@SAMPUBLIUS
Now about the claims that such a system can never be hacked ?
However, according to FAA and experts we spoke to,
IP networking may allow an attacker to gain remote access to avionics
systems and compromise them—as shown in figure 4 (below)
Figure 4 is a very simplistic view of how an aircraft may be configured, and it has a number of important assumptions.
The first is that the avionics and FMS are exposed via an IP port to the rest of the aircraft systems. I would find it
extremely unlikely that there would be permissive access from any other system inbound to any critical system on an aircraft. That's security 101. Door is shut, reinforced, welded and concreted.
Secondly, there is an assumption (that in this case), the avionics actually talk IP at all. As someone asked - "well how to the get the moving map?" How do I get it off FlightRadar24? I'm obviously not connected to an FMS to see where the plane is.
Thirdly, that given I get get access to an unlikely exposed TCP port, how am I going to deploy a payload to an embedded system that I don't know, or have an exploit framework for. It'd be like trying to exploit a Mainframe switch major node with a Zeus attack. Pretty pointless, even though the major node talks IP.
If the guy in this story "hacked" anything, he probably owned the IFE. And he didn't need plug in to do that if it was WiFi.
In terms of the GAO report, it's the same security principles that any
enterprise organisation would implement. It's nothing new, and really it's just a bunch of the usual security talking heads doing the rounds on the speech circuit. Security Professionals for Hire.
Look, the paradigm may be different for the A350 and B787, but heck, if you expose a service, expect the door to be knocked on. Which is why you would have to say that door is closed and locked...