modern than 747s, need to be turned off and on every 51 days [2], otherwise the flight system, filled up with old data, could provide misleading information to pilots!


References

  1. Pen Test Partners: Boeing 747s receive critical software updates over 3.5″ floppy disks
  2. Boeing 787s must be turned off and on every 51 days to prevent ‘misleading data’ being shown to pilots

Related posts

  1. Red Commander: open source Red Team C2 Infrastructure
  2. Backdoorplz, a privilege escalation tool for Windows
  3. curl: my own cheatsheet
  4. Windows Service Accounts enumeration using Powershell
  5. TLDR #2: Cross-Site Request Forgery