Calling Out a GAO Report That Says In-Flight Wi-Fi Lets Hackers Access Avionics
An anonymous reader writes A new report from the U.S. Government Accountability Office (GAO) warns that in-flight W-Fi, including wireless entertainment and internet-based cockpit communications, may allow hackers to gain remote access to avionics systems and take over navigation. At the same time, a cyber expert and pilot called the report "deceiving" and said that "To imply that because IP is used for in-flight WiFi and also on the avionics networks means that you can automatically take over the avionics network makes about as much sense as saying you can take over the jet engines because they breathe air like the passengers and there is no air gap between passengers who touch the plane and the engines which are attached to the plane."
This story is just a slashvertisement.
The story linked (now linked in the summary) is to a guy making silly ignorant statements about how the GAO is wrong but in such a vague way that I can safely say the guy making these silly comments is wrong. He's arrogantly implying that no aircraft can be hacked because they never make any mistakes and use separate systems and a special software device (thats not a firewall!) that acts as a firewall and doesn't let the two connected networks communicate with each other ...
Also he seems to think that engines 'breath' air, and that the air inside the cabin of an airliner is not at all isolated from the air that goes into the engines.
In short, the summary refers to an article written by someone that claims to be a security expert AND pilot while at the same time making incredibly stupidly inaccurate blanket statements that any useful security officer and certainly any pilot know are too broad and vague to be true or just flat out wrong.
There most certainly IS a firewall between the passengers and the engines on commercial jet aircraft, otherwise the people would die at 30k feet. The fact that he claims to be a pilot and then claims there is no separation between the cabin and exterior is just scary.
And claiming that this other special box ... that acts as a firewall ... but since they gave it another name, its not actually a firewall, so therefor its not possible to be hacked and bypassed.
The reality of it is, what the GAO said IS TRUE. IT IS possible that 'hackers' MIGHT be able to cross the network boundaries if they are physically connected, anyone who claims this is not true knows absolutely nothing about IT security or security on complex systems in general. You work really hard to prevent it, and make certain design decisions to make it hard to cross that gap, but the instant they are connected, you've created the possibility. You can't honestly claim that your network is 100% secure and impeneratble which is what this guy is trying to claim ... about aircraft that he's never had anything to do with, never seen, knows nothing about the internal operation of ... just because he's a pilot doesn't make him suddenly privy to private information internal to Airbus or Boeing.
Once again, I repeat, this is nothing but a shitty slashvertisement. They probably paid timothy to post it to the front page, which explains why it was done in such a hurry the first time and didn't even have a fucking link in it.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager