Avionics News November 2015 - 42
CAN YOUR AVIONICS BE
S T O R Y
AND BOTH THE FAA AND
INDUSTRY ARE TAKING
STEPS TO ENSURE
THINGS STAY THAT WAY.
J O S E P H
( J E B )
B U R N S I D E
ews articles in April told about a computer security researcher who tweeted from the cabin of a United Airlines Boeing 737, in part, "Shall we start
playing with EICAS messages?" The researcher, Chris Roberts, is founder
and chief technology officer of One World Labs, a security research firm, and his tweet
unsurprisingly piqued the Federal Bureau of Investigation's interest. He was taken off a
subsequent flight later the same day and interviewed, his computer equipment retained.
According to the FBI's warrant to search his computer gear, Roberts maintained he has
"compromised" an aircraft's in-flight entertainment system "approximately 15 to 20
times" between 2011 and 2014.
Also in April, the U.S. Government Accountability Office reported that connections between the Internet and modern aircraft "can potentially provide
unauthorized remote access to aircraft avionics systems." According to the GAO,
"Historically, aircraft in flight and their avionics systems used for flight guidance and control functioned as isolated and self-contained units, which protected
their avionics systems from remote attack. However, according to the FAA and
experts we spoke to, IP (Internet protocol) networking may allow an attacker to
gain remote access to avionics systems and compromise them."
April's events were complemented in July when two computer hackers,
Charlie Miller and Chris Valasek, demonstrated their ability to access a modern
Jeep Cherokee's systems remotely. Through the vehicle's cellular data connection while it was being driven, the pair reportedly were able to adjust the Jeep's
air conditioning settings, turn the radio to full volume and squirt fluid onto the
windshield, along with other mischief. They also were able to remotely track a
randomly targeted vehicle's GPS position and its speed, and record its route plus
its IP address, all of which was performed through the vehicle's cellular-based Uconnect
infotainment system. Fiat Chrysler Automobiles, the Jeep's manufacturer, recalled at
least 1.4 million vehicles for software updates, which reportedly have resolved the system's vulnerability.
Since April, Chris Roberts' exploits have been widely dissected, with most observers