US DHS issues GA hacking warning
Thread Starter
US DHS issues GA hacking warning
Apparently GA aircraft are now vulnerable to hacking.
Cue the CASA shutdown of GA....
http://www.theage.com.au/technology/...2cbs.html?btis
Cue the CASA shutdown of GA....
http://www.theage.com.au/technology/...2cbs.html?btis
People (some of them very close to home - and I know exactly who you are!! ) are regularly trying to hack my webcams site. I’ve found some Russians that are trying regularly to get into it too.
It's probably the Chinese spoofing Russian IP addresses to make it appear they're from Russia. If they're smart enough to hack, they're smart enough to cover their tracks.
Join Date: Jan 2011
Location: Australia
Posts: 313
Likes: 0
Received 0 Likes
on
0 Posts
The story relates to injecting false CAN bus messages (as used by Garmin, Dynon etc) into the EFIS. And it's a beatup.
A key principle in cyber security is that if you have unsupervised physical access to a target system, you effectively own it. Same applies here.
If you have ill intentions and you have unsupervised physical access to a light aircraft, there is an infinite number of awful things you could do. Doesn't matter whether that aircraft is a Tiger Moth, or an RV filled with the latest electronic toys.
A key principle in cyber security is that if you have unsupervised physical access to a target system, you effectively own it. Same applies here.
If you have ill intentions and you have unsupervised physical access to a light aircraft, there is an infinite number of awful things you could do. Doesn't matter whether that aircraft is a Tiger Moth, or an RV filled with the latest electronic toys.
.Here’s a good idea, let’s suggest to CASA that EFIS systems be required to have an approved user login page with separate user names and passwords for each pilot. All to be controlled by a designated and CASA approved system administrator.
...Then get them to require a 30 character password with upper and lower case letters, numbers and at least 2 special characters. The password to be changed every six months.
..........then have the sessions expire every hour in flight and require a new login.
That will solve the problem!
Should I recount the joke about dealing with a case of crabs?
...Then get them to require a 30 character password with upper and lower case letters, numbers and at least 2 special characters. The password to be changed every six months.
..........then have the sessions expire every hour in flight and require a new login.
That will solve the problem!
Should I recount the joke about dealing with a case of crabs?
The story relates to injecting false CAN bus messages (as used by Garmin, Dynon etc) into the EFIS. And it's a beatup.
A key principle in cyber security is that if you have unsupervised physical access to a target system, you effectively own it. Same applies here.
If you have ill intentions and you have unsupervised physical access to a light aircraft, there is an infinite number of awful things you could do. Doesn't matter whether that aircraft is a Tiger Moth, or an RV filled with the latest electronic toys.
A key principle in cyber security is that if you have unsupervised physical access to a target system, you effectively own it. Same applies here.
If you have ill intentions and you have unsupervised physical access to a light aircraft, there is an infinite number of awful things you could do. Doesn't matter whether that aircraft is a Tiger Moth, or an RV filled with the latest electronic toys.