Mediator: I have searched for mentions of this angle, apologies if it’s covered and delete.
FAA Dismisses 'PlaneSploit' Creator's Claims (SecurityWeek April15th 2013)
The Federal Aviation Administration has said that a researcher’s claims that he could hack an aircraft in-flight using only an Android application and a desktop computer are not possible. The FAA’s dismissal comes after Hugo Teso, a German information technology consultant, presented his findings during the Hack in the Box conference earlier this month.
According to Teso, security issues with the Honeywell NZ-2000 Flight Management System (FMS), allowed him to send signals via his Android device, compromising the FMS within a simulated environment. His research was carried by many news outlets, and sparked some concern.
However, the FAA, in a statement sent to SecurityWeek, says that there is no risk - as the technique doesn’t work against certified flight hardware.
“The FAA is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer,” the statement said.
“The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware. The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain “full control of an aircraft” as the technology consultant has claimed.”
The dismissals have additional significance as the FAA was given access to the complete process Teso used to exploit the FMS, something that wasn’t publically released.
This is a year old story but Forbes expanded on the subject last year and it has a certain resonance:-
See
Researcher Says He's Found Hackable Flaws In Airplanes' Navigation Systems (Update: The FAA Disagrees) - Forbes for more on Teso’s test rig, but of interest is this extract:
‘Teso focused on a different protocol called Aircraft Communications Addressing and Report System, (ACARS) a simple data exchange system that has evolved over decades to now include everything from weather data to airline schedules to changes to the plane’s flight management system. (FMS)
Teso says that ACARS still has virtually no authentication features to prevent spoofed commands’.
Does the 777 use the Honeywell NZ-2000 FMS? I believe it's Honeywell, but whether it is similar to the above ebay purchased system Teso used is questionable.
Google it for more info.