×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Planes Can Be Hacked Via Inflight Wi-fi, Says Researcher

samzenpus posted about 4 months ago | from the protect-ya-neck dept.

Transportation 151

wired_parrot writes In a presentation to be shown Thursday at the Black Hat conference, cybersecurity consultant Ruben Santamarta is expected to outline how planes can be hacked via inflight wi-fi. Representatives of in-flight communication systems confirmed his findings but downplayed the risks, noting that physical access to the hardware would still be needed and only the communication system would be affected.

Sorry! There are no comments related to the filter you selected.

LOL (-1)

Anonymous Coward | about 4 months ago | (#47601675)

I can hack your mom's pussy via my dick in the lavatory.

yes... (5, Funny)

gandhi_2 (1108023) | about 4 months ago | (#47601679)

... but only by using Python.

Re:yes... (5, Funny)

Anonymous Coward | about 4 months ago | (#47601707)

Get these motherfucking scrips off my motherfucking plane!

Re:yes... (0)

Anonymous Coward | about 4 months ago | (#47601741)

Why would you need legal tender substitutes off the plane?

Re:yes... (0)

Anonymous Coward | about 4 months ago | (#47601849)

Why do they have to be tender? I like my cash like I like my women: cold and hard.

Re:yes... (2)

CanHasDIY (1672858) | about 4 months ago | (#47602609)

I like my cash like I like my women:

Bound in rolls and stuffed into a dufflebag?

Bogeymen on a plane! (-1)

Anonymous Coward | about 4 months ago | (#47601681)

Those wiley hat-wearing haxx0rz.

So, which is it? (4, Insightful)

Joe Gillian (3683399) | about 4 months ago | (#47601683)

Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.

Why WiFi (0)

Anonymous Coward | about 4 months ago | (#47601781)

it is not possible for hackers to use WiFi signals to interfere with critical systems that rely on satellite communications for navigation and safety. The hackers must have physical access to Cobham's equipment, according to Cobham spokesman Greg Caires.

I mean, those systems are not WiFi capable.

They keep throwing the term " satellite communications systems" all over the place - making this "article" sound more like a press release to scare up attention for IOActive than a real news article.

For all we know from this press release is that they found a way for hackers to disrupt everyone's email and web browsing and cell phone calls.

Whoop-Dee-doo.

Re:Why WiFi (0)

X0563511 (793323) | about 4 months ago | (#47602685)

The plane has a data connection. You get access to a data connection via the on-board wifi.

You don't see a connection between the two? Let me fill it in for you: they share the same path outside the plane.

Note that this data connection isn't required for the plane to continue flying, but I don't know how it's used by in-cockpit warning or navigational stuff.

Re:Why WiFi (1)

SuricouRaven (1897204) | about 4 months ago | (#47603157)

I would guess 'not at all' based on the loss of MH370: Part of the reason it's not been found is that the plane didn't maintain any form of continuous communications.

Re:So, which is it? (2, Funny)

Anonymous Coward | about 4 months ago | (#47601807)

Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.

It's a bit odd to talk about physical access when speaking about a metal tube flying along at 35,000 feet.

It's not like attacks are going to take place outside the plane.

Re:So, which is it? (4, Funny)

Anonymous Coward | about 4 months ago | (#47601827)

That is what William Shatner thought.

CAPTCHA: afraid

Re:So, which is it? (0)

Anonymous Coward | about 4 months ago | (#47601863)

There's...something on the wing!

Re:So, which is it? (5, Insightful)

Jane Q. Public (1010737) | about 4 months ago | (#47601855)

Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.

Any airplane manufacturer that is stupid enough to link their passenger wi-fi system to ANYTHING else, deserves to get a few planes stuffed into the ground. Same with auto companies. If true, the whole thing is about as lamebrained as it gets.

Re:So, which is it? (1, Funny)

Anonymous Coward | about 4 months ago | (#47601889)

Any airplane manufacturer that is stupid enough to link their passenger wi-fi system to ANYTHING else, deserves to get a few planes stuffed into the ground.

Preferably with you on board.

Re:So, which is it? (4, Interesting)

jittles (1613415) | about 4 months ago | (#47602093)

Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.

Any airplane manufacturer that is stupid enough to link their passenger wi-fi system to ANYTHING else, deserves to get a few planes stuffed into the ground. Same with auto companies. If true, the whole thing is about as lamebrained as it gets.

Volkswagen hooks up their audio systems to the CANBUS on cars. Those audio systems may have bluetooth enabled. This may allow a hacker to get onto the CANBUS via BT. I haven't tried, but it's definitely something that one could attempt. Other manufacturers do this also, such as GM and Chevy.

Re:So, which is it? (3, Interesting)

Jane Q. Public (1010737) | about 4 months ago | (#47602199)

Other manufacturers do this also, such as GM and Chevy.

Yes, that was my understanding as well. And that was my point. It just doesn't look very smart, from where I sit.

In my view (which I would be happy to review and modify if someone has a better idea), you have 3 basic systems in a modern automobile. In order of importance: [1] critical control and feedback, [2] internal environment, and [3] entertainment.

[1] and [2] should have strictly limited communication, if any. [2] and [3] should probably have none, and [1] and [3] should not communicate at all under any circumstances.

Re:So, which is it? (1)

malacandrian (2145016) | about 4 months ago | (#47602237)

Volkswagen hooks up their audio systems to the CANBUS on cars. Those audio systems may have bluetooth enabled. This may allow a hacker to get onto the CANBUS via BT. I haven't tried, but it's definitely something that one could attempt. Other manufacturers do this also, such as GM and Chevy.

A 2009 study [itworld.com] claim to have managed it. Given the range & pairing requirements of BT though, it does mean crashing a car that you're currently in. Giving the victim a specially prepared CD that will hack the CANBUS half way through their road trip seems a much more sensible idea to me.

Re:So, which is it? (1)

Anonymous Coward | about 4 months ago | (#47602267)

Connected != Access.

Just because some device is connected to via Bluetooth and that same device has a CANBUS connection does NOT mean you can now get from the Bluetooth and onto the CANBUS. It only means that it might be possible from that direction. Hack away and try, but you have a snowball's chance of getting though the radio.

Just like in aircraft, being able to access the WiFi network which might actually be connected to some device that might be connected to the network that the satellite gear is managed on makes it theoretically possible, but doesn't mean that it is likely something this yahoo can actually do from seat 14F using his laptop. Until recently the FAA didn't allow interconnections between essential systems and cabin entertainment stuff at all, at least at the data level (yea they let the flight controls turn power on and off, just no data connections.) Then there is the whole, so you are successful, what's it going to matter? Despite what you might think, the guys up front are still going to function just fine without the digital satellite links anyway.

Re:So, which is it? (4, Insightful)

geekoid (135745) | about 4 months ago | (#47602157)

Yes, hundreds of people 'deserve' to die. It certainly not the person doing the attacks fault at all.
Idiot.

Re:So, which is it? (1)

Jane Q. Public (1010737) | about 4 months ago | (#47602221)

Stupidity has a price. I didn't make things that way.

Re:So, which is it? (0)

Anonymous Coward | about 4 months ago | (#47602339)

Because the passengers are at fault for something they had no hand in? Jesus fuck you're an idiot.

Re:So, which is it? (0)

Anonymous Coward | about 4 months ago | (#47603063)

If they own a smartphone to access said wifi they do need to die though. They are already brain dead.

Re:So, which is it? (0)

ThatsMyNick (2004126) | about 4 months ago | (#47602631)

Yes, hundreds of people 'deserve' to die. It certainly not the person doing the attacks fault at all.
Idiot.

How does pwning the infotainment system lead to death. People might become bored to death, but I cant imagine anything else happening.

The crew can simply turn off the infotainment system, and go on with their work. There is a reason the infotainment system is not relied on, and attendants still use verbal instructions for everything (including the initial safety spiel)

Re:So, which is it? (2)

boaworm (180781) | about 4 months ago | (#47603091)

The pilot can use these data link communication channels to make his/her life easier. As an example, when asking for a new flight level clearance, they can (given up2date Flight Management System computers) dispatch a digital message to ATC (Air Traffic Control) rather than using the radio. A bit like sending a text message. This can be far more reliable than long-range radio where the audio quality isn't great. Similarly, the ATC can confirm the flight level clearance (climb or descent) via a data message, rather than over radio. The FMS display will confirm, reject or propose alternatives.

I can imagine a couple of not so scary scenarios:
* Overloading the data link, causing other messages to be delayed and/or dropped. This means the pilot will have to fall back to radio and/or resend the message.
* Read in-flight reporting/confirmation data
* Read load manifests, fuel status updates, passenger manifests etc.
* Access what other passengers are watching on their inflight entertainment system
* Eavesdrop on other passengers' facebook chats

And some more scary ones (if the break-in allows access to flight data messages):
* Send/request ATC communication, clearance requests etc
* Flooding ATC stations/comms systems with bogus data, preventing efficient communication between aircraft (this, and others) and ATC

One would assume the fly-by-wire system is entirely isolated from this.

Re:So, which is it? (0)

Anonymous Coward | about 4 months ago | (#47602213)

Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.

Any airplane manufacturer that is stupid enough to link their passenger wi-fi system to ANYTHING else, deserves to get a few planes stuffed into the ground. Same with auto companies. If true, the whole thing is about as lamebrained as it gets.

Yeah, well guess what...

How expensive do you think it would be to take the tens of thousands of airliners currently existing, retrofit them with separate new WiFi hardware and get that certified by the FAA or other appropriate governing body?

Compare that to the cost of simply plugging a wireless access point into existing computer systems.

Given how the FAA is almost certainly the subject of regulatory capture, which one do you think is going to happen?

Re:So, which is it? (0)

Charliemopps (1157495) | about 4 months ago | (#47602249)

Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.

I'm going to guess it's both. Someone likely needs to flip some physical switch or whatever... but Mr Santamarta thinks social engineering could be used to trick the pilots into doing it for you. Something along those lines.

Re:So, which is it? (2)

NoKaOi (1415755) | about 4 months ago | (#47602667)

"Planes Can Be Hacked" really means "Planes' Satellite Communication System Can be Hacked." That's a huge distinction. A malicious hacker still can't control the plane or it's radio communications, which are the important things. There are good reasons why the FAA is strict rules about airplanes not relying on satellites.

To give you an idea of the technical prowess of the article: "he discovered the vulnerabilities by "reverse engineering" - or decoding - highly specialized software known as firmware." But it seems the "researcher" is trying to sensationalize things:
"In theory, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft's navigation and safety systems, Santamarta said."
Now let's read between the lines. Avionics is any kind of electronics, even the entertainment system, so really no big deal, they can't hack anything important. For the "navigation" systems, he's not talking about GPS (even if he were it wouldn't be a big deal, airplanes can navigate just fine without GPS), but the communication system does send the GPS location, altitude, and speed back home. If that goes down, not a big deal because that's not what air traffic control relies on.

The worst that could happen is causing a panic by putting porn up on a flight to Disneyland and reporting back an altitude and speed of zero, which I'm sure would prompt a quick call to someone with air traffic control info who would say everything is fine. It would also prompt a lawsuit from the parents of small children for subjecting them to porn, but that would be made up for by ticket sales from college students wanting to fly that airline for their spring break vacation.

Re:So, which is it? (1)

AmiMoJo (196126) | about 4 months ago | (#47603015)

An attacker could always just bankrupt the airline by chewing up masses of satellite bandwidth for hours on end. uTorrent and a few Linux ISOs should be good for about $100m in overage charges.

In other words (1)

thieh (3654731) | about 4 months ago | (#47601685)

Are cellphones better than guns at hijacking planes now? At least they can replace the communication stream and take advantage of whatever that might follow.

Re:In other words (0)

Rosco P. Coltrane (209368) | about 4 months ago | (#47601749)

Nah, don't worry about it. It's just some "security expert" going all dramatic on some minor vulnerability he found, to plaster his name on the front page. Anything talking of airplanes, hacking, hijacking, plays the terrorism bullshit music score, and is a surefire way of attracting media attention.

No doubt the TSA will very soon jump on the opportunity to invent some new rule to steal - sorry, confiscate - your Wifi-enabled devices at the security checkpoint too...

No they cant. (5, Insightful)

Lumpy (12016) | about 4 months ago | (#47601739)

They did not get into the aircraft avionics.

They got into the satellite communications for the Infotainment system.

NONE of the systems like that have any interconnection to avionics or telemetry.

Re:No they cant. (0)

gandhi_2 (1108023) | about 4 months ago | (#47601767)

ahh... so just all the passenger data can be hijacked.
nothing to worry about here.

Re:No they cant. (3, Funny)

93 Escort Wagon (326346) | about 4 months ago | (#47601785)

ahh... so just all the passenger data can be hijacked.
nothing to worry about here.

Google and the NSA are worried... about someone else encroaching on their turf.

Re:No they cant. (1)

Aqualung812 (959532) | about 4 months ago | (#47601823)

Passenger data in the infotainment system? What makes you think there is anything sensitive in there?
I thought it was just shitty movies and games, along with a GPS map of where the plane is that is viewed only by passengers.

Re:No they cant. (2)

DivineKnight (3763507) | about 4 months ago | (#47602063)

You're thinking too small. Think bigger...if you have access to the in-flight infotainment system, you have access to the eyes, hearts and minds of the passengers. Passengers who are, due to not so subtle-conditioning, easily frightened. "9/11" "Never again!" Pictures of the statue of liberty crying and politicians dissembling at the top of their lungs. =^_^=

So what would I do? Two things. I'd play a video, ostensibly of a 'live' newscast that the plane they are currently on has been taken over by terrorists, and that their current pilot / co-pilot / first officers are planning to ram the Pentagon. Think about it. Some people on the plane will look at their ticket subs, figure out that the plane they're on is the one being hijacked, and rush the pilot's cabin as one person.

When they rush the cabin, I begin jamming the radio (cellphone signals are already being jammed, and wireless internet as well). At this point, on the ground, a video is delivered to the real media stating that some terrorist group (sans pilot / copilot, as background checks on the ground will clear them) have taken over the plane, and are planning another 9/11 style attack. With the radio dead and lack of useful communication, the military will assume the worst.

 

Re:No they cant. (1)

geekoid (135745) | about 4 months ago | (#47602177)

About as plausible as any M.Bay film.

Re:No they cant. (1)

SpzToid (869795) | about 4 months ago | (#47602335)

The hackers could broadcast a fake NBC news TV report that 'inadvertently' made its way to the plane video system. The news report would obviously declare that particular plane is known to carry the Ebola virus and no one onboard could be trusted as safe anymore, and chances for their survival are small, yet the risk to the larger world very great. I'll leave the plot continuation to the next bored slashdotter. (Obviously matters must be taken into hand)

Re:No they cant. (2)

CaptainDork (3678879) | about 4 months ago | (#47602703)

A crew of us was flying into Dallas one rime, circling the field. That was when pagers were big and cell phones were not.

We all got a Sky Page about a Dallas flight circling DFW because of unknown mechanical failure and a crash landing was inevitable.

Our buddies in Virginia thought it was funny.

Re:No they cant. (1)

SpzToid (869795) | about 4 months ago | (#47602803)

A crew of us was flying into Dallas one rime, circling the field. That was when pagers were big and cell phones were not.

We all got a Sky Page about a Dallas flight circling DFW because of unknown mechanical failure and a crash landing was inevitable.

Our buddies in Virginia thought it was funny.

Oh wow, what a classic old school hack! I'd have smacked them all first chance possible, but I'm in admiration for their thought, concern, and effort still. They must really, really like you and the rest of the team, and it shows.

Please just don't tell me this was SITA text, or I'm gonna die laughing too hard (having worked with SITA before). SITA text will never die.

http://www.sita.aero/products-... [sita.aero]

Re:No they cant. (0)

Anonymous Coward | about 4 months ago | (#47602509)

Or you ever making a comment that ADDS to the discussion?

Re:No they cant. (0)

Anonymous Coward | about 4 months ago | (#47602515)

So, it'd make millions.

Re:No they cant. (0)

Anonymous Coward | about 4 months ago | (#47602325)

Yea, that works great, until the pilots pull the breaker on the WiFi system... Then what ya going to do? Good luck storming the front of the bus. Good luck getting off the aircraft undetected too. Having that recently wiped drive won't help you either. The FBI would take a very dim view of such behavior and they *will* find you.

Re:No they cant. (1)

gandhi_2 (1108023) | about 4 months ago | (#47602167)

I'm talking about cases where internet access is available through the inflight wifi.
Taking control of the network equipment through which this traffic runs isn't harmless.

Re:No they cant. (1)

Aqualung812 (959532) | about 4 months ago | (#47602287)

No, but it should be expected. A connection to the Internet is still consider untrusted.

Re:No they cant. (1)

Lumpy (12016) | about 4 months ago | (#47602923)

Pay per view, all that juicy credit card info....

Re:No they cant. (1)

Desler (1608317) | about 4 months ago | (#47601901)

What customer data is in the infotainment system?

Re:No they cant. (1)

R3d M3rcury (871886) | about 4 months ago | (#47602009)

Credit card data, perhaps? I assume they want you to pay for that infotainment, not to mention any food or drinks you're ordering.

Re:No they cant. (0)

Anonymous Coward | about 4 months ago | (#47602057)

Name a single airline that has credit card info available through the infotainment system.

Re:No they cant. (1)

gandhi_2 (1108023) | about 4 months ago | (#47602135)

the whole point of in-flight WIFI is that people can be charged exorbitant sums for painfully-slow internet access while in flight.

While certainly it is no hijacking of a plane, the hijacking of this network equipment isn't nothing.

Re:No they cant. (0)

Anonymous Coward | about 4 months ago | (#47602559)

It is as long as this person doesn't show it happening on a real plane. He can only do it in a controlled lab. This is highly overblown.

Re:No they cant. (1)

Anonymous Coward | about 4 months ago | (#47602291)

ahh... so just all the passenger data can be hijacked. nothing to worry about here.

That's ALREADY possible, no hacking the plane's systems required. Tell me you don't trust public WiFi connections, EVER.... Please tell me..... (crickets) We are doomed, doomed I say.

Re:No they cant. (1)

AmiMoJo (196126) | about 4 months ago | (#47603045)

No need for such an elaborate hack to do that. Just set up your own network called "In-Flight Free WiFi" and begin the harvest. For bonus points add a splash screen warning users that they may receive certificate warnings "due to the nature of in-flight wifi and the speed/altitude of the aircraft in international airspace", complete with instructions on how to bypass them in all common browsers.

Re:No they cant. (1)

rodrigoandrade (713371) | about 4 months ago | (#47601775)

Yeah, remember that when you're flying with your family and someone is hacking the plane away while everyone else is asleep.

Point? (0)

Anonymous Coward | about 4 months ago | (#47601877)

Yeah, remember that when you're flying with your family and someone is hacking the plane away while everyone else is asleep.

Yeah, and your point? So, we'll wake up to porn or Islamic propaganda?

What? What's the big deal?

I have no concern about terrorism.

None.

What I am concerned about is eating right, exercising and mitigating things that ARE going to kill me that best I can.

And even then, if I live long enough, I will - no maybe - WILL get cancer and die from that. And slowly rotting away in pain as an invalid scares me - getting blown up by a fanatic doesn't.

Re:No they cant. (1)

Anonymous Coward | about 4 months ago | (#47601881)

Sir, I believe you might be troubled to learn YOUR COMPUTER IS BROADCASTING AN IP ADDRESS!

Re:No they cant. (1)

MobyDisk (75490) | about 4 months ago | (#47601789)

Yes, but imagine if a terrorist changed all the in-flight movies to be Uwe Boll movies: Passengers might start jumping out of the plane!

Re:No they cant. (0)

Anonymous Coward | about 4 months ago | (#47601833)

Yes, but imagine if a terrorist changed all the in-flight movies to be Uwe Boll movies

I don't think anyone could be that evil.

Re:No they cant. (1)

preaction (1526109) | about 4 months ago | (#47602019)

I believe that act would fall afoul of the Geneva Conventions and be considered a War Crime. Uwe Boll skirts the law based on pathetic notions such as "free speech" and "free expression." Purposely inflicting Uwe Boll on people is torture and will be punished appropriately (unlike the US treatment of suspected terrorists).

Re:No they cant. (1)

geekmux (1040042) | about 4 months ago | (#47602023)

Yes, but imagine if a terrorist changed all the in-flight movies to be Uwe Boll movies: Passengers might start jumping out of the plane!

That's nothing. I heard the in-flight Infotainment catalog includes Nickelback, which we all know is the aural equivalent of two cup chicks hosting a goatse lemon party.

Re:No they cant. (0)

Andy Dodd (701) | about 4 months ago | (#47601887)

Also not specified is whether the "hardcoded credentials" are even valid during a normal operating mode.

In many cases, avionics like this has a dedicated physically isolated service port and/or a dedicated "service mode" that can only be entered by powering on the device when a discrete is tied to ground by a special test equipment connector.

Almost surely, these vulnerabilities are either:
1) Firewalled from the passenger network (This is, however, unlikely, airgrapping/network isolation is far more likely, with the interconnection between critical and noncritical networks being, at most, a one-way feed of nav data to the noncritical network)
2) Can only affect the passenger network and are not used for flight operations
3) Require physical access to a test connector on the unit itself

Re:No they cant. (2)

LoRdTAW (99712) | about 4 months ago | (#47602311)

Here here:
In theory, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft's navigation and safety systems, Santamarta said.

So it stands that there really isnt much of a threat here. Either the journalist is confused or purposefully crafted the article so as to imply that a hacker with a wifi device can disable a planes navigation system or do worse. My money is on the latter. The reason I say that is because the two systems are indeed separate and not connected. This is why a Cobham rep said a hacker would need physical access to the planes avionics system. They (Cobham) made that distinction but the author never makes that clear.

And I remember a similar article on /. a while back about an airline entertainment system being vulnerable. I thought it was jetblue but I can't find the article at the moment. It was the same "alarming" report that turned out to be a flaw in the TV or entertainment system. The worst was people couldn't watch TV on their 6+ hour flight.

Re:No they cant. (1)

retchdog (1319261) | about 4 months ago | (#47602805)

No, the journalist just swallowed the press release verbatim. I mean, there's practically no downside to doing so, and it keeps everyone happy.

Security is a demanding field with a few "rockstars", which means there's a lot of incentive to, uh, exaggerate one's accomplishments. This guy had extended time to pick apart a piece of airplane hardware in his lab, and did so. That's all. What real-world vulnerability does this translate to? We don't know; he can't reveal them at the moment because it would be irresponsible (oh, and incidentally, might also undermine his claims. convenient, isn't this?).

Re:No they cant. (1)

houghi (78078) | about 4 months ago | (#47602977)

Well, imagine sopmebody playing pop music from some current teen 'artists' all the time during the flight without the ability to turn it off.
If that ever happens, I am sure people will storm the cockpit and fly the plane into the ground, if the pilots were not doing that already.

No, it can't. (-1)

Anonymous Coward | about 4 months ago | (#47601745)

The customer facing wifi can be hacked. But this does NOTHING to the plane at all.

Re:No, it can't. (2)

BenSchuarmer (922752) | about 4 months ago | (#47601921)

... what about the passengers? Do you honestly expect them to be able to survive a multi-minute flight with no wifi or infotainment? Oh the humanity!

"We are terrorists... shoot us down" (0)

Anonymous Coward | about 4 months ago | (#47601755)

Seems like a good route for a suicide "bomber" to take and get the fighter jets to do it all, if communications are hackable.

Hackers on a Plane. (2, Funny)

tekrat (242117) | about 4 months ago | (#47601765)

Quick, get Samuel L. Jackson on the phone.
I smell a blockbuster movie in the works!

Doubtful. (-1)

Anonymous Coward | about 4 months ago | (#47601769)

This is nothing but a publicity stunt.

If the WiFi system is not connected to the Plane (1)

Hangtime (19526) | about 4 months ago | (#47601879)

...then I don't care. Very simple question; can you get to the avionics of the plane through the WiFi? If you can that's poor system design and someone should be beaten with a wet noodle; if you can't then I don't care as the network is physically disconnected from the actual movement and functioning of the aircraft. If the best you can do is spy on the passengers of the aircraft through the WiFi or use the WiFi without paying then I don't care. Anytime I log into a flight I go encrypted through VPN as you never know what's traversing a suspect network.

The actual article and any of the other information seems to be very lacking in this sense. If all you can do is break into the WiFi, congrats you got into a Internet Cafe at 33,000 feet.

Noncence (1)

Teun (17872) | about 4 months ago | (#47601959)

The last several flights I was on you were supposed to run your device in the Airplain Mode so no WIFI.

This alone makes the whole story implausible.

Uhm yesss....

Re:Noncence (1)

Ksevio (865461) | about 4 months ago | (#47602971)

Was that a couple years ago? The FAA recently loosened restrictions on using devices including using them more of the flight and allowing wifi (cellphones still need to be in airplane mode which turns of the cell transmitter).

Re:Noncence (1)

Teun (17872) | about 4 months ago | (#47603093)

No, eight flights over the past 6 weeks, the last one Saturday.

Indeed the rules have been loosened, last year you had to switch off completely during start and landing.

But do I see a woosh?

And sorry for the c's in Nonsense.

I don't buy it (2)

TubeSteak (669689) | about 4 months ago | (#47601965)

Hughes spokeswoman Judy Blake said hardcoded credentials were "a necessary" feature for customer service. The worst a hacker could do is to disable the communication link, she said.

1. Are hardcoded credentials ever "necessary?" How about credentials that are generated on first boot and then requested by support?

2. Disabling the communications link for a piece of hardware whose sole purpose is communications... kind of a big deal.

Re: Your sig Re:I don't buy it (0)

Anonymous Coward | about 4 months ago | (#47602071)

[Fuck Beta]

Nooooooo.... my eyes they burn ..... DO NOT WANT!!!!!

Re:I don't buy it (1)

geekoid (135745) | about 4 months ago | (#47602217)

Yes..and no. IF the communication that goes down is just wi-fi, then its a problem but not a big deal when compared to taking down avionic coms.

Re:I don't buy it (0)

Anonymous Coward | about 4 months ago | (#47602399)

2. Disabling the communications link for a piece of hardware whose sole purpose is communications... kind of a big deal.

Only if said communications link is essential for flight or navigation. Neither is true in this case. Even if you where able to disrupt communications with the ground, worst case is that the flight proceeds using "lost communications" rules and is pretty much going to land safely. Believe it or not, there are contingency plans and procedures in place for this kind of thing. It's not optional because the air traffic controllers need to be watching carefully and may be limited to primary radar returns to track the aircraft, but everybody will walk away safely.

So it's NOT a big deal, it's more of a minor inconvenience.

generating default credentials (0)

Anonymous Coward | about 4 months ago | (#47602463)

Hughes spokeswoman Judy Blake said hardcoded credentials were "a necessary" feature for customer service. The worst a hacker could do is to disable the communication link, she said.

1. Are hardcoded credentials ever "necessary?" How about credentials that are generated on first boot and then requested by support?

Or ones that are based on a MAC address (which is public) HMACed with the serial number, which should only be accessible with physical access or if you already have a login. Random-ish enough so it's hard to guess, but programmatic to be practical/predicable for mass manufacturing.

I believe that's similar to how HP sets the initial account of their default iLO accounts, and it seems to have worked pretty well.

Re:I don't buy it (0)

Anonymous Coward | about 4 months ago | (#47602731)

2. Disabling the communications link for a piece of hardware whose sole purpose is communications... kind of a big deal.

Filling plant pots with concrete disables their functionality - I can no longer put plants in them. It's not that big a deal though, I can live without potted plants for an inordinate amount of time...

It's a big deal in terms of whoever's on the sales team for this bit of kit, but for the passengers it's at best a mild annoyance*.

* Assuming the reporting is correct and it only affects the isolated system...

Re:I don't buy it (1)

blueg3 (192743) | about 4 months ago | (#47603163)

Hardcoded credentials aren't necessary. What they *mean* is that the *reason* for hardcoded credentials is "support". "Necessary" here doesn't actually mean "necessary", but rather, "deemed to be the best choice". Of course, it might really be the best choice. There's certainly a cost associated with making the support more complicated. You have to weigh that against the difficulty of using the hardcoded credentials and what you can do with them. There are lots of potential tradeoff points, from "using hardcoded credentials was the stupidest choice you've ever made" to "it's technically offensive, but also the best option".

Smells of bullshit. (1)

w3woody (44457) | about 4 months ago | (#47601983)

Given the age of most aircraft in the fleet, and the age of most FAA-approved avionics, I have a hard time believing any of the avionics used in today's fleet are capable of TCP/IP communications, much less being able to hook into the in-aircraft wifi system. Most in-aircraft wifi systems I've seen are add-ons; separate systems which only tap into the airplane's power. And the only thing in the cockpit that may tie into the wifi system is the pilot's iPad.

Re:Smells of bullshit. (1)

R3d M3rcury (871886) | about 4 months ago | (#47602091)

And the only thing in the cockpit that may tie into the wifi system is the pilot's iPad.

Dun-dun-dun...

"We can't communicate with the pilots!"
"Why not?"
"Somebody hacked the WiFi network and put 'Plants vs. Zombies' on the pilots' iPads!"

Now we know what happened to MH370...

Re:Smells of bullshit. (1)

angel'o'sphere (80593) | about 4 months ago | (#47602143)

Exactly. Ot is more than impossible that a 'hacker' can access any flight system/avionics via WiFi ... they are not even connected to each other, very likely they don't even share the same power grid.
Communication between avionic components are usually done via buses with 2 wire serial connections. There are roughly two dozen protocols/technologies in use, all but 2 or three involving wires, the others glass fibers. I'm only aware of Airbus A380 using ethernet, not sure to what extend.
An overview you can find here: http://de.slideshare.net/mobil... [slideshare.net]
A plane where there is a potential access to the avionics by passengers would never fly. No regulation authority would allow that, no insurance company would insure such a plane.
Assuming otherwise is simply nonsense.

Re:Smells of bullshit. (0)

Anonymous Coward | about 4 months ago | (#47602461)

The Boeing 787 Dreamliner has special dispensation for having data networks for flight controls and passenger use connected to the same equipment. There was quite the flap over this during the flight testing and type certification process.

This is not to say there is any danger here, only that aircraft are starting to have IP networks used for a lot of stuff, some of it being flight critical equipment. And the FAA was not ready to evaluate and certify such equipment from a regulatory perspective. All they could do is issue the waver and tell the manufacturer they where responsible to make it safe.

Re:Smells of bullshit. (0)

Anonymous Coward | about 4 months ago | (#47602945)

Your right. more or less. There are a wide range of avionics and they have a variety of levels of connectivity. s Some very non critical systems 'know' TCP/IP.
  See DlTaylors post below for clarity.

Through interconnect or re-program a radio (1)

jtara (133429) | about 4 months ago | (#47601993)

The article is short on details, but, in all fairness, the paper is to be presented on Thursday and presumably the details will be forthcoming.

My guess is that there are are two possibilities here:

1. The avionics and entertainment systems are connected on the same local network, and thus if one can gain control of the entertainment system(s) on might then hack into the avionics.

Q. Why might the avionics and entertainment systems be connected? One reason I can think of is so that the entertainment system can be told to shut down or partly shut down during takeoff/landing etc. Just a guess. Plus, it's just very convenient. ;) There is probably some overall "aircraft management" system that would want to be connected to everything.

2. The entertainment systems have one or more satellite communication systems themselves. The entertainment system might use SDR (Software Defined Radio) techniques, and might be re-programmed to interfere with critical onboard communication equipment.

there IS a connection (5, Insightful)

dltaylor (7510) | about 4 months ago | (#47602105)

I used to work for one of the In-Flight Entertainment (IFE) vendors. Although their "architect" was clueless about security, some of us doing the work managed to build some into the system. With WiFi, it was harder, but, before I left, we had, at least, set up some VPNs to isolate the system control links from the cabin crew- and customer-access features (don't know if that persisted). The entire IFE did rely on hard-coded passwords, though.

There IS a connection between the IFE and aircraft systems. It is used to feed aircraft position and speed data, plus some useful state, such as wheels up/down (there are features that only enabled while in "cruise", but not during takeoff and landing, for example). The aircraft systems designers, however, seemed to have a clue about security, however, as we were only allowed a network connection to a slave server with no apparent upstream links.

Re:there IS a connection (1)

Anonymous Coward | about 4 months ago | (#47603001)

I have worked for several avionics companies on everything from autopilots to IFE. I could say lots on the subject but you have well summarized the situation. There are connections of various kinds and a LOT of scrutiny and analysis goes into making those connections secure. Avionics are their own special world full of different buses and ways of operating than most computer folks are use to. A master hacker would have no chance at all against aircraft systems unless he was also highly trained in aircraft systems and had access to the hardware. And if anyone unsavory had that access you would have bigger issues than hacking. Fly safe knowing tens of thousands of people put their best efforts into making that aircraft's systems safe and secure.

Or you could read the specs and not make crap up. (0)

Anonymous Coward | about 4 months ago | (#47602107)

Every current WiFi system is a third party after market installation that is installed after the avionics and is air-gapped.

Even if they weren't aftermarket add-ons, the avionics on these aircraft are as close to fail safe as it is humanly possible to make them. This isn't a word processor or even a commercial operating system... these systems fail and people die. The developers and managers are well aware of that. More importantly the managers and lawyers are as well. These systems are conservative and paranoid by design and are often running on embedded systems that are two or more generations behind because an unknown bug like Pentium FDIV would, again, kill people. If you even suggest tying in some commercial WiFi system you'll be lucky if they stop laughing before they kick your arse out the door.

Can you get control of someone else's laptop? Sure. If the pilot was dumb enough to connect to the WiFi with his laptop or tablet could you possible access his flight plans? Sure. Could you start playing pr0n on all the In Flight Entertainment (IFE) systems? It's possible. Could you possibly hack the WiFi system so that it would put out a signal that would jam the avionics uplink? Sure... anythings possible.

Are you going to directly hack the avionics and take over the plane? No. You're not.

Great! (1)

gatfirls (1315141) | about 4 months ago | (#47602233)

No I will have to hear endlessly about this completely misleading article from people who know nothing about avionics.

That you article writer and slashdot submitter for adding to technology hysteria.

This article is basically saying someone can hack your washing machine from your cable modem without any supporting evidence that is true.

Satellite communications? (0)

Anonymous Coward | about 4 months ago | (#47602247)

I'm no airline pilot but virtually aren't all critical aircraft communications are handled via standard radio, not satellite communications? This sounds like they've found a way to "maybe" hack the planes entertainment/sat phone systems but doesn't get anywhere near the aircraft's control/mechanical systems. And to get into even the entertainment/sat phone systems requires direct access to the hardware, which would probably involve tearing up carpet, removing panels, and/or access to the cockpit. If you can get that far you can do a whole lot directly to the planes critical systems. Sounds like some minor (that should still be addressed) issues that have no real safety impact.

.02 (1)

DaMattster (977781) | about 4 months ago | (#47602303)

It seems epically stupid that wifi access for passengers is not on a physically separate system. Something as sensitive as this should NOT be even a virtual LAN.

This is great (0)

Anonymous Coward | about 4 months ago | (#47602327)

This needs to be combined with the windowless cockpit. Hack in, set it to play video of level flight on a loop, ???, profit!

Obligatory Dilbert Comic (1)

Pollux (102520) | about 4 months ago | (#47602417)

Story reminded me of a good Dilbert comic [dilbert.com] from back in the day.

reminds me of the old cartoon (1)

serbanp (139486) | about 4 months ago | (#47602477)

Re:reminds me of the old cartoon (0)

Anonymous Coward | about 4 months ago | (#47602621)

Originally published by c't:
http://www.heise.de/ct/schlagseite/2003/1/

LOL. (1)

WindBourne (631190) | about 4 months ago | (#47602565)

Per a NUMBER of various regs, the avionics network is physically separated from anything that the passengers can touch.
IOW, not going to happen.

As to the passenger's network, oh yeaj, easy enough to crack that with time. Heck, Airbus uses Windows.

Re:LOL. (1)

AeroMed45N (919761) | about 4 months ago | (#47602675)

Define "physically separate"

That is not how I read the following FAA Special Conditions:
https://www.federalregister.go... [federalregister.gov]

This says "the design provides isolation from, or airplane electronic system security protection against, access by unauthorized sources internal to the airplane"

Re:LOL. (1)

Anonymous Coward | about 4 months ago | (#47602677)

I'm heavily involved in maintaining the Avionics and IFE onboard our aircraft. The IFE system is physically separated only in the sense that it has read only capability to the ARINC-629 avionics data bus. It can't put anything onto the bus, because the wires aren't connected. The IFE is however tied into the Passenger Service System, so the passengers can turn on their reading lights and attendant call lights, and so that video playback stops when announcements are made.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?