Wired: A security researcher kicked off a United Airlines flight last month after tweeting about security vulnerabilities in its system had previously taken control of an airplane and caused it to briefly fly sideways, according to an application for a search warrant filed by an FBI agent.
Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states.
“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application (.pdf). “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.”
Now this seems either a lie or a perfect engineers stupidity. How did the flight system become connected to the entertainement system? Impossible, unless
But this is what the researcher claimed!
He named the manufacturing vendors:History of Researching Planes
Roberts began investigating aviation security about six years ago after he and a research colleague got hold of publicly available flight manuals and wiring diagrams for various planes. The documents showed how inflight entertainment systems one some planes were connected to the passenger satellite phone network, which included functions for operating some cabin control systems. These systems were in turn connected to the plane avionics systems. They built a test lab using demo software obtained from infotainment vendors and others in order to explore what they could to the networks.
After news broke about a report from the Government Accountability Office revealing that passenger Wi-Fi networks on some Boeing and Airbus planes could allow an attacker to gain access to avionics systems and commandeer a flight, Roberts published a Tweet that said, “Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM,? Shall we start playing with EICAS messages? ‘PASS OXYGEN ON’ Anyone?” He punctuated the tweet with a smiley face.
So, his claim is that there are stupid software engineering manager at these companies, both companies! Boeing and Airbus both have stupids? Hardly possible, but there may be a third vendor with stupidity squared.
Stay tuned.
No comments:
Post a Comment