Aircraft Entertainment Systems Hacks Are Back

Reader msm1267 writes: Researchers at IOActive today disclosed vulnerabilities in Panasonic Avionics In-Flight Entertainment Systems that were reported to the manufacturer close to two years ago. The flaws could be abused to manipulate in-flight data shown to passengers, or access personal information and credit card data swiped at the seat for premium entertainment or Internet access. Given that the firmware is customizable and used by dozens airlines in hundreds of aircraft models, the researchers said it's almost impossible to determine whether the vulnerabilities no longer exist across the board. IOActive said that segmentation between aircraft control and information services that oversee avionics and operational control of a plane should isolate these vulnerabilities to passenger entertainment domains. Whether an attacker could cross those domains and affect critical avionics systems would depend on specific devices and configurations, IOActive said, given that a physical path could exist that connects those systems through satellite communications terminals that provide in-flight updates to critical systems. The concern is that whether in some configurations, IFEs would share access to these devices and provide the physical path an attacker would need to reach critical systems. As for the vulnerabilities in passenger systems, IOActive said there is a lack of authentication and encryption between an on-board server and clients at passenger seats. This could allow an attacker on board to send commands to the IFE system to manipulate what's displayed to passengers, or read payment card data swiped at seats.

Download movies

[PRMan]

With the way a lot of these plane systems work these days, it could be a way to download a lot of "free" movies and music.

Not any more

[PPH]

IOActive said that segmentation between aircraft control and information services that oversee avionics and operational control of a plane should isolate these vulnerabilities to passenger entertainment domains.

That may have been true on older models, but Boeing got an exception to the separation rule for the 787. What's worse, the primary authentication method used to provide 'security' is a protocol that filters packets based on MAC addresses. So you can't plug your own gizmo into an avionics bus. But if you can trick the passenger entertainment units into generating bogus air data (for example), bad stuff can happen.