back to article FBI alert: Get these motherf'king hackers off this motherf'king plane

The FBI is warning airlines to keep an eye out for miscreants hacking airplane computer networks mid-flight. The alert – privately circulated today by the FBI's InfraGard program – claims hackers may or may not be able to take over a plane's navigational system via the in-flight entertainment (IFE) system or public Wi-Fi …

  1. Yet Another Anonymous coward Silver badge

    Either

    You know they can be compromised - in which case pull their airworthiness certificate now and ground them all. Or they probably can't in which case why arrest the guy for suggesting they can?

    Unless of course your intention was to stop people discussing the question - but the FBI would never engage in that sort of behaviour.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Either

      This is also the same FBI that thinks North Korea hacked Sony Pictures.

      C.

      1. Anonymous Coward
        Anonymous Coward

        Re: Either

        NSA told 'em so

    2. Christoph

      Re: Either

      "Your systems can be hacked"

      Nonsense! Our systems are perfectly safe!

      "Hey, I'll hack your systems! :-)"

      Arrest that terrorist!

      1. Yet Another Anonymous coward Silver badge

        Re: Either

        They arrested a drunk guy for trying to open a door inflight - with about 5ton of air pressure on the door that is somewhat impossible.

        So presumably if you stick pins in airfix models of a plane you can be charged with terrorist attempts to destroy it with voodoo.

    3. Anonymous Coward
      Anonymous Coward

      Re: Either

      True but...

      The whole point of hacking for many people is the challenge of finding a way into a seemingly impenetrable system...no system can ever be considered to be safe forever, it's only a matter of time.

      So if someone says they found a way should you ignore them if they threaten to mess about with the EICAS?

      It worked for Jeff Goldblum in Independence day :-)

      1. Richard Taylor 2 Silver badge

        Re: Either

        And Jeff was also using a Mac (see photos)

    4. Anonymous Blowhard

      Re: Either

      "Or they probably can't in which case why arrest the guy for suggesting they can?"

      I hate the use of the word "probably" in aircraft safety statements e.g. "the plane probably won't crash" or "the in-flight meal is probably inedible", but I think the point you're trying to make is that the IFE system is either completely isolated from the flight control systems (so you're safe from in-flight hackers) or they aren't (so you're relying on some kind of network security to keep you out of gravity's cruel clutches).

      1. Yet Another Anonymous coward Silver badge

        Re: Either

        Boeing's definetly isn't isolated, the FAA statement says that they rely "on firewalls and other software devices". But is typical US/UK government fashion, you don't have them fix it - you just threaten anyone who points out the flaw.

        In fact the NTSB are probably terrorists for pointing out why planes crashed - we should arrest them.

        1. Anonymous Coward
          Anonymous Coward

          Re: Either

          What genius actually thought it would be a good idea to connect flight systems to those accessible by passengers anyway, and what possible advantage did they think existed in doing so? All the more surprising given how twitchy they get over phones etc being on during critical phases of flight.

          1. x 7

            Re: Either

            "what possible advantage did they think existed in doing so?"

            1) weight reduction

            2) fewer components = less maintenance = fewer points of failure = better reliability

      2. Trigonoceps occipitalis Silver badge

        Re: Either

        "gravity's cruel clutches" ain’t the problem, it's the edge of the air you should try to avoid.

    5. Anonymous Coward
      Anonymous Coward

      Re: Either

      Given recent events (MH370 and Germanwings Flight 9525) it looks like the real security issue could be those two front seats.

      1. VBF

        Re: Either

        Which has always been the case!

  2. Sgt_Oddball Silver badge

    oh hell....

    Just about every time I fly long haul on klm I manage to get their in-flight system to show me tux.

    Would watching the system restart be enough for them to have a fit? (sadly the controller doesn't work until the damn things fully restarted, usually after 10-15 mins of painfully slow load up messages)

    1. Phil O'Sophical Silver badge

      Re: oh hell....

      painfully slow load up messages

      Including hundreds of missing modules, undefined symbols, etc. It works after the reboot, which shows that the missing crud isn't needed anyway. I'd really hate to think that any system which was that crappily assembled and tested shared more than a power cable with the actual avionics.

      1. AdamT

        Re: oh hell....

        I used to work with someone who had formerly worked on fitting out customised private jets - "client wants a diamond encrusted plasma TV that rises out the footboard of the bed", etc. etc. I think the actually restrictions were even tougher - they couldn't even share a power cable with the avionics. Obviously at some point there must have been some interaction but the point was there had to be no feasible way that any failure of the entertainment kit could have any impact, no matter how tiny, on the actual flight systems. I think he left because jumping through all those hoops took the fun out of the "how do I diamond encrust a TV?" aspects of the job ...

  3. Kevin McMurtrie Silver badge
    WTF?

    - Witness aircraft commands traveling to passenger seat

    - Don't interfere with flight

    - Land safely

    - Joke about poor security

    - Get arrested?

    1. Sebastian A

      I think it's more of a case of

      You make us look like idiots, we'll take your stuff.

      Typical playground bully behaviour.

      1. Will Godfrey Silver badge

        Re: I think it's more of a case of

        You show people that we are idiots, we'll take your stuff.

        Typical playground bully behaviour.

        FTFY

  4. DiViDeD Silver badge

    So now we know where the TSA gets its intelligence

    I just thought it funny that this very subject (too close integration of avionics and IFS) was discussed in detail a couple of weeks ago on Off The Hook, with the general conclusion there needed to be some fieldwork done before the airlines would take notice, and Lo and Behold, fieldwork!

    Like the comment above, if these systems are really so secure, why the 4 hour interrogation? Unless of course (perish the thought!) they were built down to a price.

  5. Destroy All Monsters Silver badge
    Holmes

    Just FTW.

    The further along from 9/11 this ride with no brakes on the rape train goes, I'm increasingly going FTW.

    It started with FTW from Anthrax attacks, FTWed-out on random unmotivated attacks on Afghanistan by President El Shrub, over-FTWed when Iraq was bombed to smithereens for the 100-th time since president Klingon went full retard after enjoying his interns (by the same El Shrub), FTW²ed when colored President Bendy-Wendy-Spine blew up Libya and FTW-ed out relentlessly when ISIS finally was internationally recognized (no, wait ... am I going too fast here?)

    The sad thing is that people born in those FTW times will never have seen anything else and will think this is situation normal. As bad as being born into some kind Orwellian fantasy with added asshattery and dumbfuck stupidity.

  6. bazza Silver badge

    May or May Not...

    The alert – privately circulated today by the FBI's InfraGard program – claims hackers may or may not be able to take over a plane's navigational system via the in-flight entertainment (IFE) system or public Wi-Fi network.

    The only reason for there being any doubt in the matter is if there is some sort of electronic connection between the IFE and the flight control systems, and it relies on firewalls, protocols, etc. (and not air gaps) to prevent a hack taking place.

    The only reason that connection exists is because the manufacturers wanted to do that (and were allowed to by the regulators [FAA, CAA, etc]), because it was cheaper. Penny pinching.

    If the regulators had said no, they must be air-gapped, there would be absolutely no doubt at all. A hack would clearly be impossible via a seat IFE port.

    Instead we have a situation where no one can really say for sure whether there is a problem or not. The people charged with keeping us safe are always going to 'er' on the side of caution. Meanwhile the people who can answer the question aren't going to be allowed to do so. That's because the law enforcement guys know damned well that if the answer is yes, a hack is feasible, that knowledge will leak out. And if that happens then chaos will ensue.

    Law enforcement types might try and find the answer themselves, but they'd need a huge amount of extra resources. And they might just discover that the dreaded answer is 'yes', the knowledge that no one wants to have. And the worst is that they might never be totally sure of a 'no' answer.

    This is a totally predictable outcome stemming from a poor design choice made by manufacturers seeking to save a few dollars / euros, and it's going to cost us millions. Already has in fact. Some aged retired avionics engineer somewhere (not me) is sat at home right now feeling somewhat vindicated and smug, and contemplating phoning his old boss to say, "told you so, you prick".

    Pound foolish idiots.

  7. Paul Crawford Silver badge

    Really? I thought Boing, etc, assured us all that there is NO POSSIBILITY of in-flight systems being connected to the critical aircraft systems and thus leading to vulnerabilities.

    Are you telling me they lied about this? When are Boing, Airbus, etx, going to be arrested and prosecuted for recklessly exposing critical systems to danger?

    1. bazza Silver badge

      We (the general public) don't know for sure.

      If there were an air gap between the two systems, or a physical data diode (single fibre optic core, guaranteed one way) then it is easy to be very sure indeed. The fact that there seems to be some doubt is not encouraging...

      1. Anonymous Coward
        Anonymous Coward

        Doubt kills

        The fact that no one knows for sure is indeed disturbing. It's like saying no one really understands where all the wiring is located in a Boeing 787 or what it actually does. Not terribly re-assuring. Do they still employ full time aircraft engineers in Seattle these days or are they all working on zero hour contracts?

        Honestly, what sort of anal pore would connect an on-line entertainment system to the same physical segment as a mission critical network?

        Could it be the same jackasses who recommend companies like Boeing buy all their critical electronic components from the Dollar Store and Ali Baba?

        Dr Clueless and the Bean Counter Brigade?

        Mystery solved, and my next trip is by train.

        1. x 7

          Re: Doubt kills

          " The fact that no one knows for sure is indeed disturbing"

          The fact is that no one [i] on this forum{/i} knows. If you went to http://www.pprune.org and asked there, you'd get a definitive answer very quickly

          "and my next trip is by train"

          I suggest you rethink that.......on a modern train such as a Virgin Voyager theres one central databus which carries the train communications, passenger wifi, arrival display, tilt control, remote control for the power systems.......everything in fact. A nice tempting target.

      2. Yet Another Anonymous coward Silver badge

        But then you would need a separate GPS receiver to feed the moving map display on the seat back. These things could cost $10 - it's much easier and cheaper to just have the map display connect to the aircrafts navigation system

        1. bazza Silver badge

          But then you would need a separate GPS receiver to feed the moving map display on the seat back.

          No, all you would need is a data diode between the flight control network and the IFE system. These are fairly standard items, and generally rely on a single core of fibre optic to get a guaranteed one way flow of data (it's physically impossible to send any bytes, data or instructions back the other way). With one of those in place you can send any data you like to the IFE system, and there's no way anyone can do anything to harm the flight control system.

          There may indeed be one of these in place and the whole fuss is based on ignorance on the part of the FBI, the traveller, the hacker, etc. If that were the case it would be easy to dispel by publishing that part of the design.

          The fact that they've apparently not done so suggests that there isn't a data diode, and that there is rather more electronic connectivity than is desirable, and the safety depends on some protocols, firewalls, etc. Proving that they're correct is a near impossible task. Proving them to be inadequate is easier but "undesirable"...

          1. JeffyPoooh
            Pint

            bazza: "...generally rely on a single core of fibre optic to get a guaranteed one way flow of data (it's physically impossible to send any bytes, data or instructions back the other way)."

            If you have an LED on one side, and a phototransistor on the other, with an air gap in between, then that in itself guarantees the 'diode' unidirectionality. Unless you think that phototransistors can emit light to be detected by the LED. So what's the fibre got to do with it?

            Me thinks you are confused about the fibre bit. Some may include it if they want distance in the air gap.

            There are bulkhead mounted LED/Phototransistor devices. Fibre-free.

            1. bazza Silver badge

              @JeffyPooh,

              If you have an LED on one side, and a phototransistor on the other, with an air gap in between, then that in itself guarantees the 'diode' unidirectionality. Unless you think that phototransistors can emit light to be detected by the LED. So what's the fibre got to do with it?

              Oh, the fibre doesn't of itself provide any one way-ness, it is as you say the lack of a light emitter at the other end that gives that.

              Data diodes use a single fibre optic because that way you can get a high data rate too, and simply looking to see which end is emitting light is a convincing and unarguable test of the data diode-ness. There's also the point that you can easily implement it using standard-ish kit (eg fibre ethernet cards, or sFPDP) which is a lot cheaper than building your own through air high speed data link.

              1. JeffyPoooh
                Pint

                You just buy an optoisolator for a few cents. LED and detector in one 8-pin DIP package.

                If you need E3 isolation for some reason (in a teapot), buy the bulkhead mounted version for $20.

    2. nematoad Silver badge
      Happy

      "When are Boing, Airbus, etx..."

      Boing? Are they making aircraft now? I thought it was pogo sticks.

      You probably meant BOEING.

  8. VinceH
    WTF?

    I'm confuzzled

    If his gear was all seized, how did he tweet a photograph of it to say so? Wouldn't they have taken his phone as well?

    1. Matt Bryant Silver badge
      Facepalm

      Re: VinceH Re: I'm confuzzled

      "If his gear was all seized, how did he tweet a photograph of it to say so? Wouldn't they have taken his phone as well?" Which suggests the pic was taken in advance of what was a big baiting exercise to draw publicity. He probably had one of his mates send an anonymous tip about his "joke" just to make sure he got arrested. TBH, the sooner all the airlines blacklist and ban such idiots the better.

      1. Anonymous Coward
        Anonymous Coward

        Re: VinceH I'm confuzzled

        " Wouldn't they have taken his phone as well?"

        They did, but gave it back to him and kept everything else, (according to a news report at the time).

  9. Spaceman Spiff

    Yeah, like most people would know when a hacker was hacking a plane's infrastructure? Get real! "Attendent, that man is writing software on his laptop! Maybe he is taking over the plane controls?" Give me a break! I write software on planes all the time. Most people have no clue what I am doing. Am I trying to hack the plane? Not likely. Usually I'm trying to solve a problem for a client or my company.

    1. Anonymous Coward
      Anonymous Coward

      working on planes

      Is a sure way to get your P45/Brown Envelope in my company.

      Even talking shop is frowned upon.

      You really do not have any privacy.

      Who knows if that competeitor has an employee on the same flight?

      Could they be sitting in the row behind you?

      Could they be watching your code be entered and even tested?

      You just don't know do you? So why take the risk?

      Careless Laptop use costs jobs!

      I have garnered all sorts of information from fellow travellers. Once I used it to stop a company being screwed by a Gov Department who were revelling that they were going to force the company to make a loss on everything they sold to 'The Man'.

      What do I do on flights?

      Read, Sleep, listen to Music. Sometimes I think about the trip I'm on. Visible work? Never.

      Just be another cow/bull in cattle class.

      1. Anonymous Coward
        Anonymous Coward

        Re: working on planes

        Having worked on security-cleared contracts before this is/should be best practice. You really have no idea what's around you.

        1. Paul Smith

          Re: working on planes

          Preparing a powerpoint sales pitch with big bold key points designed for simple minded managers to read and comprehend might not be the brightest thing to do in a public place, but cutting code? Seriously? When I used to code in C it was considered cool to able able to cram as much code into as little space as possible, but even I was never able to get enough for an even a slightly non-trivial program onto the confines of a laptop screen. I think you are perhaps taking commonsense past the point of paranoia and into the realm of stupidity.

  10. seacook
    Facepalm

    Connection UNDER my seat not infront of it?

    I think I would look suspicious crawling around on the floor trying to find the correct attachment point.

    Does anyone know what adapter type may be required? Or is USB enough; not clear from the article :-)

    Ohhhh - should only be discussed in a hacker forum.

  11. Anonymous Coward
    Anonymous Coward

    To be fair...

    Whether he could hack the plane or not is irrelevant.

    If someone came on board and said he was going to blow up the plane with a bomb, you might reasonably expect a similar reaction...

    So my take on this is that as a 'security professional' this douche should know better than to make threats...

    mucking foron.

    1. Jamie Jones Silver badge

      Re: To be fair...

      He should have known that in these facist times he shouldn't have made that joke... but if you think that is a threat, you must be shitting yourself everytime you leave your cosy bed!!

      1. Anonymous Coward
        Anonymous Coward

        Re: To be fair...

        Sorry...maybe I missed something here...did he tweet "THIS IS A JOKE...IGNORE IT" or did he threaten to mess around with the oxygen?

        Is he a security expert who has been claiming for years that planes are hackable, or is he "fat bloke from the pub"?

        The guy threatened the security of the airplane..I would hope that given recent intentional crashes/disappearances that anyone over the age of 6 would realise how completely stupid this sort of behaviour is.

        Call it fascist times if you want...but if following a plane crash a tweet like that turns up and it turns out to have been ignored...what sort of comment would you post then?

        1. Steve Davies 3 Silver badge

          Re: To be fair...

          US Officialdom does not have a sense of humour. They ALL have it surgically removed when signing up for their job.

          So don't even try to make a jobe with them. It will fall flat on its face and could even lead to more charges against you.

          This is how a simple traffic stop could end up in you being killed for no good reason.

          "He argued with me by saying that he wasn't doing 37 in a 35 zone. So I took that as resisting arrest. When he didn't stop talking I shot the perp."

          "Well Bubba, that looks like another star for your patrol car door. That is a good kill."

        2. Anonymous Coward
          Anonymous Coward

          Re: To be fair...

          Call it fascist times if you want...but if following a plane crash a tweet like that turns up and it turns out to have been ignored...what sort of comment would you post then?

          I dont know about anyone else, but I'd post "Oh my god, all those poor people - what an evil person to have done that."

          I wouldnt be ranting about why officialdom overlooked a tweet.

          The bigger problem is that 99.9999% of the time it will just be a joke and the public fear of a BadThing happening means that resources will be diverted to investigate said joke. I am sure the FBI would have been better off using its agents to investigate real crimes rather than this.

          The internet (especially twitter) is not a magical place. We shouldnt shit bricks even more because someone says something on it. If I am in the pub and I say "my wife is driving me up the wall, I could kill her," I wouldnt expect this to be taken seriously so why should it be the same if I tweet this? Same with this guy. He made a tweet. Nothing happened.

          The terrorists arent just winning, they have won. They dont even need to spend 10p to terrorise people.

          1. Anonymous Coward
            Anonymous Coward

            Re: To be fair...

            If I am in the pub and I say "my wife is driving me up the wall, I could kill her," I wouldnt expect this to be taken seriously so why should it be the same if I tweet this

            What if you are loading the shotgun when you say it?

            Or maybe the dork tweeted it from his etch-a-sketch, rather than a device that has networking capabilities...

          2. Matt Bryant Silver badge
            FAIL

            Re: AC Re: To be fair...

            "....The bigger problem is that 99.9999% of the time it will just be a joke and the public fear of a BadThing happening means that resources will be diverted to investigate said joke....." In your rush to righteous rage you seem to have overlooked the deterrent effect - by slapping this idiot hard they dissuade other idiots from following in his footsteps, actually saving time, resources and money in the long run.

    2. chivo243 Silver badge

      Re: To be fair...

      Two rules to live by:

      1. Never shout fire in a crowded theater.

      2. Never say there is a virus on the network.

      1. hplasm
        Happy

        Re: To be fair...

        "Two rules to live by:"

        What if there IS a virus on the network?

        Or do you mean 'Don't say it 3 times' sort of thing?

        1. chivo243 Silver badge

          Re: To be fair...

          @hplasm

          "What if there IS a virus on the network?"

          If there is, don't say it in a crowded theater!

  12. PhilipN Silver badge

    Great idea

    Must have been aired extensively elsewhere but having access through the back door, or even the front door, would allow tracking of aircraft gone AWOL and preventing them from crashing into the Indian Ocean (or wherever).

    No?

    Oh.

  13. Mark 85 Silver badge

    Ah... Paranoia running rampant again...

    Ok. maybe not real paranoia but the attempt to instill paranoia into the traveling public. And why? Is this theatre where they can say "oh.. everyone is feeling warm and safe"? or control? I suspect both... they'll make you feel a bit paranoid, then warm and safe... all the while controlling your very thought processes. DHS caught on real fast with the "no jokes" rule at the security checkpoints and their theatre of water bottles, strip searching babies and old people, etc. Checking through is rather somber affair and how can one not feel safe with steely eyed contractors keeping a watchful eye on everyone...?

    I think the FBI knows which aircraft are insecure. I also suspect that there's some fair amount of discussion going on behind the scenes with aircraft companies and probably the carriers. It's obvious that there's much more going on than being revealed just because a bulletin was issued.

    Which, upon introspection, makes wonder about the timing... the Patriot Act is coming up for renewal. Is this part of the effort to get the public to demand it's approval?

    Ah.. Washington, the seat of power games and money games.... power and control.

  14. x 7

    my understanding has always been that the comms databus is shared. No airgaps. The worst is feasible.

    Same applies to modern trains e.g the Virgin Pendolinos. Theoretically if anyone could bypass the firewalls they could control the train

    1. Jamie Jones Silver badge
      Facepalm

      It's times like these I feel ashamed to be human!

    2. Paul Hovnanian Silver badge
      Boffin

      "the comms databus is shared."

      I'm not certain if this is the case on the 737-800 (Roberts' plane). But in the case of the 787, Boeing asked the FAA on a ruling regarding just this configuration. Here it is.

      Aircraft use a special implementation of Ethernet for avionics communications, AFDX. This network can reject data packets from hardware not programmed into its routers static MAC address table. However, there remains a danger in that someone might find a way to upload malicious code into a passenger facing device (the in-flight entertainment system, for example). This could then talk on the AFDX bus, given that the data originates from an 'approved' piece of hardware.

      The likelyhood of some basement dwelling hacker managing to get this far and inject anything other then garbage into an avionics subsystem is vanishingly small. However, what with nationally sponsored hacking (Stuxnet, for example), it is entirely possible that a well funded hacker group could invest a few million dollars into an avionics test bench and buld something workable.

      1. bazza Silver badge

        I'm not certain if this is the case on the 737-800 (Roberts' plane). But in the case of the 787, Boeing asked the FAA on a ruling regarding just this configuration. Here it is.

        That was an interesting read.

        Some of the exchanges between Airbus and the FAA are probably due to the fact that it is hard to be unambiguous in English, and easy to be unambiguous in French (so linguistic scientists say...). Same for Russian and German. It shows up in their engineering; it's easy to convey meaning correctly, whereas it isn't easy in English. Incidentally that's why we have (in the UK at least) lawyer-speak, a special variety of English that is unambiguous but hard for non-lawyers to understand...

        Also Airbus's comment about the FAA's requirement referring to a solution is fair. Requirements should never, ever do that!

        I can see why they'd want to share the satcomm terminal between the two/three different types of system. But in this day and age it would make sense to have two separate terminals for safety and for upgradeability.

        1. Irony Deficient Silver badge

          conveying meaning in English

          bazza, lawyer-speak also exists in the US. My understanding* of one example here is that “includes” in our legalese means “includes only” in colloquial English, so a sentence like “For the purposes of this act, vehicles includes bicycles.” would mean that only bicycles would be considered vehicles in that legislation; all other types of vehicles would be excluded from its measures.

          * — That of a layman with no legal education, so caveat lector.

      2. Dan 55 Silver badge
        Facepalm

        "Aircraft use a special implementation of Ethernet for avionics communications, AFDX. This network can reject data packets from hardware not programmed into its routers static MAC address table."

        Oh sweet baby bejeebus, it's no more secure than my home router.

      3. John Brown (no body) Silver badge

        "However, what with nationally sponsored hacking"

        Exactly. Why would some lone "terrorist" even attempt to "hack" an aircraft through the IFES when it's not publicly known if it's even possible. A state sponsored terrorist on the other hand wouldn't need to be a "hacker". S/He'd be getting on board with a device already configured and set up to do it for him, only requiring him to memorise some fairly simple process if it's at all possible. And if it is possible, state actors won't have all that much trouble obtaining an aircraft of the right type from their national airline or similar to "play" with in a maintenance hanger.

        IF it's possible, I'd bet money on the US, Russia and China already having the ability. I rather suspect it's not actually possible.

  15. Anonymous Coward
    Anonymous Coward

    Earth to Security Moron - get off Twitter

    If you really are a 'security researcher', hacker, or in any way, shape, or form associated with the fields of computer security, it should be obvious by now that you are on the radar of a lot of very powerful entities. Using Twitter to promote yourself is dumb. Using Twitter to taunt the 'national security' establishment is really dumb. Making the equivalent of bomb threats on Twitter while on the plane - moronic.

    Remember the guy that woke up dead before giving his speech at BlackHat on hacking medical devices? This is serious business, take yourselves seriously, if not for your own sake, for that of the people trying to keep our work from being flat out ruled illegal.

  16. Florida1920
    Pirate

    Don't believe what you see

    No, Captain, we're not being hijacked. Someone just hacked the in-flight movie into our HUDs.

  17. Tromos

    I've been on several flights that display flight data (ground speed, altitude, outside air temperature, etc.) on the entertainment screens. Anyone know if these are coming from the same sensors providing the pilot/auto-pilot with their info, or are they separate air-gapped sensors? I suspect they are from the actual flight sensors (probably the auxiliary set) and they are hopefully optically isolated to prevent anything coming back from the entertainment system. It isn't hacking that is the threat, it is more likely to be some idiot feeding large voltages back down the headphone sockets.

  18. Jason Hindle Silver badge

    Would aircraft system designers really do this?

    Have an IFE or public WiFi system actually connected to navigational systems? That would be the earthly equivalent of designing a gigantic space battle station, the size of a small moon, with an unprotected exhaust vent in a straight line to the core....

    1. Richard Taylor 2 Silver badge

      Re: Would aircraft system designers really do this?

      If it was good enough for Darth....

  19. jake Silver badge

    As I've been saying for decades (and making a living doing) ...

    SCADA should always be air-gapped away from folks not cleared to access same.

    The Auto industry refuses to listen. Apparently, so has the Aircraft industry.

  20. Herby

    Black Hat session topic?

    Get Boeing to sponsor it and allow researchers try to do something fancy. They don't even need to fly the plane, just do "something weird" to the navigation net.

    As any good security guy knows that physical separation is best. The only thing that MIGHT be connected is a power supply (if they are smart!).

    This should be found out quickly. Point fingers unfounded is a useless exercise, which is happening now.

    Me? Only worried that the screens will go blank at the "good parts" of the movie.

    p.s. There is always the circuit breaker!

  21. John Miles

    reminds me of this cartoon

    link

    1. This post has been deleted by its author

  22. Anonymous Coward
    Anonymous Coward

    A little suggestion..

    I know it may be a novel idea, but would it not be clever to consult some competent people before you construct airline kit? People who would have told you that you can actually have SEPARATE networks, and made you aware of defence mechanisms that have existed for quite some time?

    Would that not be a better idea than to start watching anyone who dares pulling out a laptop or a smartphone during the flight (because that really is the result - hackers can wear suits too, they don't all look like Stallman clones).

    I mean, securing the airport is also not done by sending away dodgy looking people or those that ask legitimate questions, it's done by analysing the threat and fit locks, doors and surveillance accordingly.

    What I find astonishing is that these people are actually listened to when it comes to going medieval on someone making a joke, but nobody seems to be able to exercise some sanity (OK< maybe they do, but I'd like to hear of that then too, less sensational as that may be). This is not the Rise Of The Machines, is's the Rise Of The Terminal Idiots, and it does not do one iota for our so-called safety as the real threat can probably calmly wander around the fracas while everyone is distracted..

  23. SolidSquid

    Why on earth do they have the public/customer wifi on the same network as the actual plane systems? Surely it can't be that difficult to run one network for customers to get their wifi and a second which is purely for official stuff and locked down to anyone not an employee?

    1. Will Godfrey Silver badge
  24. Benjol

    The real story

    As Schneier pointed out, isn't the real story/question here how come the FBI picked up on his tweet?

    1. Dan 55 Silver badge
      Black Helicopters

      Re: The real story

      Alarms probably went off somewhere as soon as he booked a flight, what with him being being a security researcher and all.

  25. JaitcH
    Happy

    In reality this latest incident is ...

    an upscale version of "swatting" -- when a anti-social person fakes a real life emergency situation so serious it requires the SWAT team - except soon United will be flying empty.

    Lousy airline anyway.

  26. Anonymous Coward
    Anonymous Coward

    It's amazing

    Some people are clueless. Why on earth would you tweet something as ignorant as Robert's did while aboard a flight? Talk about an ass clown, this guy wins the award of the day. With any luck he will be banned from all airlines. That will teach the moron that there is a cost for his ignorance.

  27. Stevie Silver badge

    Bah!

    Chris Roberts was a twit for sending that message. Security people have no sense of humor and this "joke" wasn't particularly funny to start with.

    Airliner manufacturers are twits for making the plane control gubbins be on the same network as the passengers.

    And the way to stop armed hijackers invading the cockpit is to not have access from the cabin to the cockpit in the first place.

    Why are any of these hard to understand?

  28. Anonymous Coward
    Anonymous Coward

    Beware

    Of passengers on the wings during flight attempting to plug cables in.

  29. chivo243 Silver badge
    Facepalm

    Why?

    Is there such important connections in the passenger cabin? And why are they active during a flight? Surely any need for such connections would be when the plane is on the ground for maintenance and not in the air?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021