

Hackers Warn Passenger Planes Vulnerable to Cyber Attacks - sergeant3
http://www.spiegel.de/international/business/hackers-warn-passenger-planes-vulnerable-to-cyber-attacks-a-1035172.html

======
userbinator
From the previous discussion about Roberts' case (
[https://news.ycombinator.com/item?id=9558615](https://news.ycombinator.com/item?id=9558615)
and
[https://news.ycombinator.com/item?id=9568050](https://news.ycombinator.com/item?id=9568050)
) the general impression seemed to be that avionics are isolated from IFE and
other non-critical systems so this would be impossible.

The fact that this researcher is a licensed pilot does not necessarily mean
much; the pilot license only certifies that he knows how to fly a plane, not
that he knows in detail about all the systems in one.

~~~
morbius
IFE systems do show telemetry data from aircrafts' EICAS, though -- things
like ground speed, altitude, temperature, etc.

I'm not sure on the specifics since Boeing has kept silent about the whole
debacle, but I do wonder whether the IFE and avionics are airgapped on _all_
aircraft, and whether you could exploit them if they aren't.

~~~
ekimekim
It's that very silence that makes me suspicious. Security through obscurity is
only a reasonable defence if you know you are otherwise insecure. That said,
it's also common when big companies have security concerns, valid or not.

~~~
userbinator
Boeing has stated that the systems are isolated in one of the linked articles
about Roberts' case:

[http://www.bloomberg.com/news/articles/2015-05-18/hacker-
cla...](http://www.bloomberg.com/news/articles/2015-05-18/hacker-claims-of-
plane-takeover-aren-t-credible-official-says)

------
Zak
The first attack demonstrated involves spoofing electronic messages from air
traffic control. These include instructions to fly to a certain waypoint or at
a certain altitude. The pilot can accept these instructions and update the
autopilot with the press of a button, which is easier and less error-prone
than communicating by voice and entering the data from the cockpit.

Critically, these instructions cannot cause the autopilot to do anything
without input from the pilot, nor can they keep the pilot from disengaging the
autopilot and flying the plane manually.

The second attack described involves accessing flight control systems by way
of the onboard entertainment system. I would be shocked if this is actually
possible.

