Didn't something like this happen
in Short Circuit 2?
At least some commercial aircraft are vulnerable to wireless hacking, a US Department of Homeland Security official has admitted. A plane was compromised as it sat on the tarmac at a New Jersey airport by a team of boffins from the worlds of government, industry and academia, we're told. During the hack – the details of which …
in Short Circuit 2?
X-files spin off The Lone Gunmen predicted 9/11 with an attempt to crash a hacked aircraft into New York
come on guys and girls, be realistic!!
Who is EVER going to want to hack a plane?? Come on now.
Well, the people wanting to hack one your on may have have just increased?
Do they still hand out the Darwin reward. Doesn't this man watch American movies and TV?
Things like digital weather and traffic updates become increasingly relevant to flight systems as they become more automated and intelligent. Airgapping, data diodes and the like cannot shield the machine from stuff the pilot used to deal with over voice radio.
There are no glib answers to be had, just careful hardening, thorough testing and eternal vigilance.
All your planes are belong to us!
Even airgapping isn't quite enough, leaving aside the problems that presents.
Planes are frugally designed and inherently vulnerable. Even with a nicely separated customer Wi-Fi/ents network you need to be sure what could be done to it by someone gaining access with elevated privileges. I don't see that they even need to be on board, necessarily, there's those seat phones for one thing, and the possibility of getting a device on board you have control of remotely, like a compromised smartphone. Both vectors present major challenges to a hacker, but there's some very motivated miscreants out there, and some suicidal ones, lets not forget.
Simply knowing a way to cause the entertainment system to communicate misleading information to passengers could cause all sorts of peril. Working out how to overload part of it to cause, say, a cabin power problem or even a fire ..... a power-slurpy IFE was a factor in the total loss of Swissair 111.
We know that Russians have been doing since "Die Hard on a tarmac".
But seriously, we need more details on this "hack". These things are always overblown for fame and ego-stroking.
Not exactly new:
Air gap, air gap, air gap... sqwaaaak. Bunch of parrots repeating crap, without any talent to quiet themselves for 5 minutes so they can think critically.
Experienced security professionals know air gap isn't necessarily the answer. There are plenty of ways to connect to an enclosed gapped network. Especially when 200+ people have access to a few of them on each flight.
The answer is early and proper security injected into the systems development lifecycle. An aircraft connected to a WAN or cloud can be perfectly safe provided security is considered from day one until they retire the plane.
Because loss of network/computer systems on an airplane is an obvious security concern as well as a target for terrorists... governments should get involved in protecting these systems with compliance standards.
Airlines and aircraft manufacturers may scream about cost and delays, but consider a worst case scenario... where malware is launched quietly into the systems of 10+ aircraft, placed by malicious insiders, staying dormant until a particular date/time.
I got you a worse one. Same thing done by an actual tech who's a sleeper. No possible defense against a well-hidden sleeper, and you don't even need a wireless anything to raise havoc. If someone REALLY wants to raise havoc, they can do it in spite of God, Man, or the Devil. Remember, no guns used for 9/11, and even after 9/11 some intentional crashes were done by the pilots themselves: insiders.
"An aircraft connected to a WAN or cloud can be perfectly safe "
Really? Don't think so. There are very few things that can be perfectly safe, and airliners certainly aren't amongst them, though in recent years airliners have been sufficiently safe that complacency has unfortunately set in at the builders and operators and regulators, just as it did in the UK's rail industry after privatisation.
The story - just like those that went before it - is misrepresentative bullshit by someone implying one thing was something altogether different to make a name and generate headlines.
Nothing was compromised remotely or otherwise.
Anyone with even a vague understanding of old and new aircraft and avionics knows the story to be bullshit.
Sadly credulous journalists fall for it, maybe mix in a bit of irrelevant IT knowledge and then a load of commenters drop in and it spins on from there.
So much security 'research' is like this but I guess tech fake news is as good as any other type for generating traffic.
Separate your control systems networks (and they shouldn't be on Wireless - if they are I may not be able to hack in but I could jam) from your nav systems networks, and keep them separate from the public wireless and entertainment stuff.
It may take time and cost to test and start to implement, but what is the cost of paying out compensation to a few hundred families because you didn't do this, and a plane crashed as a result of your failure to fix a suspected-if-not-known security flaw? Hell, next time a plane comes down and someone suggests to a family that maybe someone hacked the plane and caused the crash, what sort of problems will that cause for the specific airline or manufacturer?
And keep the entertainment systems separate from any wifi or internet-connected networks!. Someone might want to do a murder-suicide on a plane load of republicans, which they could achieve by having all the screens show a picture of a couple of Arab men holding hands (a common practice in many mid-eastern countries which has nothing to do with sex,I am told). This would cause at least one of the passengers to go into such a violent rage that they explode, and failing that the rest would go mad rushing around trying to smash everything electronic to make the pictures go away.
"It may take time and cost to test and start to implement, but what is the cost of paying out compensation to a few hundred families because you didn't do this, and a plane crashed as a result of your failure to fix a suspected-if-not-known security flaw?"
Probably less. See Unsafe At Any Speed.
Cut a long story short. Keep he plane's sysyem a closed system off wireless and the internet. Have consumers net services system completely seperate and incompatible. Doesn't anybody watch Battle Star Galactica??
Biting the hand that feeds IT © 1998–2018