>According to the FBI affidavit, however, when he mentioned this to agents last February he told them that he also had briefly commandeered a plane during one of those flights.
So he admitted to a federal felony, lol. That's even beyond simple FAFO.
>“It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others.”
"Anything you say can and will be used against you", which is why you Don't Talk To The Police.
Wow, that guy sounds like a total idiot. I was shocked to read how brazen his actions were and if it’s true he commandeered control over the plane and made it list to the side as stated in the article, he belongs in jail.
wow, I came here to comment that of course passengers can't hack an airplane, at least in the sense of taking control of it, because there's no way that anyone with half a brain wouldn't have an absolute air gap between the passenger facing systems and the flight control systems.
>> What’s the worst that could happen? Bad press coverage?
A flashed bomb threat. Flight doesn't take off, or is diverted to an alternate airfield, or otherwise misses its connection. That sort of thing can quickly cascade into six or seven cost figures. A widespread attack across a fleet could be crippling, at least the first time it happens.
Right, but if the perpetrator has to be on board, they run a pretty big risk of getting caught for a serious crime. While I imagine a called-in threat can have a similar effect, with much less risk.
My wife shared a tiktok with me last year, which was clips of an American Airlines flight, Airbus Plane, and someone had "hijacked" the speaker system. I combed the Airbus manuals and maintaince PDFs and found that those planes have several exposed compact flash ports for "pre-flight audio". I hypothesized that either the copilot lost a bet or someone slipped a pre-recorded track into one of those slots... /shrug, but Im still interested in those CF card slots...
Wow. Given the amount of things that can be done with audio networking, and or connections via wireless to a CF card, this seems like something that should be considered.
Funny enough something like four months before that incident, the CEO of a cybersecurity firm that sounds like Kerberos reached out directly to American's CEO with a bullshit story that his personal laptop was hacked while onboard a flight.
He was claiming all sorts of vague nonsense like sites rendering in Chinese or something and a flight attendant making him clear his history or something; I don't remember specifics but it read like bad copypasta and is quite possibly the stupidest case I've ever worked.
He could not have been any more unhelpful with the investigation had he pissed directly into my eyes and called me blind. I wrote him off as a crank trying to drive business through FUD when we asked for his MAC address with the wifi vendor's AP logs in-hand. He gave us the MAC for his VPN adapter and ignored further questions. He provided so little usable information altogether I could never confirm whether he was even on that flight in the first place, much less connected to the AP and doing whatever the hell else supposedly transpired.
Maybe coincidental that American's PA system gets taken over a few months later, with similar nonsensical circumstances-- it's not an obvious prank or tampering, which would get someone like me called in again looking for shenanigans. Instead, aircraft engineers looked at it from a mechanical failure angle.
However, I’m surprised they don’t protect us more against hacked phones. When each iPhone is 4,000mAh, it could cause quite a fire, let alone entire laptops.
Is the entire security theater based on the trust that terrorists won’t short-circuit batteries?
The passenger entertainment system typically displays some information related to flight location, speed, altitude, ETA and so on. Where does that info come from ? If it does come from the "Aircraft Control Domain, or ACD" then these two systems are probably not "completely isolated" as claimed in the article?
> Where does that info come from ? If it does come from the "Aircraft Control Domain, or ACD" then these two systems are probably not "completely isolated" as claimed in the article?
You are indeed right, there is a connection to the BUS that shares some information. You can also write back some of the information(flight number, flight leg etc.) back to it. However, rest of the things are read-only. So, no way to do weird things like modifying the altitude or ground speed etc.
Basically, the main computer is completely isolated from the infotainment system, except for the BUS emitting these minor information.
You can however, probably get near the main computer if you can get the jump seat ...
This article has some of the most frustrating uses of quotations I’ve seen: they’re placed right beside the paragraph they quote and they are exactly the same as the paragraph, so it’s forcing you to read the same thing multiple times.
Everyone is dismissing the headline as clickbait. The interesting part is the discussion on Electronic Flight Bags and their security. Seems like a gap.
Some years ago I was on a Lauder Air flight and somehow unintentionally crashed out the in-flight entertainment system when switching channels, fiddling with the buttons or such and ended up with the OS command prompt.
Not exactly life-threatening but it ought not to have happened.
I would add one more thing about hacking IN an airplane (not "a plane"): with the chat app included in many flights you can scam people and do other kind of funny things interacting between unknown people in the flight.
> The airplane networks are very carefully segregated. You have a bit in the cabin that’s called the Passenger Information Entertainment Services Domain. That’s completely isolated from what we call the Aircraft Control Domain, or ACD.
Seems to raise the question of where the nearest connection to the ACD is, from the passenger cabin.
No it's not, granted the headline makes it sound scarier than the reality.
> we did find ways to compromise the in-flight entertainment systems. But one of the limitations of our research is that the airplanes that are being retired – they’re the old ones. One of the systems we were working on was 27 years old. It was running Windows NT 4.0.
> We also discovered vulnerabilities in some of the apps, which meant if someone had compromised one of these tablets, they could mess around with the calculations [that] tell the pilot how much power they need
> the first vulnerability we found, Boeing came back to us within 24 hours and said, “We agree with you"
[+] [-] sbarre|2 years ago|reply
https://www.wired.com/2015/05/feds-say-banned-researcher-com...
[+] [-] ThePowerOfFuet|2 years ago|reply
>According to the FBI affidavit, however, when he mentioned this to agents last February he told them that he also had briefly commandeered a plane during one of those flights.
So he admitted to a federal felony, lol. That's even beyond simple FAFO.
>“It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others.”
"Anything you say can and will be used against you", which is why you Don't Talk To The Police.
https://youtube.com/watch?v=d-7o9xYp7eE
[+] [-] replwoacause|2 years ago|reply
[+] [-] simg|2 years ago|reply
still not sure I believe it!
[+] [-] maxbond|2 years ago|reply
[deleted]
[+] [-] sandworm101|2 years ago|reply
A flashed bomb threat. Flight doesn't take off, or is diverted to an alternate airfield, or otherwise misses its connection. That sort of thing can quickly cascade into six or seven cost figures. A widespread attack across a fleet could be crippling, at least the first time it happens.
[+] [-] svantana|2 years ago|reply
[+] [-] spacecadet|2 years ago|reply
[+] [-] gloyoyo|2 years ago|reply
[+] [-] jstarfish|2 years ago|reply
He was claiming all sorts of vague nonsense like sites rendering in Chinese or something and a flight attendant making him clear his history or something; I don't remember specifics but it read like bad copypasta and is quite possibly the stupidest case I've ever worked.
He could not have been any more unhelpful with the investigation had he pissed directly into my eyes and called me blind. I wrote him off as a crank trying to drive business through FUD when we asked for his MAC address with the wifi vendor's AP logs in-hand. He gave us the MAC for his VPN adapter and ignored further questions. He provided so little usable information altogether I could never confirm whether he was even on that flight in the first place, much less connected to the AP and doing whatever the hell else supposedly transpired.
Maybe coincidental that American's PA system gets taken over a few months later, with similar nonsensical circumstances-- it's not an obvious prank or tampering, which would get someone like me called in again looking for shenanigans. Instead, aircraft engineers looked at it from a mechanical failure angle.
[+] [-] grammers|2 years ago|reply
> Can a passenger hack the airplane from their seat? They can’t.
[+] [-] tempotemporary|2 years ago|reply
[+] [-] chrisfosterelli|2 years ago|reply
[+] [-] eastbound|2 years ago|reply
Is the entire security theater based on the trust that terrorists won’t short-circuit batteries?
[+] [-] dagurp|2 years ago|reply
[+] [-] mrabcx|2 years ago|reply
[+] [-] n_ary|2 years ago|reply
You are indeed right, there is a connection to the BUS that shares some information. You can also write back some of the information(flight number, flight leg etc.) back to it. However, rest of the things are read-only. So, no way to do weird things like modifying the altitude or ground speed etc.
Basically, the main computer is completely isolated from the infotainment system, except for the BUS emitting these minor information.
You can however, probably get near the main computer if you can get the jump seat ...
Disclaimer: Work in aviation tech.
[+] [-] amelius|2 years ago|reply
[+] [-] mschuster91|2 years ago|reply
[+] [-] sva_|2 years ago|reply
[+] [-] tyingq|2 years ago|reply
https://www.flightaware.com/live/flight/random
[+] [-] kylebenzle|2 years ago|reply
[+] [-] dom96|2 years ago|reply
[+] [-] averageRoyalty|2 years ago|reply
Who is this possibly for?
[+] [-] exegete|2 years ago|reply
[+] [-] hilbert42|2 years ago|reply
Not exactly life-threatening but it ought not to have happened.
[+] [-] wslh|2 years ago|reply
Have done pranks to my family there.
[+] [-] photoGrant|2 years ago|reply
[+] [-] cantSpellSober|2 years ago|reply
[+] [-] cjbprime|2 years ago|reply
Seems to raise the question of where the nearest connection to the ACD is, from the passenger cabin.
[+] [-] usrbinbash|2 years ago|reply
[+] [-] cantSpellSober|2 years ago|reply
> we did find ways to compromise the in-flight entertainment systems. But one of the limitations of our research is that the airplanes that are being retired – they’re the old ones. One of the systems we were working on was 27 years old. It was running Windows NT 4.0.
> We also discovered vulnerabilities in some of the apps, which meant if someone had compromised one of these tablets, they could mess around with the calculations [that] tell the pilot how much power they need
> the first vulnerability we found, Boeing came back to us within 24 hours and said, “We agree with you"
[+] [-] coolThingsFirst|2 years ago|reply
[+] [-] cantSpellSober|2 years ago|reply
> Some of them had [PINs] as simple as four zeros. Some of them had the pilot’s birthdate as the PIN, which obviously you can get from open sources.
[+] [-] wombat-man|2 years ago|reply
[+] [-] flemhans|2 years ago|reply
[+] [-] seeknotfind|2 years ago|reply
[+] [-] tycho-newman|2 years ago|reply