Avionics News November 2015 - 42
industry CAN YOUR AVIONICS BE S T O R Y NO, DESPITE WELL-PUBLICIZED ATTEMPTS. AND BOTH THE FAA AND INDUSTRY ARE TAKING STEPS TO ENSURE THINGS STAY THAT WAY. 42 avionics news * november 2015 B Y J O S E P H E . ( J E B ) B U R N S I D E ews articles in April told about a computer security researcher who tweeted from the cabin of a United Airlines Boeing 737, in part, "Shall we start playing with EICAS messages?" The researcher, Chris Roberts, is founder and chief technology officer of One World Labs, a security research firm, and his tweet unsurprisingly piqued the Federal Bureau of Investigation's interest. He was taken off a subsequent flight later the same day and interviewed, his computer equipment retained. According to the FBI's warrant to search his computer gear, Roberts maintained he has "compromised" an aircraft's in-flight entertainment system "approximately 15 to 20 times" between 2011 and 2014. Also in April, the U.S. Government Accountability Office reported that connections between the Internet and modern aircraft "can potentially provide unauthorized remote access to aircraft avionics systems." According to the GAO, "Historically, aircraft in flight and their avionics systems used for flight guidance and control functioned as isolated and self-contained units, which protected their avionics systems from remote attack. However, according to the FAA and experts we spoke to, IP (Internet protocol) networking may allow an attacker to gain remote access to avionics systems and compromise them." April's events were complemented in July when two computer hackers, Charlie Miller and Chris Valasek, demonstrated their ability to access a modern Jeep Cherokee's systems remotely. Through the vehicle's cellular data connection while it was being driven, the pair reportedly were able to adjust the Jeep's air conditioning settings, turn the radio to full volume and squirt fluid onto the windshield, along with other mischief. They also were able to remotely track a randomly targeted vehicle's GPS position and its speed, and record its route plus its IP address, all of which was performed through the vehicle's cellular-based Uconnect infotainment system. Fiat Chrysler Automobiles, the Jeep's manufacturer, recalled at least 1.4 million vehicles for software updates, which reportedly have resolved the system's vulnerability. Since April, Chris Roberts' exploits have been widely dissected, with most observers