1) he did hack the IFE in flight
2) That is a big NO NO
3) He claims no hack to change controls in flight but on a virtual simulator
4) His company got clobbered as a result
5) Even the GAO issued a warning
IMHO anyone who tells you their system cannot be hacked is living in a fools paradise. The question is how much damage/control can be done.
IMHO Absolute physical separation ( air gap ) AND EMP protection of critical systems is a must.
And for the non believers- even a fiber optics system/cable can be tapped/hacked. This was known over 20 years ago. AS was reading the output/screens of CRT display remotely via cheap electronic receivers. While CRTs have essentially disappeared and current screens **may** not be read remotely with no physical- video link- anyone care to bet ??
He hacked the plane in flight? Are you sure? What was the extent of that "hack"? What capabilities did it give him?
Let me be very explicit about this: I am deeply involved as a professional IT consultant in the area of system security. If I penetrate a system my job is to push my chair back from by desk and not to touch the keyboard under any circumstances. I will reach for the phone and tell my client that I am in and will tell them under which ID I have gained access. They in turn will kill my access.
If I were to gain access - whether through deliberate or accidental means - to a plane's system (and I'm speaking of someone who is paid to hack on occasion) I would immediately recoil in horror and hand my unpowered laptop to the cabin crew with a full account passed to the captain.
It's that simple.
There would be no guarantee that an inadvertent keystroke might confound the systems.
I also would not need to be told that the carrier is no longer prepared to have me as a passenger; I would simply not wish to fly with that airline or on that type ever again.
I'm a reasonably proficient hacker, but there are some better than I am out there, and they tend to be of the bragadaccio mindset which says "Now that I'm in the system, let's see what I can do. The guys will be really p1ssed when they see this at the next convention *alt-PrntScr*.
No system is perfect; that's why I have made a reasonably lucrative career analysing these imperfections. However, It is my job to reveal these issues to the client and their auditors and not to a hacking community who are all too happy to exploit these imperfections.
There's another issue. I'd like to know how a pilot would react if a passenger on his flight reported that he or she had got into the flight systems. Voluntary admission accompanied by a willingness to remain under restraints and separated from the device used to get in to the systems. Would the captain deem this to be a compromise to the plane's safety and land at the nearest?
It's a genuine question; I have no idea what the protocols would be. Other applications such as banking are less immediate and have the luxury of mitigating the threat while taking steps to eliminate it. At 35k feet the same luxury isn't available. Would vulnerability to the flight control systems be considered in the same way as a hull breach or an engine loss?