Nip this in the bud: Airliner hacked through inflight entertainment system.

[Fly320s]

The link to the stupid: http://www.usatoday.com/story/tech/2015/05/16/chris-roberts-fbi-plane-hack-one-world-labs/27448335/

No. Just no. No effing way, im-effing-possible, total effing BS.

[Hawkmoon]

I read about that yesterday. It seemed implausible that an optional system like entertainment could possibly be interfaced with flight controls like the engine power settings.

Of course, the article I read said that increasing the power to one engine made the aircraft fly "sideways," and then later it said that increasing the power made the plane climb. I don't know anything about modern autopilot systems, but I would surmise that if the autopilot is set to maintain 30,000 feet, it will maintain 30,000 feet even if the engine power is kicked up a notch.

[Mannlicher]

looks like almost anything is possible.  One thing  I noticed in the article, was the fellow saying he used published default passwords to hack the system.  Looks like that is a standard procedure.   One would think that everyone with a computer system would change the default password, since those are known.  Had that been done, the hack would probably be much more difficult, or just plain impossible.

[Fly320s]

I read about that yesterday. It seemed implausible that an optional system like entertainment could possibly be interfaced with flight controls like the engine power settings.

Of course, the article I read said that increasing the power to one engine made the aircraft fly "sideways," and then later it said that increasing the power made the plane climb. I don't know anything about modern autopilot systems, but I would surmise that if the autopilot is set to maintain 30,000 feet, it will maintain 30,000 feet even if the engine power is kicked up a notch.

Correct. Increased thrust will result in increased speed, not a climb.

[lee n. field]

looks like almost anything is possible.  One thing  I noticed in the article, was the fellow saying he used published default passwords to hack the system.  Looks like that is a standard procedure.   One would think that everyone with a computer system would change the default password, since those are known.  Had that been done, the hack would probably be much more difficult, or just plain impossible.

You'd be surprised.

[vaskidmark]

Did not read this article, thanks to the comments about teh stoopidz it contains.

But IIRC this is not the first time someone has demonstrated how to hijack an aircraft via the ancillary systems.  Pretty much the same way they hijack an automobile - for ease the desgners integrate everything.  ("Heck, what could go wrong?" - motto of the dumb in every field of endeavor.)

stay safe.

[RocketMan]

I read about that yesterday. It seemed implausible that an optional system like entertainment could possibly be interfaced with flight controls like the engine power settings.

Hmmm...methinks not a matter of entertainment systems being deliberately or directly interfaced with flight control systems.  More likely they simply share a common network.  But that can be just as bad.

[Fly320s]

Did not read this article, thanks to the comments about teh stoopidz it contains.

But IIRC this is not the first time someone has demonstrated how to hijack an aircraft via the ancillary systems.  Pretty much the same way they hijack an automobile - for ease the desgners integrate everything.  ("Heck, what could go wrong?" - motto of the dumb in every field of endeavor.)

stay safe.

I'm a bit confused by your response.

Just to clarify my point: the act of hijacking control of the aircraft by tapping into the onboard TV system is impossible.

[bedlamite]

You are obviously part of the disinformation campaign to placate the masses. 

[Fly320s]

You are obviously part of the disinformation campaign to placate the masses. 

Shut up and breathe your chemtrails.

[lee n. field]

Shut up and breathe your chemtrails.

"Mmmmm.   Yummy chemtrails..."

[Phyphor]

The link to the stupid: http://www.usatoday.com/story/tech/2015/05/16/chris-roberts-fbi-plane-hack-one-world-labs/27448335/

No. Just no. No effing way, im-effing-possible, total effing BS.

Yeah, that was my take on that, as well.

Systems like that would be airgapped, period.

There would be no advantage to actually networking the passenger accessible entertainment system with flight control, in fact, it would be a net security loss.

[Hawkmoon]

Hmmm...methinks not a matter of entertainment systems being deliberately or directly interfaced with flight control systems.  More likely they simply share a common network.  But that can be just as bad.

Semantics, perhaps. To my simple-minded dinosaur brain, if they share a common network and one system can talk to another system, they "interface."

[cordex]

There would be no advantage to actually networking the passenger accessible entertainment system with flight control, in fact, it would be a net security loss.

How often is security the prime consideration in systems development?

[vaskidmark]

Yeah, that was my take on that, as well.

Systems like that would be airgapped, period.

There would be no advantage to actually networking the passenger accessible entertainment system with flight control, in fact, it would be a net security loss.

That was essentially what I recall reading - that everything was networked because nobody bothered to think anybody would want to get into one segment from another, and because it was both easier and cheaper.

Kinda sorta like finding out the apple watch can be hacked by a 5-year old.

stay safe.

[Phyphor]

How often is security the prime consideration in systems development?

One would hope that something that depended on computers that weren't compromised to keep everyone alive wouldn't be configured in such an idiotic way.  Why would you put something that can possibly control the aircraft or even cripple it on the same physical network as something passenger accessible?

It's not generally a primary concern in systems development, admittedly...but to completely ignore it?

That was essentially what I recall reading - that everything was networked because nobody bothered to think anybody would want to get into one segment from another, and because it was both easier and cheaper.

Kinda sorta like finding out the apple watch can be hacked by a 5-year old.

stay safe.

I can see it being a bit cheaper and easier....but it's nonsensical.

Where did you read that? I'd be interested in seeing that, if only for the eye-opener.

[Balog]

Another couple articles.

http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/

http://arstechnica.com/security/2015/05/fbi-researcher-admitted-to-hacking-plane-in-flight-causing-it-to-climb/

[vaskidmark]

Where did you read that? I'd be interested in seeing that, if only for the eye-opener.

http://www.cnn.com/2013/04/11/tech/mobile/phone-hijack-plane/

2013.  It's amazing what the mind can remember while still not knowing your own phone number after having it for more than 10 years.

stay safe.

[Fly320s]

How often is security the prime consideration in systems development?

In the airline world? All of the time, although the focus is on safety, not security.

The flight control systems need to be independent of non-essential systems so they will be more reliable and safe.

Now, I haven't looked at the installation diagrams for the IFE system, but I can tell you there is no reason for it to be networked to the flight control systems.

[Fitz]

Something about this story stinks. There's no way those systems aren't air gapped. This screams "bullshit" to me

[lee n. field]

How often is security the prime consideration in systems development?

Sometimes. 

https://en.wikipedia.org/wiki/OpenBSD

The project is also widely known for the developers' insistence on open-source code and quality documentation, uncompromising position on software licensing, and focus on security and code correctness. The project is coordinated from de Raadt's home in Calgary, Alberta, Canada. Its logo and mascot is a pufferfish named Puffy.

OpenBSD includes a number of security features absent or optional in other operating systems, and has a tradition in which developers audit the source code for software bugs and security problems.

(Never used it, myself.  But it exists.)

[KD5NRH]

How often is security the prime consideration in systems development?

Well, it was pretty well done back in the day.

Good luck hacking into this:

[KD5NRH]

Now, I haven't looked at the installation diagrams for the IFE system, but I can tell you there is no reason for it to be networked to the flight control systems.

What's the point of all those MFDs if you can't watch Die Hard 2 on them?

[Jamisjockey]

Well, it was pretty well done back in the day.

Good luck hacking into this:

yeah just how the cockpit of a modern airliner should look.  

[RevDisk]

*scratches head*

Uhm. Never worked on fixed wing, but on rotary wing, yes, entertainment and control networks were airgapped. And not directly compatible either. Control runs over controller area network, usually called CAN bus. Started for cars. Aircraft are now using "ARINC Specification 825", but it's usually informally called CAN or CAN bus. Fixed wing are moving to it also, AFAIK.

It's not directly compatible with TCP/IP. I highly doubt that is the default. Because Sikorsky and I'm sure other folks made money selling support packages that included overpriced Panasonic ToughBooks with the maintenance/analysis software on it, that you had to plug into a designated CAN port.

If someone was dumb enough to plug the ethernet port of a CAN gateway onto the entertainment network and the hacker had the right software, sure.