If anything were to happen, it definitely shouldn't affect the avionics, not even remotely, or the plane would not have had a chance of certification. Data to the less secure IFE had better flow through a unidirectional network ("data diode"), and/or use a separate set of sensors.
Even if it brought down the server, it's still nothing that the flight attendants can't solve by "turning it off and back on". This kind of fault happens all the time.
More interesting to me is the level of isolation of the network. Could someone exploit my phone through the in-flight WiFi, for example?
They cite inadequate safety standards and an overheating entertainment system.
It's easy to assume that government or the airlines wouldn't allow a faulty system to fly, but just like software it's those extreme edge cases that cause problems. Somehow I doubt hacking the entertainment system is comprehensively covered in the manufacturers safety check. It's probably a remote chance something bad would happen, but we can't say it's 0.
This keeps getting cited on this thread. The IFE didn't simply "overheat". It had faulty wiring. The coffee maker could just as easily have caused that accident.
Lots of things have faulty wiring, but they keep working as long as their power draw is under some limit. Drawing excess power is a common result of software going into an infinite loop, which is a possible outcome of security probes.
Half the bugs I notice in Chrome, I notice because my laptop fan starts running.
A CPU overheating is still completely different from the wiring or other components heating up. It is entirely monitored, can throttle itself or shut down through OOB controls.
It's more likely for your plane to be hit by a falling unicorn than you being able to burn something up just by the power of `while (1)`.
Sure. Hair dryers draw excess power when you drop them in a bathtub. Ground-fault protection outlets are supposed to prevent that. If they don't, the outlet is faulty.
The origin of Murphy's Law was in a rocket sled project. This guy was strapped onto a rocket sled, fired down a track, and then subjected to strong braking forces. "If anything can go wrong, it will go wrong" didn't just mean "stuff happens". It meant, "you have to either make it impossible for it to go wrong, or you have to find a way that, even if it does go wrong, this guy doesn't die". You can't just ignore the problem as unlikely. It will happen sooner or later.
You don't get to say "lots of things have faulty wiring". Things that can kill you had better not have faulty wiring, or had better be able to survive it if they do.
"More than 21-percent of GFCI circuit breakers and 19-percent of GFCI Receptacles tested did not provide ground fault protection. The failure rate in areas of high-lightening strike was as high as 57 percent ... when a GFCI device fails, it continues to pass electric current but no longer protects the unsuspecting homeowner from ground fault conditions." (From http://www.experts123.com/a/the-national-electrical-code-gro...)
Yeah, but that's sort of the rub, isn't it? It's faulty wiring that won't, in practice, overheat unless you overload the server with (say) a port scan.
So yes, the aircraft is supposed to be robust against any trickery with the entertainment system. And indeed, it's 100% their fault for installing the wiring in a way that would overhead under load.
It's still pretty irresponsible to risk taking down the aircraft like that to check for a vulnerability!
If a port scan can overload a server, it could also be a bug in the JavaScript code that runs on the clients. Too many AJAX requests and the plane goes down? I sure hope not...
I agree that, in theory, at least the avionics shouldn't be accessible from the IFE. I am sure there is a rigorous protocol for making sure this is properly secured and certification for airworthiness. I think the parent comment was more making the point that we don't need a flight full of people scanning ports for fun and profit, and the consequences of doing so are unknown and could lead to things like no wifi or IFE on the flight you're on and hopefully not worse
This is obscurantism. Port-scanning a networked system, even aggressively, must be considered typical environmental hazards that any network-attached system must be able to weather (preferably with no degradation in service).
The point is not that the system is fine, the point is that the method used to identify the flaw is dangerous. This needs to be fixed but the ends do not justify the means.
> If anything were to happen, it definitely shouldn't affect the avionics, not even remotely, or the plane would not have had a chance of certification.
The only way to know that you won't crash a critical system is to try it. You're right you shouldn't be able to but that doesn't mean it can't be done. Doing this in flight is still dangerous.
Not at levels A-D, which are the ones where the faults "should not be there" (citing the parent comment).
At level E you only have to prove that there's no effects of faults on safety-critical systems, so it's more about the surrounding architecture than the software itself.
Even if it brought down the server, it's still nothing that the flight attendants can't solve by "turning it off and back on". This kind of fault happens all the time.
More interesting to me is the level of isolation of the network. Could someone exploit my phone through the in-flight WiFi, for example?