Access Codes For United Cockpit Doors Accidentally Posted Online (techcrunch.com) 109
According to the Wall Street Journal, the access codes to United's cockpit doors were accidentally posted on a public website by a flight attendant. "[United Continental Holdings], which owns United Airlines and United Express, asked pilots to follow security procedures already in use, including visually confirming someone's identity before they are allowed onto the flight deck even if they enter the correct security code into the cockpit door's keypad," reports TechCrunch. From the report: The Air Line Pilots Association, a union that represents 55,000 pilots in the U.S. and Canada, told the WSJ on Sunday that the problem had been fixed. The notable thing about this security breach is that it was caused by human error, not a hack, and illustrates how vulnerable cockpits are to intruders despite existing safety procedures. The Air Line Pilots Association has advocated for secondary barriers made from mesh or steel cables to be installed on cockpits doors to make it harder to break into, but airlines have said that they aren't necessary.
In case you wondered... (Score:5, Funny)
It is 0000
Re:In case you wondered... (Score:5, Insightful)
You joke, but you'd be surprised how much critical infrastructure is insecure simply because "Hey, nobody can get here anyway".
Re: (Score:3)
2580 opens a surprising number of electronic security doors, including some hospitals and brothels I know of.
Re: In case you wondered... (Score:2, Funny)
Re:In case you wondered... (Score:5, Informative)
The code doesn't matter that much. There are two codes, a normal one and an emergency one.
The normal code just makes an audible signal in the cockpit. The pilots then look at the camera screen to make sure that it's a crew member with no terrorists behind him/her. If all looks OK, they flip a switch to unlock the door. So what if a terrorists knows the code? The pilots will see "hey, that person's not supposed to enter" and keep the door shut. And yes, we do always check the camera. Our life could depend on it.
Then what about the emergency code? It causes a similar sound that goes on for 30 seconds. If no action is taken by the pilots during those 30 seconds, the door is briefly unlocked so it can be pushed open. However, the pilots can simply block entry with a single switch. Since they have 30 seconds to do so, this is not really a big security risk either. The purpose is just to allow a crew member to enter if the pilot(s) are incapacitated.
People get freaked out "OMG they have the access codes to the cockpit" but in reality this really is a non-issue. We had the same problem in my company, some comedian said the codes on a radio show and we got all these memos changing the codes and reminding us how vitally important it supposedly was that they were kept secret. Big deal. They might as well install a simple button instead of a keypad, it wouldn't make a difference.
Re: (Score:1)
However, the pilots can simply block entry with a single switch. Since they have 30 seconds to do so, this is not really a big security risk either.
Ok... This is a good idea UNLESS the hostile force is Already in the Cockpit, OR the emergency is so imminent that everyone will be dead in 30 seconds. So if the terrorist is already in the cockpit, they can just take their time and keep everyone locked out, AND use the locked steel door to protect the terrorist from the passengers, Passengers who
Re:In case you wondered... (Score:5, Insightful)
Well, if the terrorists are already in the cockpit, all bets are off. Obviously. Do you have a better idea?
Re: (Score:3, Informative)
Re: (Score:2)
Look, this is Slashdot. Without fail some guy will spend maybe three seconds thinking and then post his pin-headed conclusion about what's wrong with something, as if everyone else in the world is an idiot and can't consider even the simplest things. That guy is always wrong.
No I'm not! Well, not every time. I hit the nail on the head occasionally with a wildly thrown rock.
Re: (Score:3)
The world is always more rational and well-organized in mom's basement.
That being said, I do think there are a disturbing number of times that large groups and organizations perpetuate some really bad designs/systems and a fix is obvious (and sometimes even tested) to an outsider. Kind of an emperor wears no clothes kind of situation, and probably, if you looked into it, it's something perpetuated for reasons (like making money) that have nothing to do with problem solving or design.
Re: (Score:2)
Well, if the terrorists are already in the cockpit, all bets are off. Obviously. Do you have a better idea?
Yes -- PIN+Biometric; a Two-Person rule for opening the security door, multiple automation and redundant systems, and ground crews monitoring commercial flights with an ability to remotely override a rogue pilot.
Re: (Score:1)
And then that system gets hacked and flies the plane into a mountain with the pilots powerless to do anything about it. Try again.
Re: (Score:2)
system gets hacked and flies the plane into a mountain with the pilots powerless to do anything about it.
The system need not allow that, just like current flight automation systems could deny the pilots' from doing that.
I don't think there's a material change of risk in that. Commercial planes ALREADY rely on automated navigation systems and software -- the pilots are already dependent on the computer, and already rely on consent of the computer to do any manual flying.
At least by having a ground sec
Re: (Score:2)
We don't "rely on the consent of the computer to do any manual flying". We can turn off the autopilot at any time. On Airbus there are a few very basic protections that are still active in manual flight (excessive load factor, bank angle, stall) but even those can be turned off by degrading the system to the most basic flight mode.
There is currently NO system that prevents the pilots from flying into a mountain. We do have Enhanced Ground Proximity Warning System, but it's only an aural warning. Occasionall
Re:In case you wondered... (Score:4, Funny)
They might as well install a simple button instead of a keypad, it wouldn't make a difference.
Unless the pilots are incapacitated and there's a terrorist onboard! Are you trying to get us all killed?!
What if they put a call out for a doctor to treat the pilots and the online doctor onboard is a terrorist... wait, forget I said that, it's copyrighted and you can't have it because it's my screenplay now.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
:~$ update pin 0000
Re: (Score:3)
The obligatory xkcd [xkcd.com].
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
Actually the real code is 58008
Re: (Score:2)
Actually, it's 12345.
Re: (Score:3)
Because United is run by Assholes.
Re: (Score:2)
That was actually the code to get into one of the high rises I used to live in. You could use the phone in the entryway to call up to units to be buzzed in, but it would unlock the door if you dialed 0000. Management was stunned when I demonstrated this to them and finally changed the default code.
Building security was crap overall. There had been numerous break-ins and the foolish condo association wouldn't pay for 24 hour security.
Re: (Score:2)
When I lived in a tenement there was a service button which would let you in if you buzzed it before 10am. I think that's quite common here (Scotland) so I guess our criminals are known to never get up early.
Re: (Score:2)
That's amazing. I've got the same combination on my luggage
The access code is (Score:4, Funny)
1... 2... 3... 4........ 5
Re: (Score:1)
But the new secure and safe version is 123456.
Re: (Score:2)
Re: (Score:1)
That's the same combination I have on my luggage
Seems we are a good path. (Score:1)
Once the cockpit security barrier reaches about half the airplane's weight, things will settle into a steady state, I guess.
Re: (Score:2)
Technology for remote (or alternatively autonomous) operation is existing, it 'only' needs certification for passenger transport.
And then someone hacks the link or breaks in to the operating center and we're back at square one.
Re:Seems we are a good path. (Score:5, Informative)
Technology for remote (or alternatively autonomous) operation is existing, it 'only' needs certification for passenger transport.
It would need a little more than just certification.
People always go "80% of crashes are due to pilot error, so let's get rid of the pilots, the autopilot can fly the plane by itself anyway". What they don't know, is how often automation screws up and no crash occurs because the pilots were there to prevent it. In 20 years of flying I've had quite a few of those.
In fact, a lot of "pilot error" crashes were really due to automation failures where the pilots were (rightfully) blamed for not having intervened. Autothrottle pulls the throttles back to idle at 1000 ft because a failing radio altimeter said the plane was about to touch down? Pilot error, they should have seen the throttles move backward and the speed decrease, and should have immediately reacted by taking manual control. As other pilots have on numerous occasions.
Another example, the Air France flight from Rio that stalled and crashed into the Atlantic. Yes, the pilots stalled the airplane. But the only reason they were flying manually was because the automation had already given up. The same situation had already occurred with other crews and they had corrected the situation without crashing.
Take the pilots out, with the current state of technology, and you'll see two orders of magnitude more crashes.
How many military drones do they have flying around? Only a few, a ridiculously small number compared to passenger aircraft, yet drone crashes are a pretty frequent occurrence. Even though their missions are usually extremely simple: take off in good weather, fly a predetermined GPS trajectory, come back along a fixed trajectory and land in good weather. And they are vastly simpler mechanically because they don't need things like air conditioning, seats, etc. Yet they crash all the time.
Come on, we can't even write a word processor or spreadsheet that doesn't crash occasionally, and you want to make automatic planes?
Why do they have set codes? (Score:3)
The bigger question is why they have set codes at all. There are only a set number of people on each flight who might need to access the cockpit. They should really just have the pilots set a code before anybody else boards the plane, and have the relevant people notified of the code before the flight. Even better if the code is random generated by a computer.
Re: (Score:1)
Re: (Score:2)
And a code to key in that does nothing but tell the people inside the cockpit that the person outside knows the code isn't a joke?
Re: (Score:2)
Which isn't a problem considering that the pilot is inside the cockpit and technically, when you stand next to him and could read his hand crib sheet, you don't need it anymore.
Flight attendants, on the other hand...
Re: (Score:3)
The bigger question is why they have set codes at all. There are only a set number of people on each flight who might need to access the cockpit. They should really just have the pilots set a code before anybody else boards the plane, and have the relevant people notified of the code before the flight. Even better if the code is random generated by a computer.
The Germanwings crash is a good example of this. With codes that can be changed from inside the cockpit, once someone has access they can deny access to anyone else. Also, you could have crew (both cockpit and cabin crew) operate 3 different aircraft in a day depending on their schedule, or at elast operate with different crews. If there is an emergency and you need to access the cockpit (maybe a pilot has a medical emergency and the other pilot has to handle actually flying the plane and contacting ATC
Re: (Score:2)
The bigger question is why they have set codes at all. There are only a set number of people on each flight who might need to access the cockpit. They should really just have the pilots set a code before anybody else boards the plane, and have the relevant people notified of the code before the flight. Even better if the code is random generated by a computer.
The Germanwings crash is a good example of this. With codes that can be changed from inside the cockpit, once someone has access they can deny access to anyone else. Also, you could have crew (both cockpit and cabin crew) operate 3 different aircraft in a day depending on their schedule, or at elast operate with different crews. If there is an emergency and you need to access the cockpit (maybe a pilot has a medical emergency and the other pilot has to handle actually flying the plane and contacting ATC so a flight attendant needs to assist the pilot with the medical issue) it is a lot easier to remember one standard password than what the password happens to be for this leg of your shift.
Yeah we obviously can't have a system where the captain cannot get into the Cabin from the outside, because we have cunts like Andreas Lubitz on the planet. I hope I get a chance to piss on his grave someday.
Re: (Score:2)
The correct way is to have each plane programmed individually by a security officer and then only the assigned personnel for that flight will have the access through their keycards and codes.
To allow for emergencies additional personnel could be added but never removed, but adding additional persons wold require that two different persons codes in the added personnel.
It's of course an inconvenience to have systems like this, but the inconvenience of being dead is worse.
An alternative is to have the cockpit
Re: (Score:2)
Re: (Score:2)
That's my thinking too.
By having the same code for every door, United has just implied that all stewardesses, both on flights and on the ground, know the code.
This is beyond retarded.
Re: (Score:2)
Here's a thought. Instead of something you know (a PIN), to control cockpit access requests use something you have -- maybe a piece of metal with some unique notches cut into it. We could call it ... I dunno ... maybe a "key". Might have a few problems (many of the same ones a PIN has), but it's unlikely to get written down or posted inadvertently on the internet.
Strong door have a downside... (Score:5, Insightful)
https://en.wikipedia.org/wiki/... [wikipedia.org]
According to French and German prosecutors, the crash was deliberately caused by the co-pilot, Andreas Lubitz.[29][97][98] Brice Robin said Lubitz was initially courteous to Captain Sondenheimer during the first part of the flight, then became "curt" when the captain began the mid-flight briefing on the planned landing.[99] Robin said when the captain returned from a probable toilet break and tried to enter the cockpit, Lubitz had locked the door.[29][97] The captain had a code to unlock the door, but the lock's code panel can be disabled from the cockpit controls.[7][100] The captain requested re-entry using the intercom; he knocked and then banged on the door, but received no response.[101] The captain then tried to break down the door.[16][77][102] During the descent, the co-pilot did not respond to questions from air traffic control and did not transmit a distress call.[103] Robin said contact from the Marseille air traffic control tower, the captain's attempts to break in, and Lubitz's steady breathing were audible on the cockpit voice recording.[97][104] The screams of passengers in the last moments before impact were also heard on the recording.[99]
After their initial analysis of the aircraft's flight data recorder, the BEA concluded that Lubitz deliberately crashed the aircraft. He had set the autopilot to descend to 100 feet (30 m) and accelerated the speed of the descending aircraft several times thereafter.[105][106] The aircraft was travelling at 700 kilometres per hour (430 mph) when it crashed into the mountain.[99] The BEA preliminary report into the crash was published on 6 May 2015, six weeks later. It confirmed the initial analysis of the aircraft's flight data recorder and revealed that during the earlier outbound Flight 9524 from Düsseldorf to Barcelona, Lubitz had practised setting the autopilot altitude dial to 100 feet several times while the captain was out of the cockpit.[107][108]
Re:Strong door have a downside... (Score:5, Interesting)
cockpits should have their own loo. airlines would be against this, too. surprise surprise. that's even more expensive than reinforcing the doors even more than they have been already. that extra 10 square feet of cabin space could hold at least 6 paying passengers!
I'm sure they could have made some kind of double-entry toilet, the question is how much of a difference it'd make. Even if we assume he was too cowardly to directly assault the other pilot, he could have drugged his food, blocked the toilet door, created some kind of pretext to get the captain to go to the passenger/cargo area or whatever. Even getting him to the doorway would be enough if you can just push/throw/kick him out and slam the door shut behind you. It's a trusted co-worker, not someone you'd suspect being a potential hijacker/terrorist so he wouldn't see it coming.
Re: (Score:2, Insightful)
Re:Strong door have a downside... (Score:4, Interesting)
We dont really have any way to protect against the possibility that the pilot may be not want to live..
That's not remotely true. The actions of that GermanWings pilot would have never worked in the US. When a pilot leaves the cockpit, someone else from the crew takes his place. If you watch you'll see that they notify the flight attendants that someone is planning to leave the flight deck. Two flight attendants come forward. One blocks the aisle with a cart and the other goes into the cockpit before the pilot leaves. The US requires there to be at least two people inside of the cockpit at all times. So unless you find a rare situation where both pilots want to die, or one pilot is willing to have a physical altercation with the other prior to killing the entire flight, you'll be okay. They are not allowed to eat the same meals. One would not be messing with the others meals to drug them. Perhaps they could drug them through their coffee, but otherwise there are no real situations where a pilot can destroy the other plane without some sort of physical struggle.
Re: (Score:1)
Re: (Score:2)
A male flight attendant, on the other hand, could probably sucker punch or strangle the pilot.
Well, they certainly get enough practice on the passengers!
Re: (Score:2)
Steel mesh/cable not necessary. BS! (Score:2)
That and manual deadlocks on the inside.
The reasons airlines don't want to put them in?
* Expense (because retrofits on existing planes isn't just "EXPENSIVE!!!", it's "FUCKING EXPENSIVE!!!"
* Weight savings. A reinforced door and manual/ratcheted lock bar could easily add another 5-800 lbs to a plane. That's EASILY 3-5 passenger fares.
Save money vs save the crew's life? Fuck the crew! SAVE THE MONEY!
It's like these little 7-11 Slurpee stores in high crime areas. They get robbed repeatedly, yet they don'
Re: (Score:2)
How expensive is it to replace the cashier?
Exactly.
Re: (Score:2)
To be fair, back in college (early '80s), I pulled graveyard at a 7-11. During training we were taught that if someone came in armed, give him whatever the hell he wanted. The actual words they used were "We can replace money, we can't replace you".
Re: (Score:2)
Yes, I would tell you exactly the same. If for no other reason than you hating me for telling you otherwise.
Re: (Score:2)
You've never had a wrongful death lawsuit filed against you have you?
Re: (Score:2)
Is it my fault that the robber came in and shot the guy? It's not like I hired him or told him it's a good idea. There's even a sign in the window that it's pointless to rob the store because the clerk can't access the big bucks, they're in a steel box (mostly so the little asshole can't steal from me... I mean, for the cashier's safety, of course).
Re: (Score:2)
So the answer is "no", you haven't had a wrongful death suit filed against you.
A wrongful death suit is a civil suit. So there is no burden of proof protecting you. Such suits run on preponderance of evidence.
If your establishment has been robbed multiple times in the past, and one of your employees was eventually killed, his family could get you for wrongful death simply by dropping all those previous police reports in the jury's lap and go "See! Didn't take appropriate precautions to safeguard his empl
Re: (Score:2)
Note to self: Hire orphans. Lack of relatives lowers the chance of lawsuits.
Re: Steel mesh/cable not necessary. BS! (Score:1)
Why do they not just use the 5 lb door if the range is so large?
Re: Steel mesh/cable not necessary. BS! (Score:1)
Nah the only thing they have to do is put a note on the door: "Illegal for terrorists to enter" and the problem will go away.
Re: (Score:3)
That and manual deadlocks on the inside.
The reasons airlines don't want to put them in?
* Expense (because retrofits on existing planes isn't just "EXPENSIVE!!!", it's "FUCKING EXPENSIVE!!!" * Weight savings. A reinforced door and manual/ratcheted lock bar could easily add another 5-800 lbs to a plane. That's EASILY 3-5 passenger fares.
Save money vs save the crew's life? Fuck the crew! SAVE THE MONEY!
Aircraft crews are trained to repel attackers, quite a few in the US are armed now with the FFDO program, there are simple methods beyond a lock that can slow down any attempt to open the cockpit door by force (for example on MD-80 type aircraft, simply putting down the jumpseat would slow anyone down), and as a last resort they literally have a weapon on hand (the crash ax). Also, especially in the US, there is a very good chance that at least one of the cockpit crew is former military and has had self de
Only one pin for all planes?? (Score:2)
Why not distinct codes for each plane, or each flight? If there's only one master code for all planes, all a potential hijacker has to do is kidnap a flight attendant and beat it out of them.
As it is, there might as well not be a code at all. It'd be just as secure to use "Shave and a haircut" as a secret knock.
Re: (Score:1)
Flightcrews dont fly the same plane every day, and rather than risk losing millions of dollars by regularly having planes stuck on the tarmac while somebody calls a locksmith, the airlines (correctly) noted that this secure cockpit door stuff is just theatrics & set them all on the same password because frankly it doesnt fucking matter.
Re: (Score:2)
I would suggest two-factor with a Biometric + Personal code for each authorized person across the fleet, synchronized from a source database.
Re: (Score:2)
That's just plain dumb, right? Flight crews can't remember more than one 4 digit number?
Why not distinct codes for each plane, or each flight? If there's only one master code for all planes, all a potential hijacker has to do is kidnap a flight attendant and beat it out of them.
As it is, there might as well not be a code at all. It'd be just as secure to use "Shave and a haircut" as a secret knock.
Except that there is a lockout that can be enabled while the plane is in flight. So even having the code does not guarantee you access to the flight deck.
Re: (Score:1)
Re: (Score:2)
And remembering a 4 digit number for a few hours isn't exactly a feat of memorization. It's well within the average person's ability.
"airlines have said that they aren't necessary" (Score:2)
Is this considered... (Score:1)
Element of Surprise is Gone (Score:2)
I'm not worried once I get through security.. my biggest concern is someone blowing up the line for security. Not saying it's impossible to sneak through security with bad intentions but by that point you've gone through multiple laye
Re: (Score:3, Informative)
Re: (Score:3)
Re: (Score:2)
we know that Ted Cruz was born in Canada and he was still OK to run for president because he had one US citizen parent (even if Obama was born in Kenya, his mother was still a US citizen) and nobody complains about him
Oh, I'm still complaining about him.
Re: (Score:3)
The airplanes were fully fueled. The fuel basically ignited on crash and flooded the top floors and then dripped down over the elevator shafts and stairs.
Also: The pilots banked the planes just before impact, so the fuel was distributed across at least three floors. (You can see it happen in the film of the second plane's impact.)
Once enough (say, three) floors had collapsed onto one below, the load on that floor was enough to detach it from the sides of the building (where the vertical strength was) and
Re: (Score:2)
The truther in you is coming out.
Re: (Score:2)
Re: (Score:3)