Slashdot Mirror

← Back to Stories (view on slashdot.org)

Calling Out a GAO Report That Says In-Flight Wi-Fi Lets Hackers Access Avionics

Posted by timothy on from the this-postcard-is-just-an-atom-bomb dept.

An anonymous reader writes A new report from the U.S. Government Accountability Office (GAO) warns that in-flight W-Fi, including wireless entertainment and internet-based cockpit communications, may allow hackers to gain remote access to avionics systems and take over navigation. At the same time, a cyber expert and pilot called the report "deceiving" and said that "To imply that because IP is used for in-flight WiFi and also on the avionics networks means that you can automatically take over the avionics network makes about as much sense as saying you can take over the jet engines because they breathe air like the passengers and there is no air gap between passengers who touch the plane and the engines which are attached to the plane."

6 of 113 comments (clear)

  1. Kind of a dup, but here's a link that explains it by xxxJonBoyxxx · · Score: 5, Informative

    This is a dup story, so here's my dup comment:
    See DefCon 22's avionics preso from 2014 to see what you can and can't do from a hacker's perspective.
    https://www.defcon.org/images/...
    (Since the summary doesn't even often a link or name...this MIGHT even be exactly what the submitter is talking about.)

  2. Re:Hmmm .... by Em+Adespoton · · Score: 4, Informative

    https://www.defcon.org/images/...

    Different physical network. Someone in GAO misread the original report.

  3. Re:Kind of a dup, but here's a link that explains by Anonymous Coward · · Score: 5, Informative

    Mod parent down. I attended the presentation in person. The presenter is full of shit.

    He based his presentation on flight simulators and utter conjecture. Flight simulators do not model the internal workings of an airplane, but rather the flight characteristics. You can't learn how the internals work without any reference to the internals. The guy made claims about things that just aren't true. He also spread a lot of FUD - "isn't it scary that landing times are on the Internet? What evil things could I do with that?!?" Idiot. Flight plans have to be public, because they're offering travel to the public. If you don't know when the plane lands, you can't schedule a ride from family. If they don't know when it lands, they can't schedule their pickup of you.

    The 'hacker' that presented that tripe doesn't know what he's talking about.

  4. How it all works by Anonymous Coward · · Score: 4, Informative

    1. My First Ever Post, please go easy
    2. I'm an aircraft engineer with about 12 years in the industry with experience of small and large jets, with both the big orange airline in Europe and the "other" british long haul carrier based at Heathrow.

    The WiFi system on board arrives at the plane via a dedicated satellite reciever designed for the specific task of internet connectivity. From there it plugs into the In Flight Entertainment system and the signal is projected via specially designed wifi routers that allow passengers to connect. At no point do the IFE system and the Avionics systems inter-connect physically. Furthermore, the IFE computers are actually stored under each row of seats and drive that row's IFE. Ever kicked that steel box under the end row? Thats the IFE controller for your row.

    The avionics systems are connected using an ARINC 429 system - http://en.wikipedia.org/wiki/ARINC_429. This is similar to a home network, but extremely specialised and focused on the job at hand. You cannot hack the IFE system and "get" into the Avionics. Yes, "Air Gap" hacking has been proven. Thats on computers that are next to eachother, not sat 100+' away through aluminium floor supports and all the other cabin interior. Who ever wrote the subject article has clearly never looked at the technicalities of what he is suggesting.

    Thanks

  5. Re:Kind of a dup, but here's a link that explains by Minupla · · Score: 3, Informative

    Fortunately pilots are less likely to do it to themselves then drivers are :).

    http://jalopnik.com/progressiv...

    Min

    --
    On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
  6. The 777 is unique in its vulnerability by Anonymous Coward · · Score: 4, Informative

    The 777 is unique in its vulnerability to precisely what you mention. The avionics bay access hatch is conveniently next to the toilet but behind a corner. An anonymous youtube poster who claims to be a pilot recorded a video when flying as a passenger to draw attention to this in the wake of MH370 and showed how he during a flight could get in and out of the avionics bay through that hatch with nobody noticing. Most people on board were sleeping and those who saw him, presumably thought he was just going to the toilet. The first thing to address this problem which no other plane has would be to put a fucking lock on that hatch and keep the key in the cockpit. Currently, two people with nefarious intentions can do anything to a 777 that can be done with access to the avionics and the right know-how. One just has to "stand in line" to the toilet and the other can fiddle undisturbed with all aircraft electronics. Thus I consider precisely such a "hijacking" one of the more plausible scenarios in the case of MH370. And the issue has still not been addressed.

    The video was first linked to on pprune but might be unlisted and the thread is long so I can't find it but will post again, if I do find it.