It’s interesting, but it tells us nothing other than “we were able to establish a presence on the aircraft’s systems.” It doesn’t say which systems, nor does it say if it was simply information disclosure or they were able to take control of vital aircraft systems.
There’s a huge difference between being able to, say, see what channels are being watched on the in-flight satellite TVs, and being able to throttle down the engines.
(Not that we shouldn’t take this sort of thing extremely seriously regardless of what they were able to do. A hole in the dike and all that…)
I would be blown away if the flight control avionics weren’t isolated from all other systems on the aircraft, let alone connected to a network which could be compromised remotely (i.e. via the in-flight wi-fi, or some other means accessible to a passenger).
Now risk has gone way up in some ways with the consolidation of more stuff onto less boxes while attackers are doing hardware attacks that break the model. If those go to airplanes, it might get bad. The older model had its own risks like piles of wiring that sometimes shorted out with the plane going splat.
Also production on these stopped in 2004. Even if there was no vulnerability in the meridade of transceivers and receivers, I would be kind of surprised if the after market retrofitting was basically akin to plugging something to the ODB2 connector.
It’s interesting, but it tells us nothing other than “we were able to establish a presence on the aircraft’s systems.” It doesn’t say which systems, nor does it say if it was simply information disclosure or they were able to take control of vital aircraft systems.
There’s a huge difference between being able to, say, see what channels are being watched on the in-flight satellite TVs, and being able to throttle down the engines.
(Not that we shouldn’t take this sort of thing extremely seriously regardless of what they were able to do. A hole in the dike and all that…)
I would be blown away if the flight control avionics weren’t isolated from all other systems on the aircraft, let alone connected to a network which could be compromised remotely (i.e. via the in-flight wi-fi, or some other means accessible to a passenger).
They’re supposed to be done like in this answer:
https://aviation.stackexchange.com/a/14823
It was also one of main reasons for development of partitioning kernels like those below that airplane and defense companies were buying.
http://www.aviationtoday.com/2006/03/01/mils-operating-systems-safety-and-security/
Now risk has gone way up in some ways with the consolidation of more stuff onto less boxes while attackers are doing hardware attacks that break the model. If those go to airplanes, it might get bad. The older model had its own risks like piles of wiring that sometimes shorted out with the plane going splat.
I would be kind of amazed if they weren’t. For starters supposedly its already happened by tapping into the in-flight entertainment center..
Also production on these stopped in 2004. Even if there was no vulnerability in the meridade of transceivers and receivers, I would be kind of surprised if the after market retrofitting was basically akin to plugging something to the ODB2 connector.