Aircraft Entertainment Systems Hacks Are Back (threatpost.com) 56
Reader msm1267 writes: Researchers at IOActive today disclosed vulnerabilities in Panasonic Avionics In-Flight Entertainment Systems that were reported to the manufacturer close to two years ago. The flaws could be abused to manipulate in-flight data shown to passengers, or access personal information and credit card data swiped at the seat for premium entertainment or Internet access. Given that the firmware is customizable and used by dozens airlines in hundreds of aircraft models, the researchers said it's almost impossible to determine whether the vulnerabilities no longer exist across the board. IOActive said that segmentation between aircraft control and information services that oversee avionics and operational control of a plane should isolate these vulnerabilities to passenger entertainment domains. Whether an attacker could cross those domains and affect critical avionics systems would depend on specific devices and configurations, IOActive said, given that a physical path could exist that connects those systems through satellite communications terminals that provide in-flight updates to critical systems. The concern is that whether in some configurations, IFEs would share access to these devices and provide the physical path an attacker would need to reach critical systems. As for the vulnerabilities in passenger systems, IOActive said there is a lack of authentication and encryption between an on-board server and clients at passenger seats. This could allow an attacker on board to send commands to the IFE system to manipulate what's displayed to passengers, or read payment card data swiped at seats.
Re: Scary, scary stuff. (Score:4, Informative)
Whilst I've worked with Panasonic Avionics , and they are not the info section "A" team...
The IFE systems are essentially air gapped already as a mandatory requirement by regulatory agencies - ACARS is basically an RSS feed to the IFE system and anything other than that is separate again. IFE has no in the air satellite connection on any deployments I've seen .
This is the digital equivalent of hacking a highway sign to say rude words.
Re: (Score:2)
Whilst I've worked with Panasonic Avionics , and they are not the info section "A" team...
The IFE systems are essentially air gapped already as a mandatory requirement by regulatory agencies - ACARS is basically an RSS feed to the IFE system and anything other than that is separate again. IFE has no in the air satellite connection on any deployments I've seen .
This is the digital equivalent of hacking a highway sign to say rude words.
Just because it's mandated doesn't mean engineers weren't ordered to ignore that mandate. See: Volkswagen.
That might be a little paranoid but air safety authorities don't know the meaning of the word paranoid.
However you can do a lot of damage with just a message, like sowing mass panic. If you've ever seen a stampede inside a barn you can imagine what it's like. People aren't much smarter than cows on aircraft in my experience and if they're all told the plane has been hijacked I can see mass panic s
ZOMG!!! (Score:2)
So anyone can access the _MAKE_AIRPLANE_CRASH_ API call!
Again these hacks are fun but not scary at all. the Infotainment system has NO CONNECTION tot he avionics.
Re: ZOMG!!! (Score:1)
Article says otherwise.
Re: (Score:2)
So anyone can access the _MAKE_AIRPLANE_CRASH_ API call!
Again these hacks are fun but not scary at all. the Infotainment system has NO CONNECTION tot he avionics.
You say they aren't scary. But just you wait until you're stuck in the air for 6 hours while a malicious actor plays nothing Son in Law with Pauly Shore on a loop.
Re: (Score:2)
The *REAL* terrorists will play Barney the Dinosaur on a loop.
Re: ZOMG!!! (Score:1)
Last job was at Panasonic Avionics' cross-town rival, Thales Avionics. From the many Panasonic veterans working at Thales, they mentioned our architectures were quite similar, so I will use what I know about Thales' system to make what could be a close comparison.
You have a system called ACARS, which is an ancient technology that sends data from the cockpit to the IFE system (GPS, airspeed, etc). ACARS I believe is a 1-way protocol (think of it as an RSS feed where you can subscribe for updates) The only b
Re: (Score:2)
So anyone can access the _MAKE_AIRPLANE_CRASH_ API call!
Again these hacks are fun but not scary at all. the Infotainment system has NO CONNECTION tot he avionics.
Not just that, someone who's getting into a plane - even assuming no luggage - would have to do a number of things to rig the firmware in the flight entertainment system, while preparing for anything from an hour to days long trips. Hardly the environment conducive to hacking
Download movies (Score:5, Interesting)
Re: (Score:2)
With a lot of lag and buffing. Some planes are just use your own device to get movies and stuff.
Re: (Score:2)
Lets think critcally about this statement a bit. 160 seats, and each one wants to download a movie. A screen is 480p, so we need to have bandwidth for 160 devices to download a 480p movies at any given time. Not all 160 seats are watching movie. And you think it will lag and buffer?
Re: (Score:2)
Re: (Score:2)
Re: Entertainment (Score:2)
Now, I haven't travelled on a US airline since 2000, and even then they were worse than any other I've travelled with. If they got even worse, I can certainly understand the complaints, but all I can say is perhaps people should try an airline outside the US. They might just regain some hope for air travel.
I recall seeing the list of best airlin
Not any more (Score:5, Interesting)
IOActive said that segmentation between aircraft control and information services that oversee avionics and operational control of a plane should isolate these vulnerabilities to passenger entertainment domains.
That may have been true on older models, but Boeing got an exception [federalregister.gov] to the separation rule for the 787. What's worse, the primary authentication method used to provide 'security' is a protocol that filters packets based on MAC addresses. So you can't plug your own gizmo into an avionics bus. But if you can trick the passenger entertainment units into generating bogus air data (for example), bad stuff can happen.
Re: (Score:2)
Re: (Score:2)
Boeing does not supply the IFE system
Boeing is responsible for certification of all aircraft systems. In fact, Boeing doesn't supply anything. It's all built by other vendors. But that's not an excuse for poor systems architecture.
Re: (Score:2)
Re: (Score:2)
Boeing is the one who installed the network and Boeing is the one who asked the FAA for the exception to existing rules for systems separation.
They provide customers and IFE vendors with specifications for equipment compatible with the data bus (and any other aircraft systems like power). If that data bus was isolated from the avionics buses, then Boeing could just say there was no safety problem. But that's not the case on the 787 (and perhaps older model derivatives adopting it's data bus architecture).
Re: (Score:1)
Re: (Score:1)
To my knowledge they still kept the mac/ip white listing
Correct. But the most likely attack would be to inject malicious code into the passenger entertainment system and run it there. Since that equipment is already whitelisted, the bus switch would forward it to it's destination address. The data doesn't originate from 'outside' the network.
Re: (Score:2)
Usually the FAA is very conservative on aircraft design. I'm surprised and dismayed that they would not disallow any connection between entertainment systems and avionics systems. I'm sure that they have carefully designed the firmware in any switches to prevent data from the entertainment system getting into the flight controls, but it seems difficult to prove that the firmware is free of any bugs that could allow such a connection.
The NSA was unable to prevent a very destructive hack, I have little faith
Re: (Score:1)
Usually the FAA is very conservative on aircraft design.
Regulatory capture [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
What possible justification
Cheap. We saved a whole twisted pair of wires. Woo hoo!
Sounds like I should be fine then (Score:3)
Not saying that I like it that way, just that apparently I have less to worry about as a result.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The majority of planes I fly on seldom even have electric outlets to plug in your laptop. I'm usually on the single-class (cattle-class / steerage-class) flights where nobody has anything. I'm not important enough to be on the long haul flights where people expect more than a bag of peanuts and half a can of soda.
Not saying that I like it that way, just that apparently I have less to worry about as a result.
I think you need to start flying better airlines.
Almost all long haul flights I've been on have served meals, drinks (incl alcohol) and had in seat power or at least USB ports where you could charge a mobile device. Hell, even my last flight from LHR-AMS they served a snack and a drink. The only reason that was it was because that was all they had time to do. LHR to AMS is only an hour gate to gate.
BTW, the reason they use the little cans of soda is because weight and space on an aircraft is at a prem
Re: (Score:2)
I think you need to start flying better airlines.
Better airlines are only an option if they service the airports that I fly in and out of. I used to see commercials for Korean Air all the time on TV and they left me wondering why the hell they even bothered advertising as the closest airport they served relative to my home was hundreds of miles away, and their destinations from there were all distant international locations that I don't have any reason or opportunity to visit.
If there is only one airline that flies from the airport nearest where I l
So can we drop charges on Chris Roberts already? (Score:2)
He tried to show them they were exploitable, they kicked him off a plane and charged him with a bunch of nonsense and they haven't done anything to really fix the problem.
Get him back to One World Labs where they can stop this nonsense.
Please?
Who needs Aircraft Entertainement System in (Score:2)
Instead a dorky display and a headset provide better a normal WiFi. Besides a WiFi router weighs only about 300 grams, instead of a ton of hundreds of displays, and a WiFi router costs only a couple of hundred instead of millions for this System, which later ends up in the price of our air-tickets.
Add to this the cost of additional fuel to carry these displays. Why would I want to pay for the fuel to carry these displays
Re: (Score:2)
Re: (Score:2)
You do realize that providing internet access to a device that is traveling at 300MPH+ is not exactly as simple as upgrading a WiFi access point... The WiFi system in the planes is not the problem -- it's the LMRS that either uses a point-to-point antenna or satellite system to provide internet access.
The nice thing about having those screens is that you don't have to have your laptop open all the time. Sometimes you want to just sit back and not have to juggle a laptop or ipad on your lap while everythin
Re: (Score:2)
No connection to avionics, but... (Score:3)
What about hacking the display of in-flight data to show the plane going a different direction? Maybe a message that the plane has been hijacked? No need to bring down the plane with code if you can get the passengers to break into the cockpit and do it.