A security researcher used a modified cat6 cable and default creds on airline seat electronic boxes to compromise flight control systems on an aircraft. That’s really bad, and the FBI is investigating the crime. But why is it that no one seems to care that (1) SEB’s ride on the same network as flight control systems, (2) there’s a default password no one has bothered to change, and (3) no one on the aircraft was in any way bothered by some dude digging around under the seat and messing with cables?
Seriously – in the system design meetings for a million dollar aircraft, someone thought it would be a good idea to save, what, a grand by having a single open network for all electronic components on the aircraft?!
And I sincerely hope the WiFi networks they’re starting to put on the aircraft are on an isolated network that has nothing to do with any of the flight control equipment. It’s one thing to notice a guy plugging into some box under his seat … a guy using his computer mid-flight, nothing to see there.