
Hacker Says He Can Break Into Airplane Systems Using In-Flight Wi-Fi - uger
http://www.npr.org/blogs/alltechconsidered/2014/08/04/337794061/hacker-says-he-can-break-into-airplane-systems-using-in-flight-wi-fi
======
com2kid
I interned at Boeing for one summer on the 787 project. The way Boeing does
networking at first seems old fashioned and asinine, until you think about it
for a bit.

For one thing, they had static routing tables in place on a per port basis,
and this was _very_ finely gone over. Not counting all the other layers of
protection in place, it was the case that flat out the consumer focused
networking gear was not able to get packets routed over to any critical
systems.

At the time, our threat assessment was "Osama Bin Laden gets on board with a
laptop".

IIRC, and it has been quite a few years (the better part of a decade!), the
few hardwired ports that did have access to more critical systems could only
be used by laptops that had certificates on them providing authentication.
Without that, even the ports that DID have the potential for routing to more
important systems on board would get all their traffic forwarded to /dev/null.

~~~
powera
That does seems wrong. First, did Osama (or Al Qaeda) really have any
experience with hacking computer systems in this way?

Second, why would you rely on "static routing tables" and "certificates" for
defending against an attacker in the worst case when you could just use an air
gap?

~~~
com2kid
There are multiple networks on an airplane. Some are air gapped, but running
multiple parallel wiring systems adds a lot of weight to a plane. If a medium
and low security system can share some cabling and be secured through
software, then there is little reason not to.

The engine control wasn't hooked up to the AV system or anything!

------
kefs
Ridiculous article..

Here's the actual blog post, and the 25-page whitepaper.

[http://blog.ioactive.com/2014/04/a-wake-up-call-for-
satcom-s...](http://blog.ioactive.com/2014/04/a-wake-up-call-for-satcom-
security.html)

[http://www.ioactive.com/pdfs/IOActive_SATCOM_Security_WhiteP...](http://www.ioactive.com/pdfs/IOActive_SATCOM_Security_WhitePaper.pdf)

On a side note, what's with all the similar press photos of this guy in front
of graffiti?

[https://imgur.com/a/nOuff](https://imgur.com/a/nOuff)

~~~
S_A_P
The graffiti gives him mad street cred.

~~~
jbigelow76
It's Gilfoyle[1] from Silicon Valley!

[1] [http://silicon-valley.wikia.com/wiki/Gilfoyle](http://silicon-
valley.wikia.com/wiki/Gilfoyle)

------
userbinator
A few years ago I remember reading a discussion about the possibility of
"hacking a plane" and someone who worked in the industry said that the
avionics were immune to this since the communication only goes one way. On the
other hand, I don't doubt at all that the IFE/passenger displays could be
hacked, since apparently things like this happen rather frequently:

[http://img.thedailywtf.com/images/13/q2/e67/Pic-2.jpg](http://img.thedailywtf.com/images/13/q2/e67/Pic-2.jpg)

[http://img.thedailywtf.com/images/13/q3/e74/Pic-4.jpg](http://img.thedailywtf.com/images/13/q3/e74/Pic-4.jpg)

[http://img.thedailywtf.com/images/200905/errord/DSC_0001.JPG](http://img.thedailywtf.com/images/200905/errord/DSC_0001.JPG)

[http://img.thedailywtf.com/images/14/q2/e117/Pic-5.jpg](http://img.thedailywtf.com/images/14/q2/e117/Pic-5.jpg)

~~~
TeMPOraL
Oh those displays are so ugly... Someone please hire Michael Okuda or someone
else who has this thing called "attention to detail" and knows how to make
displays that don't look like crap.

But yeah, I know, no profit in making things look nice; it's enough to make
them just not repulsive. It saddens me that in the last 20 years we've
developed many technologies straight out Star Trek and others, and yet they
don't feel like from the movies mostly because no one cares about aesthetics
in real world.

~~~
twoodfin
If you want to see something highly functional but also out-of-the-movies
sharp, try redeeming an iTunes gift card on a Mac via the built-in camera.

------
chasing
Define "break in" and "interfere."

Could he down an airplane? Or just access logs?

~~~
bignaj
If you read the article: _" One vulnerability that Santamarta said he found in
equipment from all five manufacturers was the use of 'hardcoded' log-in
credentials, which are designed to let service technicians access any piece of
equipment with the same login and password."_

Sounds like he could access the plane's systems from an administrator's
perspective. I would watch the Black Hat presentation to be sure.

~~~
mikeash
The "all five manufacturers" in question are the manufacturers of satellite
equipment. It sounds like he could access the satellite entertainment
equipment as an administrator, but that's (one would hope) a far cry from
being able to access anything _important_ on the plane.

------
ChrisClark
During an international Air Canada flight, they had USB ports right beside the
touch screen seat back monitors. I thought I'd try plugging my remote mouse
into it. Worked perfectly fine, a mouse pointer showed up and I could use it
fine.

I was wondering what I could do with a keyboard, or a nicely crafted USB
stick. The interface seems to be an HTML/JS interface, so I'm not sure what OS
it was running on. The mouse pointer was not a Windows default so it was
probably Linux.

I wonder if I could have switched terminals if I had my keyboard. Also, if I
had my keyboard I'd be too scared to try.

~~~
kenrikm
Some Delta planes and I think all Virgin planes that have that inflight
infotainment system run on a flavor of linux with a ton of plugins and
insecure SSH enabled by default. Ask me how I know.

~~~
dandruffhead
How?

------
tehwalrus
isn't this why equipment used to be administered with a hard serial port on
the back? (I remember switches that need to be administered that way, from a
few years ago).

It boggles the mind that hard coded credentials to flight systems could be
exploited from customer facing wifi.

Sort-of relevant XKCD: [http://xkcd.com/463/](http://xkcd.com/463/)

------
orblivion
Why would the airplane's critical systems be in any way connected to passenger
WiFi? Or the Internet in any way?

~~~
com2kid
787s have some _really_ cool self monitoring abilities. Every part on them is
wired up with every type of sensor you can imagine. This allows the plane to
track its health at all times. The coolest feature we saw a demo of (I have no
idea if it shipped!) was the plane radioing ahead to the airport it was headed
to with a maintenance request form auto filled out! Personnel at the airport
would be informed and have the relevant maintenance manuals automatically
downloaded to their laptop.

This actually removed a lot of down time for the plane, as typically workers
would have to manually inspect many of these parts on a regular basis to check
wear levels.

Seriously cool stuff!

~~~
x1798DE
What does that have to do with the public-facing wifi? I suppose if there's
any radio connection and they have hard-coded credentials, the "public-facing"
part of it doesn't really matter as much, but still, it's kinda basic stuff to
airgap critical networks from the public.

~~~
kalleboo
That's the multi-million dollar question.

I could theorize the cheapest way for the features com2kid is talking about to
work is to use the commercial Internet connection for uploads. Then the device
that connects needs an IP, and just happens to be running a telnet server for
maintenance (it's always telnet) and nobody ever changes the default
credentials. Now _that_ device still has no actual control but it's connected
to the airplane systems over a serial console. Which is also available to log
in with the default credentials...

Another comment here suggests he only gained access to the _satellite systems_
which would suggest this is overblown.

~~~
com2kid
Unfortunately I have no recollection of how everything is wired together. (Not
that I ever had complete understanding of it!)

I know they consolidated some wiring, but I cannot say what was consolidated
with what. I just remember the static routing table for security.

------
scosman
no no no no.

They just started letting us use devices during takeoff. No more alarmist
headlines please.

~~~
carlfranzon
Precisely my thought...it was fun while it lasted!

