Planes Can Be Hacked Via Inflight Wi-fi, Says Researcher

← Back to Stories (view on slashdot.org)

Planes Can Be Hacked Via Inflight Wi-fi, Says Researcher

Posted by samzenpus on Monday August 4, 2014 @06:57AM from the protect-ya-neck dept.

wired_parrot writes In a presentation to be shown Thursday at the Black Hat conference, cybersecurity consultant Ruben Santamarta is expected to outline how planes can be hacked via inflight wi-fi. Representatives of in-flight communication systems confirmed his findings but downplayed the risks, noting that physical access to the hardware would still be needed and only the communication system would be affected.

151 comments

Min score:

Reason:

Sort:

yes... by gandhi_2 · 2014-08-04 07:00 · Score: 5, Funny

... but only by using Python.

--
THL phish sticks
1. Re:yes... by Anonymous Coward · 2014-08-04 07:06 · Score: 5, Funny
  
  Get these motherfucking scrips off my motherfucking plane!
2. Re:yes... by Anonymous Coward · 2014-08-04 07:13 · Score: 0
  
  Why would you need legal tender substitutes off the plane?
3. Re:yes... by Anonymous Coward · 2014-08-04 07:28 · Score: 0
  
  Why do they have to be tender? I like my cash like I like my women: cold and hard.
4. Re:yes... by CanHasDIY · 2014-08-04 09:06 · Score: 2
  
  I like my cash like I like my women:
  Bound in rolls and stuffed into a dufflebag?
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
5. Re:yes... by Fear+the+Clam · 2014-08-04 10:44 · Score: 2
  
  I like my cash like I like my women:
  Soiled and devalued?
  On fire to light your cigar?
  New and plastic?
  Given to street musicians and the homeless?
6. Re:yes... by Anonymous Coward · 2014-08-04 14:47 · Score: 0
  
  To buy your meds with, duh.
7. Re:yes... by davester666 · 2014-08-04 20:21 · Score: 1
  
  with a light dusting of cocaine...
  
  --
  Sleep your way to a whiter smile...date a dentist!
8. Re:yes... by bkcallahan · 2014-08-05 04:18 · Score: 1
  
  I was thinking of giving a perl necklace...
So, which is it? by timrod · 2014-08-04 07:01 · Score: 4, Insightful

Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.
1. Re:So, which is it? by Anonymous Coward · 2014-08-04 07:23 · Score: 2, Funny
  
  Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.
  It's a bit odd to talk about physical access when speaking about a metal tube flying along at 35,000 feet.
  It's not like attacks are going to take place outside the plane.
2. Re:So, which is it? by Anonymous Coward · 2014-08-04 07:25 · Score: 4, Funny
  
  That is what William Shatner thought.
  CAPTCHA: afraid
3. Re:So, which is it? by Jane+Q.+Public · 2014-08-04 07:28 · Score: 5, Insightful
  
  Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.
  Any airplane manufacturer that is stupid enough to link their passenger wi-fi system to ANYTHING else, deserves to get a few planes stuffed into the ground. Same with auto companies. If true, the whole thing is about as lamebrained as it gets.
4. Re:So, which is it? by Anonymous Coward · 2014-08-04 07:28 · Score: 0
  
  There's...something on the wing!
5. Re:So, which is it? by Anonymous Coward · 2014-08-04 07:32 · Score: 1, Funny
  
  Any airplane manufacturer that is stupid enough to link their passenger wi-fi system to ANYTHING else, deserves to get a few planes stuffed into the ground.
  Preferably with you on board.
6. Re:So, which is it? by jittles · 2014-08-04 07:55 · Score: 4, Interesting
  
  Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.
  Any airplane manufacturer that is stupid enough to link their passenger wi-fi system to ANYTHING else, deserves to get a few planes stuffed into the ground. Same with auto companies. If true, the whole thing is about as lamebrained as it gets.
  Volkswagen hooks up their audio systems to the CANBUS on cars. Those audio systems may have bluetooth enabled. This may allow a hacker to get onto the CANBUS via BT. I haven't tried, but it's definitely something that one could attempt. Other manufacturers do this also, such as GM and Chevy.
7. Re:So, which is it? by geekoid · 2014-08-04 08:02 · Score: 4, Insightful
  
  Yes, hundreds of people 'deserve' to die. It certainly not the person doing the attacks fault at all.
  Idiot.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
8. Re:So, which is it? by Jane+Q.+Public · 2014-08-04 08:07 · Score: 3, Interesting
  
  Other manufacturers do this also, such as GM and Chevy.
  Yes, that was my understanding as well. And that was my point. It just doesn't look very smart, from where I sit.
  
  In my view (which I would be happy to review and modify if someone has a better idea), you have 3 basic systems in a modern automobile. In order of importance: [1] critical control and feedback, [2] internal environment, and [3] entertainment.
  
  [1] and [2] should have strictly limited communication, if any. [2] and [3] should probably have none, and [1] and [3] should not communicate at all under any circumstances.
9. Re:So, which is it? by Anonymous Coward · 2014-08-04 08:09 · Score: 0
  
  Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.
  Any airplane manufacturer that is stupid enough to link their passenger wi-fi system to ANYTHING else, deserves to get a few planes stuffed into the ground. Same with auto companies. If true, the whole thing is about as lamebrained as it gets.
  Yeah, well guess what...
  How expensive do you think it would be to take the tens of thousands of airliners currently existing, retrofit them with separate new WiFi hardware and get that certified by the FAA or other appropriate governing body?
  Compare that to the cost of simply plugging a wireless access point into existing computer systems.
  Given how the FAA is almost certainly the subject of regulatory capture, which one do you think is going to happen?
10. Re:So, which is it? by Jane+Q.+Public · 2014-08-04 08:09 · Score: 1
  
  Stupidity has a price. I didn't make things that way.
11. Re:So, which is it? by malacandrian · 2014-08-04 08:13 · Score: 1
  
  Volkswagen hooks up their audio systems to the CANBUS on cars. Those audio systems may have bluetooth enabled. This may allow a hacker to get onto the CANBUS via BT. I haven't tried, but it's definitely something that one could attempt. Other manufacturers do this also, such as GM and Chevy.
  A 2009 study claim to have managed it. Given the range & pairing requirements of BT though, it does mean crashing a car that you're currently in. Giving the victim a specially prepared CD that will hack the CANBUS half way through their road trip seems a much more sensible idea to me.
12. Re:So, which is it? by Charliemopps · 2014-08-04 08:14 · Score: 0
  
  Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.
  I'm going to guess it's both. Someone likely needs to flip some physical switch or whatever... but Mr Santamarta thinks social engineering could be used to trick the pilots into doing it for you. Something along those lines.
13. Re:So, which is it? by Anonymous Coward · 2014-08-04 08:18 · Score: 1
  
  Connected != Access.
  Just because some device is connected to via Bluetooth and that same device has a CANBUS connection does NOT mean you can now get from the Bluetooth and onto the CANBUS. It only means that it might be possible from that direction. Hack away and try, but you have a snowball's chance of getting though the radio.
  Just like in aircraft, being able to access the WiFi network which might actually be connected to some device that might be connected to the network that the satellite gear is managed on makes it theoretically possible, but doesn't mean that it is likely something this yahoo can actually do from seat 14F using his laptop. Until recently the FAA didn't allow interconnections between essential systems and cabin entertainment stuff at all, at least at the data level (yea they let the flight controls turn power on and off, just no data connections.) Then there is the whole, so you are successful, what's it going to matter? Despite what you might think, the guys up front are still going to function just fine without the digital satellite links anyway.
14. Re:So, which is it? by Anonymous Coward · 2014-08-04 08:30 · Score: 0
  
  Because the passengers are at fault for something they had no hand in? Jesus fuck you're an idiot.
15. Re:So, which is it? by ThatsMyNick · 2014-08-04 09:10 · Score: 0
  
  Yes, hundreds of people 'deserve' to die. It certainly not the person doing the attacks fault at all.
  Idiot.
  How does pwning the infotainment system lead to death. People might become bored to death, but I cant imagine anything else happening.
  The crew can simply turn off the infotainment system, and go on with their work. There is a reason the infotainment system is not relied on, and attendants still use verbal instructions for everything (including the initial safety spiel)
16. Re:So, which is it? by NoKaOi · 2014-08-04 09:19 · Score: 2
  
  "Planes Can Be Hacked" really means "Planes' Satellite Communication System Can be Hacked." That's a huge distinction. A malicious hacker still can't control the plane or it's radio communications, which are the important things. There are good reasons why the FAA is strict rules about airplanes not relying on satellites.
  To give you an idea of the technical prowess of the article: "he discovered the vulnerabilities by "reverse engineering" - or decoding - highly specialized software known as firmware." But it seems the "researcher" is trying to sensationalize things:
  "In theory, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft's navigation and safety systems, Santamarta said."
  Now let's read between the lines. Avionics is any kind of electronics, even the entertainment system, so really no big deal, they can't hack anything important. For the "navigation" systems, he's not talking about GPS (even if he were it wouldn't be a big deal, airplanes can navigate just fine without GPS), but the communication system does send the GPS location, altitude, and speed back home. If that goes down, not a big deal because that's not what air traffic control relies on.
  The worst that could happen is causing a panic by putting porn up on a flight to Disneyland and reporting back an altitude and speed of zero, which I'm sure would prompt a quick call to someone with air traffic control info who would say everything is fine. It would also prompt a lawsuit from the parents of small children for subjecting them to porn, but that would be made up for by ticket sales from college students wanting to fly that airline for their spring break vacation.
17. Re:So, which is it? by AmiMoJo · 2014-08-04 10:06 · Score: 1
  
  An attacker could always just bankrupt the airline by chewing up masses of satellite bandwidth for hours on end. uTorrent and a few Linux ISOs should be good for about $100m in overage charges.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
18. Re:So, which is it? by Anonymous Coward · 2014-08-04 10:14 · Score: 0
  
  If they own a smartphone to access said wifi they do need to die though. They are already brain dead.
19. Re:So, which is it? by boaworm · 2014-08-04 10:18 · Score: 2
  
  The pilot can use these data link communication channels to make his/her life easier. As an example, when asking for a new flight level clearance, they can (given up2date Flight Management System computers) dispatch a digital message to ATC (Air Traffic Control) rather than using the radio. A bit like sending a text message. This can be far more reliable than long-range radio where the audio quality isn't great. Similarly, the ATC can confirm the flight level clearance (climb or descent) via a data message, rather than over radio. The FMS display will confirm, reject or propose alternatives.
  I can imagine a couple of not so scary scenarios:
  * Overloading the data link, causing other messages to be delayed and/or dropped. This means the pilot will have to fall back to radio and/or resend the message.
  * Read in-flight reporting/confirmation data
  * Read load manifests, fuel status updates, passenger manifests etc.
  * Access what other passengers are watching on their inflight entertainment system
  * Eavesdrop on other passengers' facebook chats
  And some more scary ones (if the break-in allows access to flight data messages):
  * Send/request ATC communication, clearance requests etc
  * Flooding ATC stations/comms systems with bogus data, preventing efficient communication between aircraft (this, and others) and ATC
  One would assume the fly-by-wire system is entirely isolated from this.
  
  --
  Probable impossibilities are to be preferred to improbable possibilities.
  Aristotele
20. Re:So, which is it? by boaworm · 2014-08-04 10:31 · Score: 3, Informative
  
  For the "navigation" systems, he's not talking about GPS (even if he were it wouldn't be a big deal, airplanes can navigate just fine without GPS), but the communication system does send the GPS location, altitude, and speed back home. If that goes down, not a big deal because that's not what air traffic control relies on.
  More and more aircraft and ATC centers support ADS-B transponders and data, which include a GPS-derived position (altitude + position) messages as a part of System Tracking (you can check out Eurocontrols Asterix cat62 protocol and ADS-B applications). Older MSSR radars will provide you with a rough estimate of the position and an assumed altitude based on the aircrafts built-in systems, which is being tracked using for example Kalman filters to predict the current and future position. Switching over to GPS as the primary source of positioning data is allowing tighter packing of aircraft (reduced horizontal and vertical separation rules), which is becoming critical for congested airports to reduce the time between takeoffs/landings, as well as to keep aircraft in holding patters packed tighter together.
  Also, ADS-B can be sent as frequently as 1 message/second due to signals going down towards earth rather than in all directions. Current MSSR radars usually have a scan time of 5-12 seconds.
  So interruptions with these data links (say someone hacks into it and manages to shut it down) would lead to the ATC center having to fall back on MSSR Tracking, meaning you will be violating horizontal and vertical separation rules until the controller can create more space around the aircraft again.
  
  --
  Probable impossibilities are to be preferred to improbable possibilities.
  Aristotele
21. Re:So, which is it? by TeknoHog · 2014-08-04 10:31 · Score: 0
  
  Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.
  It's a bit odd to talk about physical access when speaking about a metal tube flying along at 35,000 feet.
  It's not like attacks are going to take place outside the plane.
  Last time I checked, electromagnetic waves were a physical phenomenon. The real challenge is getting anything done by unphysical (i.e. supernatural) means.
  
  --
  Escher was the first MC and Giger invented the HR department.
22. Re:So, which is it? by ThatsMyNick · 2014-08-04 11:05 · Score: 2
  
  The pilot can use these data link communication channels to make his/her life easier.
  
  CPDLC is a separate system, it does not depend on the satellite link. The one compromised is the satellite infotainment system. They are not connected. Fly-by-wire avionics are of course isolated (for regulatory reasons).
23. Re:So, which is it? by Anonymous Coward · 2014-08-04 12:46 · Score: 0
  
  Turned out as we can't touch EM, it's been demoted from 'physical' to 'magical'. Sorry for that.
24. Re: So, which is it? by Anonymous Coward · 2014-08-04 14:06 · Score: 0
  
  Nothing unreal exists.
25. Re:So, which is it? by meerling · 2014-08-04 14:20 · Score: 1
  
  That's because they are claiming a wi-fi attack. That would be using a wi-fi network of some kind to access the satellite communications system. I doubt that system is directly connected to any wi-fi network. I wouldn't be surprised if the planes that let you surf the net via wi-fi have their planes systems separate from the passenger entertainment stuff. Best if someone from the industry that actually knows how that's all configured speak about that. (As to the spokesmen for the companies, I'd rather talk to an engineer as I don't trust mouthpieces and public relations people.)
  
  Physical access. That's where you plug in a wire or cable or whatever. No wi-fi involved.
  
  Either way, messing with the comms systems is very annoying, but it's in no way Hijacking a plane. And don't forget, they guys making the claims of hacking a plane haven't done it, they only did some lab tests. Just wait until they test on an actual plane and see if they can take it over. Heck, it would be easy enough to test on the ground and break any laws.
26. Re:So, which is it? by Anonymous Coward · 2014-08-04 18:14 · Score: 0
  
  Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.
  Physical access aka boarding the plane...
27. Re:So, which is it? by Anonymous Coward · 2014-08-04 19:15 · Score: 0
  
  They deserve having their planes forbidden from take off. Not having them crashed.
28. Re:So, which is it? by TeknoHog · 2014-08-04 22:12 · Score: 1
  
  You can't touch sound waves or memories, but this MC Hammer earworm feels painfully real...
  
  --
  Escher was the first MC and Giger invented the HR department.
29. Re:So, which is it? by SlaveToTheGrind · 2014-08-05 02:59 · Score: 2
  
  Did I, at any point, say I felt passengers deserved to die? No, I did not. . . . . Not every flight (for any airliner) is commercial, and not every flight carries passengers.
  Nice attempt at backpedaling from your original cavalier, thoughtless, and utterly stupid comment, bucko, but you're stuck with it. The only scenario where somebody innocent doesn't die is if the only people on the plane, including the pilot, are the ones engaged in hacking into the plane's control system through the wifi to... wait for it... interfere with the flight controls and crash the plane. Hopefully even you can figure out why that scenario won't happen. Ever.
30. Re:So, which is it? by Anonymous Coward · 2014-08-05 05:21 · Score: 1
  
  So the pilots deserve to die for something they had no hand in? Sorry, but you're still fucking stupid.
31. Re:So, which is it? by stoatwblr · 2014-08-05 12:57 · Score: 1
  
  You can guarantee that if this starts happening over EU skies, the "special holding area"(*) at Stansted will start seeing a lot more visitors.
  (*) That's the one with large berms on both sides of the aircraft to deflect explosions, and said berms have a large number of gun portals on them.
32. Re:So, which is it? by stoatwblr · 2014-08-05 12:59 · Score: 1
  
  Aircraft operators generally don't pay per Mb. They buy committed bandwidth and if you fill it with torrents, noone on the plain is going to be happy about their slow connection.
  The last time I flew, the wifi setup was clearly filtered, as I couldn't even SSH out. Web/email worked but not much else.
33. Re:So, which is it? by Jane+Q.+Public · 2014-08-06 05:15 · Score: 1
  
  I DID NOT BACKPEDAL. I simply pointed out that I did NOT say what other people seem to think I did.
  
  My original comment stands, and it had nothing to do with killing passengers.
34. Re:So, which is it? by Anonymous Coward · 2014-08-06 05:37 · Score: 0
  
  Yeah, obviously you were talking about completely robotic planes with no human pilots getting "stuffed into the ground" because their onboard wifi was hacked by... other robots. That's the only way your comment wouldn't have been celebrating death.
35. Re:So, which is it? by Jane+Q.+Public · 2014-08-07 03:42 · Score: 1
  
  Yeah, obviously you were talking about completely robotic planes with no human pilots getting "stuffed into the ground" because their onboard wifi was hacked by... other robots. That's the only way your comment wouldn't have been celebrating death.
  I made a rhetorical comment about the manufacturers deserving to lose airplanes. It wasn't meant to be literal, and I mentioned nothing about killing people. This "celebrating death" is only in your own sick mind.
36. Re:So, which is it? by Anonymous Coward · 2014-08-07 04:12 · Score: 0
  
  How could the manufacturers lose airplanes without innocent people dying?
In other words by thieh · 2014-08-04 07:02 · Score: 1

Are cellphones better than guns at hijacking planes now? At least they can replace the communication stream and take advantage of whatever that might follow.
1. Re:In other words by Rosco+P.+Coltrane · 2014-08-04 07:14 · Score: 0
  
  Nah, don't worry about it. It's just some "security expert" going all dramatic on some minor vulnerability he found, to plaster his name on the front page. Anything talking of airplanes, hacking, hijacking, plays the terrorism bullshit music score, and is a surefire way of attracting media attention.
  No doubt the TSA will very soon jump on the opportunity to invent some new rule to steal - sorry, confiscate - your Wifi-enabled devices at the security checkpoint too...
  
  --
  "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
No they cant. by Lumpy · 2014-08-04 07:13 · Score: 5, Insightful

They did not get into the aircraft avionics.
They got into the satellite communications for the Infotainment system.
NONE of the systems like that have any interconnection to avionics or telemetry.

--
Do not look at laser with remaining good eye.
1. Re:No they cant. by gandhi_2 · 2014-08-04 07:16 · Score: 0
  
  ahh... so just all the passenger data can be hijacked.
  nothing to worry about here.
  
  --
  THL phish sticks
2. Re:No they cant. by rodrigoandrade · 2014-08-04 07:17 · Score: 1
  
  Yeah, remember that when you're flying with your family and someone is hacking the plane away while everyone else is asleep.
3. Re:No they cant. by 93+Escort+Wagon · 2014-08-04 07:19 · Score: 3, Funny
  
  ahh... so just all the passenger data can be hijacked.
  nothing to worry about here.
  Google and the NSA are worried... about someone else encroaching on their turf.
  
  --
  #DeleteChrome
4. Re:No they cant. by MobyDisk · 2014-08-04 07:19 · Score: 1
  
  Yes, but imagine if a terrorist changed all the in-flight movies to be Uwe Boll movies: Passengers might start jumping out of the plane!
5. Re:No they cant. by Aqualung812 · 2014-08-04 07:24 · Score: 1
  
  Passenger data in the infotainment system? What makes you think there is anything sensitive in there?
  I thought it was just shitty movies and games, along with a GPS map of where the plane is that is viewed only by passengers.
  
  --
  Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
6. Re:No they cant. by Anonymous Coward · 2014-08-04 07:25 · Score: 0
  
  Yes, but imagine if a terrorist changed all the in-flight movies to be Uwe Boll movies
  I don't think anyone could be that evil.
7. Re:No they cant. by Anonymous Coward · 2014-08-04 07:32 · Score: 1
  
  Sir, I believe you might be troubled to learn YOUR COMPUTER IS BROADCASTING AN IP ADDRESS!
8. Re:No they cant. by Andy+Dodd · 2014-08-04 07:32 · Score: 0
  
  Also not specified is whether the "hardcoded credentials" are even valid during a normal operating mode.
  In many cases, avionics like this has a dedicated physically isolated service port and/or a dedicated "service mode" that can only be entered by powering on the device when a discrete is tied to ground by a special test equipment connector.
  Almost surely, these vulnerabilities are either:
  1) Firewalled from the passenger network (This is, however, unlikely, airgrapping/network isolation is far more likely, with the interconnection between critical and noncritical networks being, at most, a one-way feed of nav data to the noncritical network)
  2) Can only affect the passenger network and are not used for flight operations
  3) Require physical access to a test connector on the unit itself
  
  --
  retrorocket.o not found, launch anyway?
9. Re:No they cant. by Desler · 2014-08-04 07:33 · Score: 1
  
  What customer data is in the infotainment system?
10. Re:No they cant. by R3d+M3rcury · 2014-08-04 07:46 · Score: 1
  
  Credit card data, perhaps? I assume they want you to pay for that infotainment, not to mention any food or drinks you're ordering.
11. Re:No they cant. by preaction · 2014-08-04 07:46 · Score: 1
  
  I believe that act would fall afoul of the Geneva Conventions and be considered a War Crime. Uwe Boll skirts the law based on pathetic notions such as "free speech" and "free expression." Purposely inflicting Uwe Boll on people is torture and will be punished appropriately (unlike the US treatment of suspected terrorists).
12. Re:No they cant. by geekmux · 2014-08-04 07:46 · Score: 1
  
  Yes, but imagine if a terrorist changed all the in-flight movies to be Uwe Boll movies: Passengers might start jumping out of the plane!
  That's nothing. I heard the in-flight Infotainment catalog includes Nickelback, which we all know is the aural equivalent of two cup chicks hosting a goatse lemon party.
13. Re:No they cant. by Anonymous Coward · 2014-08-04 07:52 · Score: 0
  
  Name a single airline that has credit card info available through the infotainment system.
14. Re:No they cant. by DivineKnight · 2014-08-04 07:54 · Score: 2
  
  You're thinking too small. Think bigger...if you have access to the in-flight infotainment system, you have access to the eyes, hearts and minds of the passengers. Passengers who are, due to not so subtle-conditioning, easily frightened. "9/11" "Never again!" Pictures of the statue of liberty crying and politicians dissembling at the top of their lungs. =^_^=
  So what would I do? Two things. I'd play a video, ostensibly of a 'live' newscast that the plane they are currently on has been taken over by terrorists, and that their current pilot / co-pilot / first officers are planning to ram the Pentagon. Think about it. Some people on the plane will look at their ticket subs, figure out that the plane they're on is the one being hijacked, and rush the pilot's cabin as one person.
  When they rush the cabin, I begin jamming the radio (cellphone signals are already being jammed, and wireless internet as well). At this point, on the ground, a video is delivered to the real media stating that some terrorist group (sans pilot / copilot, as background checks on the ground will clear them) have taken over the plane, and are planning another 9/11 style attack. With the radio dead and lack of useful communication, the military will assume the worst.
15. Re:No they cant. by gandhi_2 · 2014-08-04 08:00 · Score: 1
  
  the whole point of in-flight WIFI is that people can be charged exorbitant sums for painfully-slow internet access while in flight.
  While certainly it is no hijacking of a plane, the hijacking of this network equipment isn't nothing.
  
  --
  THL phish sticks
16. Re:No they cant. by gandhi_2 · 2014-08-04 08:03 · Score: 1
  
  I'm talking about cases where internet access is available through the inflight wifi.
  Taking control of the network equipment through which this traffic runs isn't harmless.
  
  --
  THL phish sticks
17. Re:No they cant. by geekoid · 2014-08-04 08:04 · Score: 1
  
  About as plausible as any M.Bay film.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
18. Re:No they cant. by Aqualung812 · 2014-08-04 08:22 · Score: 1
  
  No, but it should be expected. A connection to the Internet is still consider untrusted.
  
  --
  Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
19. Re:No they cant. by Anonymous Coward · 2014-08-04 08:22 · Score: 1
  
  ahh... so just all the passenger data can be hijacked. nothing to worry about here.
  That's ALREADY possible, no hacking the plane's systems required. Tell me you don't trust public WiFi connections, EVER.... Please tell me..... (crickets) We are doomed, doomed I say.
20. Re:No they cant. by LoRdTAW · 2014-08-04 08:25 · Score: 2
  
  Here here:
  In theory, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft's navigation and safety systems, Santamarta said.
  So it stands that there really isnt much of a threat here. Either the journalist is confused or purposefully crafted the article so as to imply that a hacker with a wifi device can disable a planes navigation system or do worse. My money is on the latter. The reason I say that is because the two systems are indeed separate and not connected. This is why a Cobham rep said a hacker would need physical access to the planes avionics system. They (Cobham) made that distinction but the author never makes that clear.
  And I remember a similar article on /. a while back about an airline entertainment system being vulnerable. I thought it was jetblue but I can't find the article at the moment. It was the same "alarming" report that turned out to be a flaw in the TV or entertainment system. The worst was people couldn't watch TV on their 6+ hour flight.
21. Re:No they cant. by Anonymous Coward · 2014-08-04 08:27 · Score: 0
  
  Yea, that works great, until the pilots pull the breaker on the WiFi system... Then what ya going to do? Good luck storming the front of the bus. Good luck getting off the aircraft undetected too. Having that recently wiped drive won't help you either. The FBI would take a very dim view of such behavior and they *will* find you.
22. Re:No they cant. by SpzToid · 2014-08-04 08:30 · Score: 1
  
  The hackers could broadcast a fake NBC news TV report that 'inadvertently' made its way to the plane video system. The news report would obviously declare that particular plane is known to carry the Ebola virus and no one onboard could be trusted as safe anymore, and chances for their survival are small, yet the risk to the larger world very great. I'll leave the plot continuation to the next bored slashdotter. (Obviously matters must be taken into hand)
  
  --
  You can't be ahead of the curve, if you're stuck in a loop.
23. Re:No they cant. by Anonymous Coward · 2014-08-04 08:53 · Score: 0
  
  Or you ever making a comment that ADDS to the discussion?
24. Re:No they cant. by Anonymous Coward · 2014-08-04 08:54 · Score: 0
  
  So, it'd make millions.
25. Re:No they cant. by Anonymous Coward · 2014-08-04 08:59 · Score: 0
  
  It is as long as this person doesn't show it happening on a real plane. He can only do it in a controlled lab. This is highly overblown.
26. Re:No they cant. by CaptainDork · 2014-08-04 09:24 · Score: 2
  
  A crew of us was flying into Dallas one rime, circling the field. That was when pagers were big and cell phones were not.
  We all got a Sky Page about a Dallas flight circling DFW because of unknown mechanical failure and a crash landing was inevitable.
  Our buddies in Virginia thought it was funny.
  
  --
  It little behooves the best of us to comment on the rest of us.
27. Re:No they cant. by SpzToid · 2014-08-04 09:37 · Score: 1
  
  A crew of us was flying into Dallas one rime, circling the field. That was when pagers were big and cell phones were not.
  We all got a Sky Page about a Dallas flight circling DFW because of unknown mechanical failure and a crash landing was inevitable.
  Our buddies in Virginia thought it was funny.
  Oh wow, what a classic old school hack! I'd have smacked them all first chance possible, but I'm in admiration for their thought, concern, and effort still. They must really, really like you and the rest of the team, and it shows.
  Please just don't tell me this was SITA text, or I'm gonna die laughing too hard (having worked with SITA before). SITA text will never die.
  http://www.sita.aero/products-...
  
  --
  You can't be ahead of the curve, if you're stuck in a loop.
28. Re:No they cant. by retchdog · 2014-08-04 09:37 · Score: 1
  
  No, the journalist just swallowed the press release verbatim. I mean, there's practically no downside to doing so, and it keeps everyone happy.
  Security is a demanding field with a few "rockstars", which means there's a lot of incentive to, uh, exaggerate one's accomplishments. This guy had extended time to pick apart a piece of airplane hardware in his lab, and did so. That's all. What real-world vulnerability does this translate to? We don't know; he can't reveal them at the moment because it would be irresponsible (oh, and incidentally, might also undermine his claims. convenient, isn't this?).
  
  --
  "They were pure niggers." – Noam Chomsky
29. Re:No they cant. by Lumpy · 2014-08-04 09:57 · Score: 1
  
  Pay per view, all that juicy credit card info....
  
  --
  Do not look at laser with remaining good eye.
30. Re:No they cant. by houghi · 2014-08-04 10:02 · Score: 1
  
  Well, imagine sopmebody playing pop music from some current teen 'artists' all the time during the flight without the ability to turn it off.
  If that ever happens, I am sure people will storm the cockpit and fly the plane into the ground, if the pilots were not doing that already.
  
  --
  Don't fight for your country, if your country does not fight for you.
31. Re:No they cant. by AmiMoJo · 2014-08-04 10:12 · Score: 1
  
  No need for such an elaborate hack to do that. Just set up your own network called "In-Flight Free WiFi" and begin the harvest. For bonus points add a splash screen warning users that they may receive certificate warnings "due to the nature of in-flight wifi and the speed/altitude of the aircraft in international airspace", complete with instructions on how to bypass them in all common browsers.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
32. Re:No they cant. by SuricouRaven · 2014-08-04 10:37 · Score: 1
  
  I've seen this used in one of the Die Hard films. The attackers took over a news channel and transmitted fake video of the white house being blown up - easier than actually blowing it up, and just as effective at creating panic.
33. Re:No they cant. by boaworm · 2014-08-04 10:38 · Score: 1
  
  They did not get into the aircraft avionics.
  They got into the satellite communications for the Infotainment system.
  NONE of the systems like that have any interconnection to avionics or telemetry.
  The article isn't very clear on exactly what they managed to do, but it is quite possible that there is a shared satellite data communication system shared for infotainment systems and aircraft system status/updates/notifications alike. Hopefully with a robust QoS in place. So _if_ someone could break into the message routing, they could intercept and possibly create their own messages to send along the channel.
  If you check TFA's quote:
  
  In theory, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft's navigation and safety systems, Santamarta said.
  Since a modern airline has lots of avionics communicating with the ground, it could be that some of those messages may be edited/interrupted/faked. That's not to say that you could rlogin to the FMS and alter flightplans, or alter the flight path in any way.
  
  --
  Probable impossibilities are to be preferred to improbable possibilities.
  Aristotele
34. Re:No they cant. by boaworm · 2014-08-04 10:41 · Score: 1
  
  Or "Snakes on a Plane". Which for some strange reason never made it to the inflight entertainment systems :-(
  
  --
  Probable impossibilities are to be preferred to improbable possibilities.
  Aristotele
35. Re:No they cant. by R3d+M3rcury · 2014-08-04 12:38 · Score: 1
  
  Well, that's sort of the point, isn't it? You don't know what's being stored in there.
  I believe Virgin America or Jet Blue allow you to order food from your seat--and you pay with a credit card. I don't remember if they have a credit card swipe at the seat or if you have to give it to the FA. Nowadays, also, they don't necessarily have free movies--you have to pay for them at the seat.
  Now is it just taking the credit card info and authorizing immediately and calling itself done? Or is it recording your credit card so that if you order something else--some snacks with your movie, perhaps--you don't need to swipe it again? Or is it holding onto the information and waiting until the flight is over before submitting everybody's charges?
  I'll admit, I don't know the answer to this. But I could easily believe that somebody's system holds onto credit card information...
36. Re:No they cant. by Anonymous Coward · 2014-08-04 13:05 · Score: 0
  
  Hello, I use to implement these sorts of moving map IFE systems for the AirBus A320 (among other aircraft) and I can attest to the fact that many of these systems are in fact connected to the avionics via ARINC via ports like RS-419/429, LEN and FMC. They are usually just certificated Pentium systems with USB and ethernet access. That said, I also specialise in security and I can also say that certain measures in the design of these systems have been made to properly isolate things. Regards,
37. Re:No they cant. by Kittenman · 2014-08-04 14:27 · Score: 1
  
  I've seen this used in one of the Die Hard films. The attackers took over a news channel and transmitted fake video of the white house being blown up - easier than actually blowing it up, and just as effective at creating panic.
  Surely people wouldn't believe it. I mean, who would want to blow up the White house?
  
  --
  "The greatest lesson in life is to know that even fools are right sometimes" - Winston Churchill
38. Re:No they cant. by Kittenman · 2014-08-04 14:29 · Score: 1
  
  Or "Snakes on a Plane". Which for some strange reason never made it to the inflight entertainment systems :-(
  I saw "Memphis Belle" on a plane once, a few years ago. Some scenes were cut, but more because of the adult content than the planes being shot down.
  
  Disclaimers:
  1: This is pre Sep/11
  2: This is pre seat-back entertainment systems, where everyone watched the same show on a screen at the front of the cabin
  3: Yes I am that old
  
  --
  "The greatest lesson in life is to know that even fools are right sometimes" - Winston Churchill
39. Re:No they cant. by stoatwblr · 2014-08-05 13:00 · Score: 1
  
  People have been doing this on aircraft for years. If you run a wifi scanner you'll usually see one AP broadcasting itself as "free public Wifi" - and by the end of the flight most of the other nodes around the cabin will be broadcasting the same SSID.
40. Re:No they cant. by Anonymous Coward · 2014-08-06 03:57 · Score: 0
  
  You sir, are a complete tard.
"We are terrorists... shoot us down" by Anonymous Coward · 2014-08-04 07:15 · Score: 0

Seems like a good route for a suicide "bomber" to take and get the fighter jets to do it all, if communications are hackable.
Hackers on a Plane. by tekrat · 2014-08-04 07:16 · Score: 2, Funny

Quick, get Samuel L. Jackson on the phone.
I smell a blockbuster movie in the works!

--
If telephones are outlawed, then only outlaws will have telephones.
1. Re:Hackers on a Plane. by TeknoHog · 2014-08-04 10:34 · Score: 1
  
  I'm sure any self-respecting geek would prefer "Eels on a Hovercraft".
  
  --
  Escher was the first MC and Giger invented the HR department.
2. Re:Hackers on a Plane. by Anonymous Coward · 2014-08-04 14:29 · Score: 0
  
  But the eels are extremely ill-tempered and the hovercraft comes directly from Dr. Evil's lair!
3. Re:Hackers on a Plane. by Anonymous Coward · 2014-08-04 15:28 · Score: 0
  
  http://www.hackersonaplane.info/
  Link reference!
  Hope we can have another one someday.
4. Re:Hackers on a Plane. by Anonymous Coward · 2014-08-04 16:20 · Score: 0
  
  I think you meant "Ungai on a Geisha"
Why WiFi by Anonymous Coward · 2014-08-04 07:18 · Score: 0

it is not possible for hackers to use WiFi signals to interfere with critical systems that rely on satellite communications for navigation and safety. The hackers must have physical access to Cobham's equipment, according to Cobham spokesman Greg Caires.
I mean, those systems are not WiFi capable.
They keep throwing the term " satellite communications systems" all over the place - making this "article" sound more like a press release to scare up attention for IOActive than a real news article.
For all we know from this press release is that they found a way for hackers to disrupt everyone's email and web browsing and cell phone calls.
Whoop-Dee-doo.
1. Re:Why WiFi by X0563511 · 2014-08-04 09:22 · Score: 0
  
  The plane has a data connection. You get access to a data connection via the on-board wifi.
  You don't see a connection between the two? Let me fill it in for you: they share the same path outside the plane.
  Note that this data connection isn't required for the plane to continue flying, but I don't know how it's used by in-cockpit warning or navigational stuff.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
2. Re:Why WiFi by SuricouRaven · 2014-08-04 10:30 · Score: 1
  
  I would guess 'not at all' based on the loss of MH370: Part of the reason it's not been found is that the plane didn't maintain any form of continuous communications.
3. Re:Why WiFi by Immerman · 2014-08-05 01:49 · Score: 1
  
  I don't see how you get from "no continuous communication" to "not at all" - there's an awful big gap between always and never. Admittedly though I can't think of many operations-oriented uses for such a link, other than perhaps an alternate communications channel if there are issues with the normal radio.
  Also, didn't both normal communications and the transponder go dark long before the plane was lost to radar? I thought that was one of the major indicators that strongly suggested foul play. After all, communications/tracker blackout followed by repeated course changes taking it way off its scheduled flight path and into the dead spots between radar towers while apparently headed for the open ocean is practically adhering to a Hollywood hijacking script.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
4. Re:Why WiFi by SuricouRaven · 2014-08-05 02:00 · Score: 1
  
  It did, yes - and the transponder was shut off manually. What wasn't shut off was the sat link handshake, which could only by done by physically cutting the power - something that even most pilots wouldn't be aware of.
  There's no doubt that someone in the cockpit wanted the plane to disappear for a while. Without finding the wreckage (And the cockpit voice recorder) it's not possible to say who. It might have been a hijacking, or it might have been a pilot 'Taking you all with me' suicide, or might be part of some more elaborate scheme.
5. Re: Why WiFi by colinnwn · 2014-08-05 03:53 · Score: 1
  
  I'm not certain on the newest designed planes like the 787, but on all older planes the 2 data systems (aircraft data and IFE data) use seperate transponders and seperate antennas and even broadcast to seperate satellites, or in the case of air data by shortwave. Air data goes by ARINC, IFE by Row44, Gogo, etc.
Point? by Anonymous Coward · 2014-08-04 07:31 · Score: 0

Yeah, remember that when you're flying with your family and someone is hacking the plane away while everyone else is asleep.
Yeah, and your point? So, we'll wake up to porn or Islamic propaganda?
What? What's the big deal?
I have no concern about terrorism.
None.
What I am concerned about is eating right, exercising and mitigating things that ARE going to kill me that best I can.
And even then, if I live long enough, I will - no maybe - WILL get cancer and die from that. And slowly rotting away in pain as an invalid scares me - getting blown up by a fanatic doesn't.
If the WiFi system is not connected to the Plane by Hangtime · 2014-08-04 07:31 · Score: 1

...then I don't care. Very simple question; can you get to the avionics of the plane through the WiFi? If you can that's poor system design and someone should be beaten with a wet noodle; if you can't then I don't care as the network is physically disconnected from the actual movement and functioning of the aircraft. If the best you can do is spy on the passengers of the aircraft through the WiFi or use the WiFi without paying then I don't care. Anytime I log into a flight I go encrypted through VPN as you never know what's traversing a suspect network.
The actual article and any of the other information seems to be very lacking in this sense. If all you can do is break into the WiFi, congrats you got into a Internet Cafe at 33,000 feet.
Re:No, it can't. by BenSchuarmer · 2014-08-04 07:36 · Score: 2

... what about the passengers? Do you honestly expect them to be able to survive a multi-minute flight with no wifi or infotainment? Oh the humanity!
Noncence by Teun · 2014-08-04 07:38 · Score: 1

The last several flights I was on you were supposed to run your device in the Airplain Mode so no WIFI.
This alone makes the whole story implausible.
Uhm yesss....

--
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
1. Re:Noncence by Ksevio · 2014-08-04 10:02 · Score: 1
  
  Was that a couple years ago? The FAA recently loosened restrictions on using devices including using them more of the flight and allowing wifi (cellphones still need to be in airplane mode which turns of the cell transmitter).
2. Re:Noncence by Teun · 2014-08-04 10:18 · Score: 1
  
  No, eight flights over the past 6 weeks, the last one Saturday.
  Indeed the rules have been loosened, last year you had to switch off completely during start and landing.
  But do I see a woosh?
  And sorry for the c's in Nonsense.
  
  --
  "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
3. Re:Noncence by will_die · 2014-08-04 15:50 · Score: 1
  
  Delta is now going with a free tv and movie system that you can view via a browser or an ipad/ipod app. The plan in with future plane is to order without monitors on each seat.
I don't buy it by TubeSteak · 2014-08-04 07:39 · Score: 2

Hughes spokeswoman Judy Blake said hardcoded credentials were "a necessary" feature for customer service. The worst a hacker could do is to disable the communication link, she said.
1. Are hardcoded credentials ever "necessary?" How about credentials that are generated on first boot and then requested by support?
2. Disabling the communications link for a piece of hardware whose sole purpose is communications... kind of a big deal.

--
[Fuck Beta]
o0t!
1. Re:I don't buy it by geekoid · 2014-08-04 08:09 · Score: 1
  
  Yes..and no. IF the communication that goes down is just wi-fi, then its a problem but not a big deal when compared to taking down avionic coms.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
2. Re:I don't buy it by Anonymous Coward · 2014-08-04 08:39 · Score: 0
  
  2. Disabling the communications link for a piece of hardware whose sole purpose is communications... kind of a big deal.
  Only if said communications link is essential for flight or navigation. Neither is true in this case. Even if you where able to disrupt communications with the ground, worst case is that the flight proceeds using "lost communications" rules and is pretty much going to land safely. Believe it or not, there are contingency plans and procedures in place for this kind of thing. It's not optional because the air traffic controllers need to be watching carefully and may be limited to primary radar returns to track the aircraft, but everybody will walk away safely.
  So it's NOT a big deal, it's more of a minor inconvenience.
3. Re:I don't buy it by Anonymous Coward · 2014-08-04 09:27 · Score: 0
  
  2. Disabling the communications link for a piece of hardware whose sole purpose is communications... kind of a big deal.
  Filling plant pots with concrete disables their functionality - I can no longer put plants in them. It's not that big a deal though, I can live without potted plants for an inordinate amount of time...
  It's a big deal in terms of whoever's on the sales team for this bit of kit, but for the passengers it's at best a mild annoyance*.
  * Assuming the reporting is correct and it only affects the isolated system...
4. Re:I don't buy it by blueg3 · 2014-08-04 10:31 · Score: 1
  
  Hardcoded credentials aren't necessary. What they *mean* is that the *reason* for hardcoded credentials is "support". "Necessary" here doesn't actually mean "necessary", but rather, "deemed to be the best choice". Of course, it might really be the best choice. There's certainly a cost associated with making the support more complicated. You have to weigh that against the difficulty of using the hardcoded credentials and what you can do with them. There are lots of potential tradeoff points, from "using hardcoded credentials was the stupidest choice you've ever made" to "it's technically offensive, but also the best option".
Smells of bullshit. by w3woody · 2014-08-04 07:41 · Score: 1

Given the age of most aircraft in the fleet, and the age of most FAA-approved avionics, I have a hard time believing any of the avionics used in today's fleet are capable of TCP/IP communications, much less being able to hook into the in-aircraft wifi system. Most in-aircraft wifi systems I've seen are add-ons; separate systems which only tap into the airplane's power. And the only thing in the cockpit that may tie into the wifi system is the pilot's iPad.
1. Re:Smells of bullshit. by R3d+M3rcury · 2014-08-04 07:55 · Score: 1
  
  And the only thing in the cockpit that may tie into the wifi system is the pilot's iPad.
  Dun-dun-dun...
  "We can't communicate with the pilots!"
  "Why not?"
  "Somebody hacked the WiFi network and put 'Plants vs. Zombies' on the pilots' iPads!"
  Now we know what happened to MH370...
2. Re:Smells of bullshit. by angel'o'sphere · 2014-08-04 08:00 · Score: 1
  
  Exactly. Ot is more than impossible that a 'hacker' can access any flight system/avionics via WiFi ... they are not even connected to each other, very likely they don't even share the same power grid.
  Communication between avionic components are usually done via buses with 2 wire serial connections. There are roughly two dozen protocols/technologies in use, all but 2 or three involving wires, the others glass fibers. I'm only aware of Airbus A380 using ethernet, not sure to what extend.
  An overview you can find here: http://de.slideshare.net/mobil...
  A plane where there is a potential access to the avionics by passengers would never fly. No regulation authority would allow that, no insurance company would insure such a plane.
  Assuming otherwise is simply nonsense.
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
3. Re:Smells of bullshit. by Anonymous Coward · 2014-08-04 08:47 · Score: 0
  
  The Boeing 787 Dreamliner has special dispensation for having data networks for flight controls and passenger use connected to the same equipment. There was quite the flap over this during the flight testing and type certification process.
  This is not to say there is any danger here, only that aircraft are starting to have IP networks used for a lot of stuff, some of it being flight critical equipment. And the FAA was not ready to evaluate and certify such equipment from a regulatory perspective. All they could do is issue the waver and tell the manufacturer they where responsible to make it safe.
4. Re:Smells of bullshit. by Anonymous Coward · 2014-08-04 09:59 · Score: 0
  
  Your right. more or less. There are a wide range of avionics and they have a variety of levels of connectivity. s Some very non critical systems 'know' TCP/IP.
  See DlTaylors post below for clarity.
Through interconnect or re-program a radio by jtara · 2014-08-04 07:43 · Score: 1

The article is short on details, but, in all fairness, the paper is to be presented on Thursday and presumably the details will be forthcoming.
My guess is that there are are two possibilities here:
1. The avionics and entertainment systems are connected on the same local network, and thus if one can gain control of the entertainment system(s) on might then hack into the avionics.
Q. Why might the avionics and entertainment systems be connected? One reason I can think of is so that the entertainment system can be told to shut down or partly shut down during takeoff/landing etc. Just a guess. Plus, it's just very convenient. ;) There is probably some overall "aircraft management" system that would want to be connected to everything.
2. The entertainment systems have one or more satellite communication systems themselves. The entertainment system might use SDR (Software Defined Radio) techniques, and might be re-programmed to interfere with critical onboard communication equipment.
Re: Your sig Re:I don't buy it by Anonymous Coward · 2014-08-04 07:54 · Score: 0

[Fuck Beta]
Nooooooo.... my eyes they burn ..... DO NOT WANT!!!!!
there IS a connection by dltaylor · 2014-08-04 07:57 · Score: 5, Insightful

I used to work for one of the In-Flight Entertainment (IFE) vendors. Although their "architect" was clueless about security, some of us doing the work managed to build some into the system. With WiFi, it was harder, but, before I left, we had, at least, set up some VPNs to isolate the system control links from the cabin crew- and customer-access features (don't know if that persisted). The entire IFE did rely on hard-coded passwords, though.
There IS a connection between the IFE and aircraft systems. It is used to feed aircraft position and speed data, plus some useful state, such as wheels up/down (there are features that only enabled while in "cruise", but not during takeoff and landing, for example). The aircraft systems designers, however, seemed to have a clue about security, however, as we were only allowed a network connection to a slave server with no apparent upstream links.
1. Re:there IS a connection by Anonymous Coward · 2014-08-04 10:04 · Score: 1
  
  I have worked for several avionics companies on everything from autopilots to IFE. I could say lots on the subject but you have well summarized the situation. There are connections of various kinds and a LOT of scrutiny and analysis goes into making those connections secure. Avionics are their own special world full of different buses and ways of operating than most computer folks are use to. A master hacker would have no chance at all against aircraft systems unless he was also highly trained in aircraft systems and had access to the hardware. And if anyone unsavory had that access you would have bigger issues than hacking. Fly safe knowing tens of thousands of people put their best efforts into making that aircraft's systems safe and secure.
2. Re:there IS a connection by Anonymous Coward · 2014-08-04 14:52 · Score: 0
  
  I also used to work on Avionics, particularly ARINC 653 (http://en.wikipedia.org/wiki/ARINC_653).
  Nothing to see here. I'd be more amused with these occasional stories if I wasn't so perturbed by them.
3. Re:there IS a connection by Anonymous Coward · 2014-08-04 19:32 · Score: 1
  
  Avionics are their own special world full of different buses and ways of operating than most computer folks are use to. A master hacker would have no chance at all against aircraft systems unless he was also highly trained in aircraft systems and had access to the hardware.
  So, what you want to say is: it's security through obscurity.
4. Re:there IS a connection by Anonymous Coward · 2014-08-05 06:16 · Score: 0
  
  Most informed statement here. It's true, the avionics companies control the secret sauce to the data words being transmitted on the various busses. You would have to know the specific timing of the words AND the format, and the size, etc etc etc, if the data in does not match what it's expecting is simply dumps it. I firmly believe you can hack the wifi and infotainment stuff, but getting into the avionics? There are much easier ways to take down a plane. Hacking it would easily be the most difficult option you could choose.
5. Re:there IS a connection by GuB-42 · 2014-08-05 11:36 · Score: 1
  
  In fact it's not really obscure. One of the most used bus for critical data is ARINC429 and it's a well defined and very simple standard.
  If you somehow manage to connect a device directly to the bus wires (you can't do this with WiFi), it is relatively easy to inject whatever data you want. However, connected equipment will double check everything they receive, so you have to craft consistent data, a much harder task. And even then some devices have additional analog sensors so you'll need to fool these too. If data end up inconsistent (the most likely result of your hacking attempt), backups will kick in, because of course, these systems are redundant. And in the last resort, don't forget that there are still pilots on board.
  Also you can forget about typical vulnerabilities such as injection or buffer overflows. Avionic systems are too simple for this : data are not interpreted and all sizes are fixed and known in advance.
  Sure, these systems are not 100% safe (they are "just" 99.9999999% safe). Sometimes a catastrophic bug may happen like with the Ariane 5 rocket. However, if you have some malicious intentions, attempting to hack the avionics it probably the least effective and most difficult way to cause harm.
Or you could read the specs and not make crap up. by Anonymous Coward · 2014-08-04 07:57 · Score: 0

Every current WiFi system is a third party after market installation that is installed after the avionics and is air-gapped.
Even if they weren't aftermarket add-ons, the avionics on these aircraft are as close to fail safe as it is humanly possible to make them. This isn't a word processor or even a commercial operating system... these systems fail and people die. The developers and managers are well aware of that. More importantly the managers and lawyers are as well. These systems are conservative and paranoid by design and are often running on embedded systems that are two or more generations behind because an unknown bug like Pentium FDIV would, again, kill people. If you even suggest tying in some commercial WiFi system you'll be lucky if they stop laughing before they kick your arse out the door.
Can you get control of someone else's laptop? Sure. If the pilot was dumb enough to connect to the WiFi with his laptop or tablet could you possible access his flight plans? Sure. Could you start playing pr0n on all the In Flight Entertainment (IFE) systems? It's possible. Could you possibly hack the WiFi system so that it would put out a signal that would jam the avionics uplink? Sure... anythings possible.
Are you going to directly hack the avionics and take over the plane? No. You're not.
Great! by gatfirls · 2014-08-04 08:13 · Score: 1

No I will have to hear endlessly about this completely misleading article from people who know nothing about avionics.
That you article writer and slashdot submitter for adding to technology hysteria.
This article is basically saying someone can hack your washing machine from your cable modem without any supporting evidence that is true.
Satellite communications? by Anonymous Coward · 2014-08-04 08:14 · Score: 0

I'm no airline pilot but virtually aren't all critical aircraft communications are handled via standard radio, not satellite communications? This sounds like they've found a way to "maybe" hack the planes entertainment/sat phone systems but doesn't get anywhere near the aircraft's control/mechanical systems. And to get into even the entertainment/sat phone systems requires direct access to the hardware, which would probably involve tearing up carpet, removing panels, and/or access to the cockpit. If you can get that far you can do a whole lot directly to the planes critical systems. Sounds like some minor (that should still be addressed) issues that have no real safety impact.
.02 by DaMattster · 2014-08-04 08:24 · Score: 1

It seems epically stupid that wifi access for passengers is not on a physically separate system. Something as sensitive as this should NOT be even a virtual LAN.
This is great by Anonymous Coward · 2014-08-04 08:28 · Score: 0

This needs to be combined with the windowless cockpit. Hack in, set it to play video of level flight on a loop, ???, profit!
Obligatory Dilbert Comic by Pollux · 2014-08-04 08:42 · Score: 1

Story reminded me of a good Dilbert comic from back in the day.
generating default credentials by Anonymous Coward · 2014-08-04 08:47 · Score: 0

Hughes spokeswoman Judy Blake said hardcoded credentials were "a necessary" feature for customer service. The worst a hacker could do is to disable the communication link, she said.
1. Are hardcoded credentials ever "necessary?" How about credentials that are generated on first boot and then requested by support?
Or ones that are based on a MAC address (which is public) HMACed with the serial number, which should only be accessible with physical access or if you already have a login. Random-ish enough so it's hard to guess, but programmatic to be practical/predicable for mass manufacturing.
I believe that's similar to how HP sets the initial account of their default iLO accounts, and it seems to have worked pretty well.
reminds me of the old cartoon by serbanp · 2014-08-04 08:49 · Score: 1

http://www.fieldbrook.net/TechTips/Humor/Bluetooth.asp
1. Re:reminds me of the old cartoon by Anonymous Coward · 2014-08-04 09:08 · Score: 0
  
  Originally published by c't:
  http://www.heise.de/ct/schlagseite/2003/1/
LOL. by WindBourne · 2014-08-04 08:59 · Score: 1

Per a NUMBER of various regs, the avionics network is physically separated from anything that the passengers can touch.
IOW, not going to happen.

As to the passenger's network, oh yeaj, easy enough to crack that with time. Heck, Airbus uses Windows.

--
I prefer the "u" in honour as it seems to be missing these days.
1. Re:LOL. by AeroMed45N · 2014-08-04 09:20 · Score: 1
  
  Define "physically separate"
  That is not how I read the following FAA Special Conditions:
  https://www.federalregister.go...
  This says "the design provides isolation from, or airplane electronic system security protection against, access by unauthorized sources internal to the airplane"
2. Re:LOL. by Anonymous Coward · 2014-08-04 09:20 · Score: 1
  
  I'm heavily involved in maintaining the Avionics and IFE onboard our aircraft. The IFE system is physically separated only in the sense that it has read only capability to the ARINC-629 avionics data bus. It can't put anything onto the bus, because the wires aren't connected. The IFE is however tied into the Passenger Service System, so the passengers can turn on their reading lights and attendant call lights, and so that video playback stops when announcements are made.
3. Re:LOL. by Anonymous Coward · 2014-08-05 07:13 · Score: 0
  
  Not sure what aircraft you are working on, however, in Boeing, I worked on the avionics. There is A connection between avionics to LFE, but we used a single chip system in between that will repeat a set of messages to the IFE. And yes, they are filtered. Only a few types would actually be forwarded. They are for all intent and purposes, separate systems.
  I am guessing that you are Airbus.
Re:No, it can't. by ganjadude · 2014-08-04 12:47 · Score: 1

Just gimme a smoke.... oh wait

--
have you seen my sig? there are many others like it but none that are the same
FUD from someone who doesn't understand avionics by Anonymous Coward · 2014-08-04 14:04 · Score: 0

I used to write software for glass panel avionics. This guy has no clue. Someone needs to yell "DO-178C, motherfucker, do you understand it?" And then hit him in the face with a copy of the FAR/AIM. This is tantamount to Jeff Goldblum uploading a virus to the alien mothership in Independence Day.
So, which is it? by Anonymous Coward · 2014-08-04 14:49 · Score: 0

Santamarta is saying that the plane could be hacked inflight via wifi if the hacker had prior physical access to the plane's avionics wiring and the IFE servers.
Please tell me! by Anonymous Coward · 2014-08-04 21:31 · Score: 0

Where can I get wifi that can physically access stuff? I hate going downstairs for ice. :'(
Make it a blackbox by Anonymous Coward · 2014-08-05 06:24 · Score: 0

It would only make sense to offer in-flight wifi service in a blackbox environement... meaning it does NOT physically wire into any part/infrastructure of the aircraft... All of its mangement/control devices are separated from the rest of aircraft management equipments.
If not... terrorists would be able to bring onboard a legal device (yeah the laptop)... and just sits there, whack the airplane, reconfigure the flight path and head straight for another high rise tower.... like they tried and succeeded in 2011.
Slow news day? by MooseMiester · 2014-08-05 06:49 · Score: 1

This is ancient news that was debated endlessly during the MH-17 breathless cable news-a-thon, the lost airline network had this on every night.

No clickbait global warming stories today? No polarizing left wing loon right wing nutcase stories? Gee slashdot, are you on vacation too this week?

--
Murphy was an optimist
Always sensational and misleading "hack a plane" by Anonymous Coward · 2014-08-05 07:31 · Score: 0

These articles are always designed to mislead an ignorant public. They're click-bait, headline-grabbers, or intended to push some product (one that's really a "solution in search of a problem").
There is no way for a passenger to hack a plane's vital systems. PERIOD. These articles always have headlines designed to spook the public into thinking a hijacker could "take over the plane", but then (in the fine print or deep in the article) admit that they only hacked the entertainment system, or they only simulated an attack, etc. ALL airborne electronics systems can be called "avionics" (aviation electronics) but when you say "avionics", most people think "the pilot's instruments and controls" - this is the ambiguity the authors of such articles exploit.
You cannot get safety-critical avionics systems approved for installation into any commercial aircraft that will operate in the US without clearing some very stringent hurdles, and since no commercial plane vendor wants to be excluded from US Airspace and markets all the vendors comply. Any cockpit instrument/flight control systems with hackable interfaces, third-party networking code, etc would NEVER clear even the easiest of the certification hurdles.