What is the most shocking, that someone tried to hack an infotainment system on a plane or that the company that sold said system had not done simple basic security pen testing or that the company that bought said system had not not done basic pen testing as implemented in their planes?
For me teh latter two far out weigh the former.
We only have BAs word that nothing critcal was a risk, but given they didn't test this how do we know? The car manufacturers don't seem to differentiate between infotainment and control systems why should we assume Airplane operators do?
There should be a GDPR for security of system access for all transport that covers system security rather than data loss, but I fear that would only come from teh EU as our own government would not have teh balls or clout to implement such a thing.
Biting the hand that feeds IT
