Calling Out a GAO Report That Says In-Flight Wi-Fi Lets Hackers Access Avionics 113
An anonymous reader writes A new report from the U.S. Government Accountability Office (GAO) warns that in-flight W-Fi, including wireless entertainment and internet-based cockpit communications, may allow hackers to gain remote access to avionics systems and take over navigation. At the same time, a cyber expert and pilot called the report "deceiving" and said that "To imply that because IP is used for in-flight WiFi and also on the avionics networks means that you can automatically take over the avionics network makes about as much sense as saying you can take over the jet engines because they breathe air like the passengers and there is no air gap between passengers who touch the plane and the engines which are attached to the plane."
Kind of a dup, but here's a link that explains it (Score:5, Informative)
This is a dup story, so here's my dup comment:
See DefCon 22's avionics preso from 2014 to see what you can and can't do from a hacker's perspective.
https://www.defcon.org/images/... [defcon.org]
(Since the summary doesn't even often a link or name...this MIGHT even be exactly what the submitter is talking about.)
Re: (Score:2)
Mod this up - Seriously, if you're at all thinking this stuff might be possible read the paper for a good analysis of what is and isn't possible. (hint: your probably more at risk from signals outside of the plane then from someone inside it, and not all that much risk (for now) even then.)
Min
Re: (Score:2)
Seriously, if you're at all thinking this stuff might be possible...
Perhaps Jeff Goldblum can upload a virus that makes an animated skull and cross-bones appear on the pilot's view screen - "ar, ar, ar" - 'cause he did it in Independence Day - to an *alien* space ship. Why would human airships be any less secure? It's possible, just not very probable...
Re: (Score:2)
Yep, it's possible. There's a couple of places listed in the talk that a skilled enough attacker could maybe make inroads, but the probability is limited by the fact that the networks speak VASTLY different networking protocols. Jeff *might* be able to infect the network bridge on a couple of specific airplane models.
Of course, if it's Bruce Schneier [schneierfacts.com], just let him into the cockpit and give him the flight yoke, it'll be slower :)
Min
Re: (Score:2)
Human airships would be more secure. They don't have the ability to recompile untrusted PowerPC code.
Re:Kind of a dup, but here's a link that explains (Score:5, Insightful)
It's the same for all the hype over car systems. EVERY SINGLE EXAMPLE they have to install hardware to get access to the data interface.
So yes Terrorists can take over the airplane from their cellphones if the flight crew let them into the maintenance areas and help them install several specialized devices that give them access.
The terrorists need to make appointments so they can make sure that avionics technicians are on hand to help them
Re:Kind of a dup, but here's a link that explains (Score:4, Informative)
Fortunately pilots are less likely to do it to themselves then drivers are :).
http://jalopnik.com/progressiv... [jalopnik.com]
Min
The 777 is unique in its vulnerability (Score:4, Informative)
The 777 is unique in its vulnerability to precisely what you mention. The avionics bay access hatch is conveniently next to the toilet but behind a corner. An anonymous youtube poster who claims to be a pilot recorded a video when flying as a passenger to draw attention to this in the wake of MH370 and showed how he during a flight could get in and out of the avionics bay through that hatch with nobody noticing. Most people on board were sleeping and those who saw him, presumably thought he was just going to the toilet. The first thing to address this problem which no other plane has would be to put a fucking lock on that hatch and keep the key in the cockpit. Currently, two people with nefarious intentions can do anything to a 777 that can be done with access to the avionics and the right know-how. One just has to "stand in line" to the toilet and the other can fiddle undisturbed with all aircraft electronics. Thus I consider precisely such a "hijacking" one of the more plausible scenarios in the case of MH370. And the issue has still not been addressed.
The video was first linked to on pprune but might be unlisted and the thread is long so I can't find it but will post again, if I do find it.
Re: (Score:2)
This avionics bay access hatch vulnerability was recently reported on CNN [ironically, prior to the GermanWings disaster]
Re: (Score:2)
Re: (Score:2)
I'm not Alanis.
Perhaps, ironic was an unfortunate choice of words, but I didn't mean it in terms of sarcastic/sardonic. There is an alternate definition:
happening in the opposite way to what is expected, and typically causing wry amusement because of this.
"it was ironic that now that everybody had plenty of money for food, they couldn't obtain it because everything was rationed"
(e.g. paradoxical, incongruous)
Shortly after 9/11 when they were first proposing armoring the cockpit doors, I remember thinking: "But, what if you have [a legitimate need] to get in there?". Hence, the irony for me. If the locked out pilot had access through such a maintenance port, he might have been able to override the suicidal co-pilot.
After Germa
Re: (Score:3)
I think this is quite obvious to most engineers that have worked on safety critical systems. This whole issue is just about creating fear so some security consulting firms can make extra money. It is a tried and true method.
Every time there is an energy crisis I see a new guy on TV who has 'invented' a water powered car and just needs some money to commercialise it. Every time. They all do the same thing, have some technobabble, accept a challenge to be black-box tested by a professor at a reputable univers
Re: (Score:2)
Re:Kind of a dup, but here's a link that explains (Score:5, Informative)
Mod parent down. I attended the presentation in person. The presenter is full of shit.
He based his presentation on flight simulators and utter conjecture. Flight simulators do not model the internal workings of an airplane, but rather the flight characteristics. You can't learn how the internals work without any reference to the internals. The guy made claims about things that just aren't true. He also spread a lot of FUD - "isn't it scary that landing times are on the Internet? What evil things could I do with that?!?" Idiot. Flight plans have to be public, because they're offering travel to the public. If you don't know when the plane lands, you can't schedule a ride from family. If they don't know when it lands, they can't schedule their pickup of you.
The 'hacker' that presented that tripe doesn't know what he's talking about.
Re: (Score:2)
Flight plans have to be public, because they're offering travel to the public. If you don't know when the plane lands, you can't schedule a ride from family.
While the two kinds of data are similar, they are not identical.
The flight schedule has to be online for the reasons you gave. But the flight schedule is not the flight plan, and the times can differ by a significant amount. Every time you've arrived or left early or late, you're comparing your watch to the scheduled time. The flight plan will be much more accurate and be based on existing conditions.
For example, the "book" time for a United flight from PDX (Portland OR) to ORD (Orchard, I mean O'Hare Ch
Internal workings vs. flight characteristics (Score:1)
> Flight simulators do not model the internal workings of an airplane, but rather the flight characteristics.
Do you know that for a fact? I am not familiar at all with flight simulators, but I am familiar with car and motorcycle simulation software such as computer games. The reason I am asking you this is because some of these do emulate the internal workings of the cars, to the point that, after a race, you can generate the exact telemetry log file that the real thing would generate, in the very same f
Re: (Score:1)
Fair enough, thanks for replying :-)
Re:Kind of a dup, but here's a link that explains (Score:5, Interesting)
This story is just a slashvertisement.
The story linked (now linked in the summary) is to a guy making silly ignorant statements about how the GAO is wrong but in such a vague way that I can safely say the guy making these silly comments is wrong. He's arrogantly implying that no aircraft can be hacked because they never make any mistakes and use separate systems and a special software device (thats not a firewall!) that acts as a firewall and doesn't let the two connected networks communicate with each other ...
Also he seems to think that engines 'breath' air, and that the air inside the cabin of an airliner is not at all isolated from the air that goes into the engines.
In short, the summary refers to an article written by someone that claims to be a security expert AND pilot while at the same time making incredibly stupidly inaccurate blanket statements that any useful security officer and certainly any pilot know are too broad and vague to be true or just flat out wrong.
There most certainly IS a firewall between the passengers and the engines on commercial jet aircraft, otherwise the people would die at 30k feet. The fact that he claims to be a pilot and then claims there is no separation between the cabin and exterior is just scary.
And claiming that this other special box ... that acts as a firewall ... but since they gave it another name, its not actually a firewall, so therefor its not possible to be hacked and bypassed.
The reality of it is, what the GAO said IS TRUE. IT IS possible that 'hackers' MIGHT be able to cross the network boundaries if they are physically connected, anyone who claims this is not true knows absolutely nothing about IT security or security on complex systems in general. You work really hard to prevent it, and make certain design decisions to make it hard to cross that gap, but the instant they are connected, you've created the possibility. You can't honestly claim that your network is 100% secure and impeneratble which is what this guy is trying to claim ... about aircraft that he's never had anything to do with, never seen, knows nothing about the internal operation of ... just because he's a pilot doesn't make him suddenly privy to private information internal to Airbus or Boeing.
Once again, I repeat, this is nothing but a shitty slashvertisement. They probably paid timothy to post it to the front page, which explains why it was done in such a hurry the first time and didn't even have a fucking link in it.
Re:Kind of a dup, but here's a link that explains (Score:4, Insightful)
Hackers have a better chance of deorbiting a satellite and hitting the aircraft while it is in flight than they do taking it over from the in flight wifi.
Re: (Score:2)
a special software device (thats not a firewall!) that acts as a firewall
A firewall is a special software device. There are lots of Linux firewalls out there and other purely software firewalls. Aside from protecting against electrical attacks, there is little that can be done to a software firewall that will be different from what can be done to a software firewall. I remember cracking open a Cisco PIX and seeing a bog-standard Intel wireless card plugged into the motherboard that was running an Intel Pentium CPU. But that relatively-standard PC is called a "hardware firewa
Find the slides for his talk (Score:1)
You saw an article with simplistic pull quotes -- don't assume that's all there is.
Airliners avionics are comparatively stone age. This is not all bad. The connection between the two is one way - out.
Could someone be contemplating a linux based glass panel display that you can e-mail your flight plan to? Yes. Do private pilots often rely upon ipads for display even in IFR conditions -- probably yes. Can those instruments (both the theoretical and the actual) be compromised? Yes.
Are airliners flying th
Re: (Score:2)
I didn't know jet engines were this unsafe. I'm only flying turboprop henceforth.
Hmmm .... (Score:5, Insightful)
So, Mr cyber Expert and Pilot, other than saying "nuh uh", do you have anything to suggest there is no chance of this?
We know people can hack air gaps, and if the in-flight wi-fi is at all connected to the electronics in the airplane, there's potentially a lot of attack vectors.
And since there is no actual article, just a summary which says some guy says it can't happen ... I call "bullshit" on the whole story.
Seriously, timothy, a link to a story or this is nothing more than innuendo.
Re: (Score:1)
If you can hack an air gap down in the avionics bay, you can hack the one where a control cable runs by inches from your seat. That doesn't have much to do with the wifi.
If the wifi network is connected to the avionics network, i.e. with no air gap, that's stupid and should be fixed.
Re:Hmmm .... (Score:4, Informative)
https://www.defcon.org/images/... [defcon.org]
Different physical network. Someone in GAO misread the original report.
Re:Hmmm .... (Score:5, Insightful)
You know that little screen they put in the back of the seats? Do you think they're stupid enough to cable that into the engine management?
The air-phones? Do you think they're stupid enough to just tie that into the cockpit comms?
When you're talking life-dependent systems (which pretty much no-one here will ever have to deal with and certify, which is why all your electronics ALL say that it's not to be used in life-support devices etc.) like airbag deployment and plane avionics, it's heavily regulated, heavily specified, heavily tested and heavily scrutinised. Rarely does a aircraft system specified on the "jumbo jet" level do anything more than exactly what it's designed to do. Plane crashes are caused by outside influences, human input overriding the computer and by DESIGN decisions, not software failure because someone forgot to renew the licence of two DHCP servers fought over who assigned IP's to the engines.
It's an entirely different class of system that you want to hope that you never have to deal with. That's WHY large planes cost HUNDREDS of millions of dollars and you have to train for decades to be allowed near the switches - even if you're servicing them.
And, no, VLAN's would never operate in a system like that and if they did they'd be proven-safe mathematically and, hell, even my cheap commodity switches only respond to management requests on the management VLAN and no other.
They is why the guy responding is so clear on this. It's just not done. Ever. If you change a cable, or a panel, or redesign a bit of hatchway, or push out a software upgrade for a commercial airliner, it takes hundreds of people checking it, re-certification of the end-result, testing and all sorts.
Re:Hmmm .... (Score:4, Interesting)
As someone who has spent a great deal of his career in avionics design, both civilian and military, I fully agree.
Avionics computers are not PCs running linux or windows. They don't have generic user level applications. They are custom designed, custom built hardware with very specifically chosen components to do the specific job at hand. The application software is pretty much entirely custom. As far as operating systems, many still run home grown schedulers that provide a bare minimum of services. Only in the last 15 years or so have they even started using off the shelf operating systems and so forth. Even then, it's usually something like VxWorks or Green Hills Integrity or some other RTOS like that. But they have to use versions of the operating systems that conform to ARINC 653 [wikipedia.org]. And while ethernet has started appearing on modern systems, it's use is highly specialized. They may put an IP stack on the box to facilitate getting packets from one box to another but the content of the packets are very highly specialized and they are carefully scrutinized before they are accepted and acted upon. Not to prevent hacking but to prevent "undefined behavior". Safety requirements mandate that they carefully inspect packets coming in and drop out of spec packets according to the rules established long before the first line of code got written. Not because they're trying to prevent hacking. It's because accepting unexpected and out-of-spec data can lead to problems that make the plane hit the ground. The anti-hacking capabilities are a side effect of that scrutiny.
But even if you could get your packets into these specialized computers, how do you think you're going to hijack the box and spawn your malicious task that takes over? Like I said before, these computers aren't just PCs running Linux. They're custom built computers with an RTOS that very carefully and very deliberately partition the box to prevent tasks from corrupting each other or the operating system. And each task very specifically inspects every packet coming in before using the data so things like buffer overruns and what not simply won't work. So crafting the right kind of packet to allow you to insert your malicious code is more difficult by many orders of magnitude. Beyond that, you are extraordinarily unlikely to find a random port being open that gives you access to the OS core. That's a safety issue so it's checked before the computer can get FAA certification. The only ports available to be used are the ones that are needed and specified.
Is it 100% provable that you can't hack into the systems? No. But it's so monumentally unlikely as to be effectively impossible. Are there some systems out there that had vulnerable code make it through certification? More than likely. But even so, the threshold for making it through FAA certification is high enough that even bad code that slips through is far less vulnerable than most everything out on the commercial market.
Re: (Score:2)
I suppose if you can get into the network you can do some kind of DOS attack. But the ARINC 664/AFDX [wikipedia.org] network standard that they use has a few things to guarantee bandwidth allocation. I'm a little fuzzy on this end of it but I do believe the spec was designed so that if a box goes stupid and starts flooding the network it won't be able to bring down everyone else with it. Again, more things designed in for the purpose of safety that by happenstance cause the system to resist the effect of certain types o
Re: (Score:2)
Re: (Score:2)
You know that little screen they put in the back of the seats? Do you think they're stupid enough to cable that into the engine management?
Yes, I'd believe it if someone told me that. The air travel industry doesn't exactly impress me with their tech or the way they handle it.
Re: (Score:2, Insightful)
Honestly though, we see pretty much daily that the number of security holes in a system is proportional to its complexity.
A modern aircraft is an immensely complex maze of wiring. A 'modern' aircraft could be easily 10-15 years (or more) old, and full of systems which weren't designed with security in mind.
If you've ever sat in an aircraft seat and seen the navigation display which shows your position, altitude and speed ... you can bet your ass there is some connectivity among the systems.
So, if the defau
Re: (Score:1)
"If you've ever sat in an aircraft seat and seen the navigation display which shows your position, altitude and speed ... you can bet your ass there is some connectivity among the systems."
And this interconnectivity is typically done using something called VIDEO. Imagine a "server" that is connected to the internal avionics bus on one side and has an HDMI output on the other. It reads the avionics signals for position, etc. and produces an image. Then a second "server", that is not connected to the first
Re: (Score:2)
Put the avionics on the emitter side of an optoisolator, blindly blinking out
Re: (Score:1)
Precisely my point! It is possible to design systems in such a way that they are intrinsically un-hackable. Uni-directional gateways are one simple approach to that. There's another less sinister reason for doing it this way--cost. While it may seem to the lay person who has never worked on a safety critical system that adding a gateway adds complexity and cost, the fact is that it reduces cost.
Why? Any software that is connected to the aircraft bus must be certified through a grueling, time consuming a
Re: (Score:2)
You're making unfounded assumptions. Before they started putting those GPS displays in the seats I used to take my hand held GPS as carryon. I had all the same information and my Garmin was certainly not connected to the aircraft systems.
According to the slides somebody linked up above, the airplane avionics network is isolated from everything else (running a completely different protocol) except for a specific exception that Boeing got for some 777s, subject to a bunch of security requirements. If I wer
Re: (Score:1)
Sorry -- I cut-and-not-pasted that link; now fixed.
Re: (Score:2)
There is no microphone in an airplane (Score:3)
No seriously, the radio is not connected to the computer system, the comptuer system is extremely conservative by many standard and is not connected to the in flight wifi. You cannot have an air-gap attack without a microphone or similar device.
The gao report is a complete nonsense and was laughed out by all technical people involved in the computer system of airplane or in flight entertainment.
"So, Mr cyber Expert and Pilot, other than saying "nuh uh", do you have anything to suggest there is no c
New concept (Score:5, Funny)
Re: (Score:3)
And it totally redefines the concept of "cloud services".
but seriously, no air gap (Score:2)
Re: (Score:2)
It's a good thing everything necessary for the successful operation of a plane is contained behind that cockpit door...
Didn't read TFA (Score:1)
:)
Re: (Score:3)
Twice in 2 days. Good job
Re: (Score:2)
Re: (Score:1)
This is the CNN piece that takes a warning the government prints and gets everyone all excited, "OMG, hackers will kill us all".
Read it as a warning, what could happen if people aren't careful, but today with the aircraft that are flying, it won't happen.
Are the two networks truly separated? (Score:2)
Re: (Score:2)
Re: (Score:3)
We do, but this aero doesn't do all that electrons stuff. I deal with the magic that makes thousands of pounds magically levitate; it's the EEs that magically make disembodied human voices come out of nowhere and blinky lights obey the commands of hidden daemons. ;-)
Re: (Score:2)
Do the two networks share a piece of networking equipment at any point on the plane? Is it just two subnets with a [buggy] firewall between them?
On the 787, the answers are NO, and NO. The aircraft has more than two subnets, but does have equipment that spans more than one subnet.... Don't know about the buggy firewalls though, but I assume the firewalls are not that buggy. This was all well understood before the FAA issued the type certification and the FAA required additional work by Boeing (beyond what the existing regulations required) before they would issue the certification. The GAO is nuts.
ICAO, RTCA and Avionics manufacturers are thinking (Score:2)
This report is just a warning, then CNN gets it and asks broad questions "could someone do this??" and an expert who hasn't seen the architecture says, "sure, it could happen". He wants to say "but, in the real world, no!", of course the CNN anchor cut him off. It is possible that the pilots iPad may be connected to the passenger cabin WiFi if the pilot was connected earlier, but forgot to switch over. Connecting the iPad to the aircraft will only bring in power, nothing else. There is no way to control the
Re: (Score:2)
It's the latest in Slashdot efficiency improvements - since almost nobody reads TFA anyway, a link is just a waste of electrons.
Uhh (Score:5, Insightful)
If there's no air gap between the passengers and the engines on your flights, then I'll take another flight please.
Re: (Score:2)
Oh man, you're never going to fly again once you realise that the cabin pressure is regulated by taking some of the air ingested by the engines from between the first 2 stages. You are literally breathing the same air as the engine.
Think of the children! (Score:2)
I am sure in-flight Wi-Fi can be used by pedophiles to watch child porn! And by terrorists to plan terror attacks!!!
OMG!! We must ban it
Probable FA is from Forbes (Score:2)
Pilot: US Government Claims Of Plane Wi-Fi Hacking Wrong And Irresponsible [forbes.com]
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Exactly.
And yes, it's possible to "break through"
Re: (Score:2)
If you can maintain logical network separation, you have all you need for security. Physical separation is NOT required if logical separation is maintained.
For instance, Assuming my switches are properly implemented, I can maintain multiple VLans that flow over the same link and they are logically separate. One Vlan does not communicate with another Vlan. I have this very thing in my home, where I keep multiple logical networks. One Vlan that is my ISP's network segment (because where they enter my home
Re: (Score:2)
Yes, but that's a big if. If you've got physical separation then there's no if, and there doesn't seem to be a reason why the avionics network should be connected to anything else, and it's usually not. Boeing apparently asked for an exception to that rule. It would be interesting to find out why.
Re: (Score:2)
Physical separation does make a logical connection harder, but it still does not mean a logical connection is impossible. But my point that network security is about logical connections is still valid. You can have two networks that are not physically separated, that are not logically connected, and that's all you need for security. Yea it's harder when you don't have physical separation, but not impossible.
The reason Boeing went for this was to reduce weight, power consumption and complexity. You can sa
Re: (Score:2)
"The reason Boeing went for this was to reduce weight, power consumption and complexity."
No, it's not. They most certainly are not running the entertainment system on the same wires as the avionics. The avionics system is a real-time network that is different at a very low level. The FAA exception allowed Boeing to connect the two networks at a single point, using a "network extension device."
Re: (Score:2)
"The reason Boeing went for this was to reduce weight, power consumption and complexity."
No, it's not. They most certainly are not running the entertainment system on the same wires as the avionics. The avionics system is a real-time network that is different at a very low level. The FAA exception allowed Boeing to connect the two networks at a single point, using a "network extension device."
Ok, replace "and" with "or" and read it again.. But EVERYTHING Boeing does fits into one of these areas in some way... Well that stuff with safety and regulations too.
Re: (Score:2)
Oh for fuck's sake.. it's very simple: Avionics need to be on a physically separate network from everything else, preferably encrypted.
Why should a private network waste time encrypting and decrypting stuff?
If you've got a hacker accessing your avionics network, you have more serious issues than just whether the data is encrypted or not.
Re: (Score:2)
poorly implemented In-flight W-Fi, including wireless entertainment and internet-based cockpit communications, may allow hackers to gain remote access to avionics systems and take over navigation
There fixed that for them.
Running them on entirely separate IP-based networks would prevent it being a possibility. Coupled with secure software and firewalls for good measure, just in case.
There's a risk if everything is on the same network, but there's absolutely no reason it would need to be.
You'd think Boeing doesn't know how to do networking or something. Come on, who thinks the network in a 787 looks anything like what you have a home?
OF COURSE the flight controls are on separate NETWORKS from the in-flight entertainment systems. However, they do have equipment that is on multiple networks and I'm pretty sure there are places where separate networks may flow over the same physical connections.
What you need for security is LOGICAL separation between these networks, NOT PHYSICAL separation
A Cloud Security Company (Score:3)
Oh, the horror!!!
Sigh (Score:3)
At the very least, I'd expect a VLAN.
In actuality, I'd expect disparate, unconnected systems possibly even running in separated VLANs and subnets with IPS on the avionics controls JUST IN CASE.
Given that avionics are used to dealing with highly technological and highly critical systems, I think I could trust them to not mess it up. Especially if it in any way could even theoretically allow a possibility for an attacker to affect a flight path.
Airport security, the guy loading my luggage, or the guest wifi in the lounge? Yeah, separate problem with trust in question. But on-board wifi? I'd be damned if you could send a single packet from the wifi to the avionics even in theory.
Re: (Score:2)
You are correct.. They maintain LOGICAL separation very well. Most people confuse the LOGICAL separation issue with PHYSICAL separation and think that you need to have the latter or you don't have the former. But even with physical separation, you don't have logical separation all the time.
Security requires LOGICAL separation, but that does not require physical separation.
Re: (Score:2)
Re: (Score:2)
They have touch points physically... There are some things the WiFi systems just need to know that come from the flight control systems, or systems which are attached to systems which are attached to... (You get the idea)
Where I seriously doubt there is a direct logical connection, where some hacker just needs to know the right IP address to adjust the auto pilot or something, there are physical data connections between the wifi network and the flight controls.
Re: (Score:1)
The IP protocol is not deterministic and therefore is not used for avionics. The very few network topologies used are not used for flight critical inputs. ARINC 429 is the networked bus used, and that only for mission data, not flight safety critical data.
Re: (Score:1)
Mod parent up, he is exactly right.
See ARINC 429 [wikipedia.org] for more insight into it. (Since you can do IP over almost anything, including avian carriers, there's probably a way to do IP over ARINC 429, but AFAIK they don't, and it's not your standard Ethernet by a long shot.)
The Same Air (Score:2)
If you're talking about passengers and engines breathing air, then any separation wouldn't be an air gap.
The separation we have now is an aluminum and plastic gap. And it works.
How it all works (Score:4, Informative)
1. My First Ever Post, please go easy
2. I'm an aircraft engineer with about 12 years in the industry with experience of small and large jets, with both the big orange airline in Europe and the "other" british long haul carrier based at Heathrow.
The WiFi system on board arrives at the plane via a dedicated satellite reciever designed for the specific task of internet connectivity. From there it plugs into the In Flight Entertainment system and the signal is projected via specially designed wifi routers that allow passengers to connect. At no point do the IFE system and the Avionics systems inter-connect physically. Furthermore, the IFE computers are actually stored under each row of seats and drive that row's IFE. Ever kicked that steel box under the end row? Thats the IFE controller for your row.
The avionics systems are connected using an ARINC 429 system - http://en.wikipedia.org/wiki/ARINC_429. This is similar to a home network, but extremely specialised and focused on the job at hand. You cannot hack the IFE system and "get" into the Avionics. Yes, "Air Gap" hacking has been proven. Thats on computers that are next to eachother, not sat 100+' away through aluminium floor supports and all the other cabin interior. Who ever wrote the subject article has clearly never looked at the technicalities of what he is suggesting.
Thanks
be more worried (Score:2)
about coordinated attacks leveraging onboard wifi.
I am envisioning Adama (Score:1)
IP Networks, No (Score:1)
The problem (Score:1)
Is how do you explain this to the sheep without coming across as condescending.... see what I did there?
in theory they separate but.... (Score:1)
CSI:CYBER - (Score:1)
This all misses the point (Score:2)
The GAO report is actually about the cybersecurity of the FAA. The comment about security on the airplane actually starts out by explicitly pointing out that this isn't a problem right now. It MIGHT become one in the future and they aren't satisfied with how the FAA would deal with hybrid system in modern planes. This entire blogpost is a bullshit response to a rather good report.
The GAO simply wants the FAA to increase their cybersecurity. I don't think that is a big problem.
Due diligence required (Score:2)