What? That's still not an excuse to attempt it on a live passenger plane in the air. You're potentially endangering not only your life but the lives of hundreds of strangers.
In an empty plane you're piloting alone, or a simulation, sure, but there's clearly a non-zero chance that the navigation hijacking could disrupt the plane enough to force an emergency landing or even cause it to crash. Even if you think you know what you're doing, there could be lots of unintended side effects from forcing the plane to make certain maneuvers.
The article states that he had tried telling the manufacturers for years about these vulnerabilities. That means every time one of these planes flies all passengers are at risk. If he has to pull a stunt like this to raise awareness in order for the vulnerabilities to be fixed, who is putting more people at risk? This is an ethics question and it's a hard one. There are no direct analogies. This is pretty much par for the course with security researchers and big corporations. It usually takes some big negative publicity and a public scare for a manufacturer to do a recall, which makes sense because recalls are expensive.
There are two tracks on a railroad. An unguarded lever allows someone to switch which rail the track leads to. A fellow has told the train company to secure the lever so that only their qualified individuals can pull it. They've ignored this fellow for years. The fellow see two trains are approaching on the separate tracks. They decide to pull the lever - temporarily placing the lives of everyone on each train at risk of a collision. Before the trains are in danger of switching tracks, they pull the lever again. A bunch of people were scared, but no real harm was done.
One day, a malicious person could be the one that pulls the lever and kills hundreds of people. The company has been putting lives at risk for years - but only after receiving bad press regarding the insecure lever have they decided to invest in its security.
It says that he had been telling people about these security holes for years and without effect, so he probably felt that actually doing it on a real plane would.
If his statements are true, then it would be far better him doing it and potentially endangering people, causing manufacturers to fix their planes very quickly, than a terrorist doing it and actually causing some serious damage.
That is a completely invalid statement. Saying that you are willing to risk the lives of everyone on a plane, potentially killing all of them, just to demonstrate that it's theoretically possible to bring a plane down, is akin to putting a washing machine on the railroad tracks, just to demonstrate it's possible to de-rail a passenger train.
This is the sort of testing that should be done on planes without passengers.
It's a matter of ethics, not logic. I don't think there's any similarity to putting a washing machine on a train track. According to the article the hacker had reported this vulnerability years ago. That means every time the plane takes off all the passengers lives are at stake.
If you are a criminal and wish to kill people, it's pretty straightforward to de-rail a train. Every time a train leaves a station, all the passengers lives are at stake. It is 100x more easy for your average person to derail a train than it is to fuck with the avionics system on a modern jet. There are lots of opportunities to kill people if you are evil.
Thankfully, being evil is a fairly uncommon situation. But, as in the case of this hacker, being stupid apparently isn't.
You don't execute the thing that can hurt people to demonstrate that people can be hurt if that thing is executed.
Presuming (big presumption by the way) that he actually did break through the avionics firewall of an actual plane, and attempt to send commands to the flight-control system - then he deserves pretty much all the pain he's going to experience for the next 10-15 years.
But, on the flip side, if it turns out that he wasn't actually ever hacking with the flight systems of operating planes, then I wish him the best, and I hope he's able to convince people that all of this was hypothetical, a misunderstanding, and the only testing he's done has been with research systems, or test environments made available by various plane manufacturers.
You're making a number of judgements about the danger of the situation. The train analogy is also misleading.
We're now essentially arguing about which situation puts the passenger's lives at stake the most. Which is the most dangerous situation?
If we absolutely have to use an analogy we should make the train and the plane situations equal. In the case of the plane no one was hurt. Nobody even knew what had happened - not even the pilots. This might be analogous to a train "hacker" placing a washing machine on the tracks...and then removing the washing machine while the train is still at a safe distance.
There we go - the train "hacker" has shown that a washing machine can be placed on the tracks successfully and now the train companies can start to think of a solution. Maybe breaks. Or horns. Or those big cute scoops ;)
I think if you wanted to send the hacker to rot in jail (and keep your conscience) you'd have to prove that the hacker was very reckless and had no experience with avionics systems. Something tells me he knew how to run these systems though - at least enough to hack into them.
That isn't a reasonable excuse for endangering people's lives. If he actually altered the engine output even 1% he belongs in jail. It is as simple as that.
Looking at flight information, seeing nearby aircrafts, etc are not dangerous and they provide "proof of concept." Heck he could even turn on and off the navigation lights as proof that he can "control the aircraft" without directly endangering anyone.
I am sceptical like other people here that he actually altered the engine output from the entertainment system network. If he did then that would both be a gross lapse in basic aircraft security and he actually deserves some level of legal recourse for endangering other passenger's life, as well as thanks for exposing the vulnerability.
I liken it to hacking into a car and causing the acceleration pedal to stick on momentarily when you change radio stations. It would definitely alert people to the problem, but how many lives have been endangered to alert people? In particular if he made a mistake and instead of having it stick for 1 sec he did 10 sec? Is it right to put other people's lives in the hands of his experiments? They didn't sign up to be his guinea pigs.
