Story 2015-04-23 7NYM WiFi on airplanes: good. Zero-day vulns on aircraft: bad

WiFi on airplanes: good. Zero-day vulns on aircraft: bad

in security on (#7NYM)
story imageAnyone who spends significant time on aircraft probably agrees that internet access at 30,000 feet is pretty cool. But only if the internet access system isn't stupidly tethered to other aircraft systems of critical importance.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)

— Chris Roberts (@Sidragon1) April 15, 2015
The tweet was a joke laced with sarcasm. Roberts is a veteran of the vulnerability disclosure wars, having tried for years to get Boeing and Airbus to heed warnings about security issues with their passenger communications systems. His tweet about the Engine Indicator Crew Alert System, or EICAS, was a reference to research he’d done years ago on vulnerabilities in inflight infotainment networks, vulnerabilities that could allow an attacker to access cabin controls and deploy a plane’s oxygen masks.

It was the wrong message to send. The Feds were waiting when Roberts landed in Syracuse.
Chris Roberts may be pushing buttons on purpose here, but as a security researcher, he's asking the right question about the corporate culture of disclosing and patching vulnerabilities. And the airline industry as a whole has some maturing to do with regard to this well-worn topic.
Reply 1 comments

Cheezy movie alert (Score: 0)

by Anonymous Coward on 2015-04-26 08:41 (#7V7H)

As if taking control of a navy vessel isn't bad enough...