There's a risk that the following quotations were reported in (
InformationWeek | Business Technology News, Reviews and Blogs and
Information for the World's Business Leaders - Forbes.com) incorrectly or may become superseded, the overall message though is quite clear; Honeywell, Rockwell-Collins, EAS and FAA aren't presently worried.
Honeywell spokesman Scott Sayres via phone
“If we talk very generically -- not just about Honeywell software -- PC FMS software is normally available as an online pilot training aid”
“In other words, what Teso did was hack a PC-based training version of FMS that's used to simulate the flight environment, not the actual certified flight software installed on an aircraft.”
Rockwell Collins
“Today’s certified avionics systems are designed and built with high levels of redundancy and security. The research by Hugo Teso involves testing with virtual aircraft in a lab environment, which is not analogous to certified aircraft and systems operating in regulated airspace.”
EASA spokesman Jeremie Teahan via email
“This presentation was based on a PC training simulator and did not reveal potential vulnerabilities on actual flying systems"
“There are major differences between PC-based training FMS software and embedded FMS software. In particular, the FMS simulation software does not have the same overwriting protection and redundancies that is included in the certified flight software”
“For more than 30 years now, the development of certifiable embedded software has been following strict guidance and best practices that include in particular robustness that is not present on ground-based simulation software”
FAA
“The FAA is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer. The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware. The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain “full control of an aircraft” as the technology consultant has claimed.”
In my experience, simulations are the basis of extremely powerful techniques towards understanding the normal (expected) and emergent behaviour of any complex system, but it is usual to increase the throughput of test data by removing something. Once a cut-down simulation of a system has been produced, there is the need for extreme care in the usage of test results, as they can produce misleading positive and negative views of the real thing.
IMO PJ2, in particular, has correctly highlighted the irresponsibility of the presentation and subsequent re-broadcast of the work. In other fields, we know that, such presentation would not occur without peer review. It's actually a great shame that further output from the individual and their organisation may be devalued to some extent, as a consequence of this publicity.
I'm happy to fly alongside an Android and I'm happy to participate in a simulation, provided that it stays in the laboratory.
00, 01, 10 n 11