Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security

Aircraft Entertainment Systems Hacks Are Back (threatpost.com) 56

Reader msm1267 writes: Researchers at IOActive today disclosed vulnerabilities in Panasonic Avionics In-Flight Entertainment Systems that were reported to the manufacturer close to two years ago. The flaws could be abused to manipulate in-flight data shown to passengers, or access personal information and credit card data swiped at the seat for premium entertainment or Internet access. Given that the firmware is customizable and used by dozens airlines in hundreds of aircraft models, the researchers said it's almost impossible to determine whether the vulnerabilities no longer exist across the board. IOActive said that segmentation between aircraft control and information services that oversee avionics and operational control of a plane should isolate these vulnerabilities to passenger entertainment domains. Whether an attacker could cross those domains and affect critical avionics systems would depend on specific devices and configurations, IOActive said, given that a physical path could exist that connects those systems through satellite communications terminals that provide in-flight updates to critical systems. The concern is that whether in some configurations, IFEs would share access to these devices and provide the physical path an attacker would need to reach critical systems. As for the vulnerabilities in passenger systems, IOActive said there is a lack of authentication and encryption between an on-board server and clients at passenger seats. This could allow an attacker on board to send commands to the IFE system to manipulate what's displayed to passengers, or read payment card data swiped at seats.
This discussion has been archived. No new comments can be posted.

Aircraft Entertainment Systems Hacks Are Back

Comments Filter:
  • So anyone can access the _MAKE_AIRPLANE_CRASH_ API call!

    Again these hacks are fun but not scary at all. the Infotainment system has NO CONNECTION tot he avionics.

    • So anyone can access the _MAKE_AIRPLANE_CRASH_ API call!

      Again these hacks are fun but not scary at all. the Infotainment system has NO CONNECTION tot he avionics.

      You say they aren't scary. But just you wait until you're stuck in the air for 6 hours while a malicious actor plays nothing Son in Law with Pauly Shore on a loop.

    • by Anonymous Coward

      Last job was at Panasonic Avionics' cross-town rival, Thales Avionics. From the many Panasonic veterans working at Thales, they mentioned our architectures were quite similar, so I will use what I know about Thales' system to make what could be a close comparison.

      You have a system called ACARS, which is an ancient technology that sends data from the cockpit to the IFE system (GPS, airspeed, etc). ACARS I believe is a 1-way protocol (think of it as an RSS feed where you can subscribe for updates) The only b

    • So anyone can access the _MAKE_AIRPLANE_CRASH_ API call!

      Again these hacks are fun but not scary at all. the Infotainment system has NO CONNECTION tot he avionics.

      Not just that, someone who's getting into a plane - even assuming no luggage - would have to do a number of things to rig the firmware in the flight entertainment system, while preparing for anything from an hour to days long trips. Hardly the environment conducive to hacking

  • Download movies (Score:5, Interesting)

    by PRMan ( 959735 ) on Tuesday December 20, 2016 @01:30PM (#53524131)
    With the way a lot of these plane systems work these days, it could be a way to download a lot of "free" movies and music.
    • With a lot of lag and buffing. Some planes are just use your own device to get movies and stuff.

      • by dknj ( 441802 )

        Lets think critcally about this statement a bit. 160 seats, and each one wants to download a movie. A screen is 480p, so we need to have bandwidth for 160 devices to download a 480p movies at any given time. Not all 160 seats are watching movie. And you think it will lag and buffer?

        • by jrumney ( 197329 )
          Some systems seem to manage the bandwidth and disc access by giving you a copy of someone else's stream if they are already watching the movie you select. Many users will just watch the movie from part way through instead of rewinding it to the beginning (which will force the streams to split), so they can cheap out on the resources a bit. Basically they are taking advantage of their users' fear of technology and the fact that at least half the airplane has enough trouble selecting a movie, and isn't goin
  • Not any more (Score:5, Interesting)

    by PPH ( 736903 ) on Tuesday December 20, 2016 @01:43PM (#53524253)

    IOActive said that segmentation between aircraft control and information services that oversee avionics and operational control of a plane should isolate these vulnerabilities to passenger entertainment domains.

    That may have been true on older models, but Boeing got an exception [federalregister.gov] to the separation rule for the 787. What's worse, the primary authentication method used to provide 'security' is a protocol that filters packets based on MAC addresses. So you can't plug your own gizmo into an avionics bus. But if you can trick the passenger entertainment units into generating bogus air data (for example), bad stuff can happen.

    • As even the summary pointed out, Boeing does not supply the IFE system or even deliver the craft with seats installed. IFE is done by vendors like Rockwell and Panasonic.
      • by PPH ( 736903 )

        Boeing does not supply the IFE system

        Boeing is responsible for certification of all aircraft systems. In fact, Boeing doesn't supply anything. It's all built by other vendors. But that's not an excuse for poor systems architecture.

        • Air frame makes to not certify IFE. Believe it or not, IFE type approval for each configuration (e.g., 747-400 with xyz Boeing supplied options options and abc non-Boeing certified options) is typically owned by the airline or leasing company. If another airline has that exact configuration then they can piggy back on that cert.
          • by PPH ( 736903 )

            Boeing is the one who installed the network and Boeing is the one who asked the FAA for the exception to existing rules for systems separation.

            They provide customers and IFE vendors with specifications for equipment compatible with the data bus (and any other aircraft systems like power). If that data bus was isolated from the avionics buses, then Boeing could just say there was no safety problem. But that's not the case on the 787 (and perhaps older model derivatives adopting it's data bus architecture).

    • by Anonymous Coward
      Not exactly, there's other means than pure physical separation. The switches are not wide open, they are configured to allow specific traffic on specific VLs from and to specific IPs connected to specific switch inputs. You would have to modify the switch configuration and/or change the physical routing of the wiring to make that happen if the unit was not the "normal" sender of that data. You wont be able to spoof an ADAHRS as an IFE, it will get rejected by the switch, as it's not in the allowed message r
    • Usually the FAA is very conservative on aircraft design. I'm surprised and dismayed that they would not disallow any connection between entertainment systems and avionics systems. I'm sure that they have carefully designed the firmware in any switches to prevent data from the entertainment system getting into the flight controls, but it seems difficult to prove that the firmware is free of any bugs that could allow such a connection.

      The NSA was unable to prevent a very destructive hack, I have little faith

    • Comment removed based on user account deletion
      • by PPH ( 736903 )

        What possible justification

        Cheap. We saved a whole twisted pair of wires. Woo hoo!

  • The majority of planes I fly on seldom even have electric outlets to plug in your laptop. I'm usually on the single-class (cattle-class / steerage-class) flights where nobody has anything. I'm not important enough to be on the long haul flights where people expect more than a bag of peanuts and half a can of soda.

    Not saying that I like it that way, just that apparently I have less to worry about as a result.
    • by jrumney ( 197329 )
      You get half a can of soda? I get 50ml of orange "juice" spilt in my lap, to go with the bag of peanut crumbs.
      • by jrumney ( 197329 )
        And the 30 minute flight to the nearest international hub invariably has the latest high tech entertainment system with a vast selection of feature-length movies to choose from (if you bring your own headphones, as they don't supply them on short haul flights), while the 8 hour flight I change onto has a cathode ray tube to bump your head on every 4 rows.
    • by mjwx ( 966435 )

      The majority of planes I fly on seldom even have electric outlets to plug in your laptop. I'm usually on the single-class (cattle-class / steerage-class) flights where nobody has anything. I'm not important enough to be on the long haul flights where people expect more than a bag of peanuts and half a can of soda.

      Not saying that I like it that way, just that apparently I have less to worry about as a result.

      I think you need to start flying better airlines.

      Almost all long haul flights I've been on have served meals, drinks (incl alcohol) and had in seat power or at least USB ports where you could charge a mobile device. Hell, even my last flight from LHR-AMS they served a snack and a drink. The only reason that was it was because that was all they had time to do. LHR to AMS is only an hour gate to gate.

      BTW, the reason they use the little cans of soda is because weight and space on an aircraft is at a prem

      • I think you need to start flying better airlines.

        Better airlines are only an option if they service the airports that I fly in and out of. I used to see commercials for Korean Air all the time on TV and they left me wondering why the hell they even bothered advertising as the closest airport they served relative to my home was hundreds of miles away, and their destinations from there were all distant international locations that I don't have any reason or opportunity to visit.

        If there is only one airline that flies from the airport nearest where I l

  • He tried to show them they were exploitable, they kicked him off a plane and charged him with a bunch of nonsense and they haven't done anything to really fix the problem.

    Get him back to One World Labs where they can stop this nonsense.

    Please?

  • the 21st century in the first place? I have my notebook and my smartphone with me.

    Instead a dorky display and a headset provide better a normal WiFi. Besides a WiFi router weighs only about 300 grams, instead of a ton of hundreds of displays, and a WiFi router costs only a couple of hundred instead of millions for this System, which later ends up in the price of our air-tickets.

    Add to this the cost of additional fuel to carry these displays. Why would I want to pay for the fuel to carry these displays
    • by quetwo ( 1203948 )

      You do realize that providing internet access to a device that is traveling at 300MPH+ is not exactly as simple as upgrading a WiFi access point... The WiFi system in the planes is not the problem -- it's the LMRS that either uses a point-to-point antenna or satellite system to provide internet access.

      The nice thing about having those screens is that you don't have to have your laptop open all the time. Sometimes you want to just sit back and not have to juggle a laptop or ipad on your lap while everythin

      • by pnutjam ( 523990 )
        The planes should just mirror the internet to a local drive. They can rsync it all down while they are fueling. ;)
  • by Megahard ( 1053072 ) on Tuesday December 20, 2016 @06:07PM (#53526577)

    What about hacking the display of in-flight data to show the plane going a different direction? Maybe a message that the plane has been hijacked? No need to bring down the plane with code if you can get the passengers to break into the cockpit and do it.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...