fud, fud, fud and more fud.
This was a great PoC (proof of concept), but there are some important bits of information that seem to have been lost in the sensationalism of the story. They did not test the attack on a real aircraft with real aircraft systems. The system used to validate the exploit is a simulation version of the FMS code, this code is not the same as the code used in primary avionics systems and does not meet the DO-178 certification and the PC does not meet the DO-254 certification. The “full control” claim is not valid, there is no way to engage the autopilot from the FMS. Of course, when engaged in “managed mode” the A/C will follow the FMS.
The aviation industry has known about this particular presentation for a while now.
Other things left out of consideration are the multiple layers of the human factor that are involved in flying an airplane, such as the pilots quickly realizing something is a miss, since their printed flight plan would not match what is in the FMS. ATC would be squawking all over the place trying to determine why is the airplane deviating for its flight plan, etc.
All in all this makes for some great headlines and talking point for bobbing heads and arm chair experts and generating more business opportunities for Hugo, but that's about all
That being said, both ADS-B and ACARS could use some protocol strengthening up though.
Biting the hand that feeds IT
