Monday, 14 November 2011

How to hack a plane

This plane is powered by UNIX
You would hope that the passenger entertainment systems on aircraft were not connected to the systems controlling the engines.

You might imagine that passengers would have no way to re-tune the engines in-flight, from the comfort of their seat.

You might not want to read on.

Security risk assessor Craig S. Wright claims to have audited the security of a Boeing 747 aeroplane and found it possible to access the engine control systems via the video over IP entertainment system.
"They had added a new video system that ran over IP. They segregated this from the control systems using layer 2 - VLANs. We managed to break the VLANs and access other systems and with source routing could access the Engine management systems."
Wright further claims that Boeing dismissed his findings with the statement, "the engine management system is out of scope [for the test]."

That's all right then. If the test doesn't allow breaching of the engine management system then the problem presumably doesn't (officially) exist...

Postscript: I was so tempted to tag this post with the 'Protection in the cloud' label.