For those of you who spend your Tuesday night's at the local "hot spot", attempting to see if you can snarf the IP traffic of the caffeinated soccer mom sitting next to you with her shiney new Dell laptop (proving your kung fu is the best), it's time to aim higher.

Competition in the commercial aerospace industry is forcing manufacturers to design for the future of air travel. This includes the integration of the latest and greatest Cabin based In-flight Entertainment (IFE) offerings that have features that were once only found behind the fogged glass doors of the Captain's Lounge.

Companies like Boeing and EADS have embraced the harmonic convergence of entertainment on the intrawebs and are delivering new platforms (the 787 Dreamliner and the Airbus A380, respectively) with updated network infrastructures to support customer demand.

Networks on a plane are not new. Up until recently, purpose-driven network domains were used to support aircraft control and navigation, airline information or even passenger entertainment. Physical isolation between domains has been the primary security strategy (see IEEE article from Oct 2004!).

What's new with the latest platforms are the use of integrated networks. Airlines will provide Internet access to passengers on a Wi-Fi connection: JetBlue airlines has already started and American, Alaska, Virgin America, RyanAir, and Qantas are going to be announcing trials in 2008.

The problem is, that Wi-Fi network may now be integrated with those other formerly isolated aircraft control and airline information domains. The result? All of the every day fun of hacking your neighbor's wireless router may now be possible, at cruising altitudes from the lavatory in Economy (as mentioned in last summer's ShmooCon presentation) ...unless something is done.

Just last week, the FAA issued a "special conditions" report (mirrored copy on cryptome.org) of it's evaluation of Boeing's new 787 "Dreamliner". The FAA's report reveals "The digital systems architecture for the 787 consists of several networks connected by electronics and embedded software. This proposed network architecture is used for a diverse set of functions" that include the "Aircraft Control Domain" (ACD), the "Airline Information Domain" (AID) and the "Passenger Information and Entertainment" domain (PIED)."

The report goes on to state "Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane".

At this point, you might be asking yourself, "How, in the name of Kevin Mitnik, in this post-modern age of SSL and the Melissa virus does a major aerospace manufacturer release an airplane without a throughly segmented and secure network?"

With the price of oil rising so sharply, and the costs of air travel shooting skyward with them, all of the popular domestic and international carriers are clamoring to upgrade their aging fleets to the advanced, more fuel-efficient and customer friendly airframes. So, once again, "time to market" is driving the competition for the passenger's dollar. It has accelerated the integration of today's commonplace "web" features into these legacy systems. We all know, changes made to improve security in existing software design are often adopted too slowly. And now, the recently discovered problems of poorly designed networks are delaying delivery of these wonderful new planes.

So, if you find yourself flying through clouds on one of these new "dream" machines....and you didn't get to see the Grand Canyon or the Eiffel Tower because your sitting on the wrong side of the plane? No problem! Just pause your torrent client, jump over the network and bring 'er around for a second pass!

Thanks for flying....buh-bye!

---

UPDATE: More info from James Wallace, author and reporter covering the Aerospace industry for the Seattle Post-Intelligencer.

UPDATE: FAA Responds to Boeing Security Story on WIRED