Interesting stuff none the less. I'm going to start out by stating up front.. this is near pure speculation --a conversation piece; thinking through my keyboard.
First, there are loads of documents that tell you why you shouldn't be able to do what was claimed:
- He got physical access through the In Flight Entertainment (IFE) System through the Seat Electronic Box under his seat. Used a Cat 6 Ethernet cable to connectVbox for his environment and Kali to run the exploits. (http://aptn.ca/news/wp-content/uploads/sites/4/2015/05/warrant-for-Roberts-electronics.pdf) --why didn't the flight attendant notice someone screwing with the system?
- His target is the Vortex software (http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/) - "VCT has unique and protected state-of-the-art aerodynamic technology as well as copyright protected software that enables engineers to model, predict, redirect and control aircraft vortex flow" (http://www.vortexct.com/products/finlets/).
- You cannot send a climb command based on this software. On top of that the IFE systems aren't even integrated: Boeing, which is manufacturer of the United Airlines plane Roberts was on when he was arrested, said the hack wouldn't even be possible because its entertainment systems are "isolated from flight and navigation systems." (http://www.aol.com/article/2015/05/18/cybersecurity-experts-criticize-united-airlines-hacker/21184502/?ModPagespeed=noscript)
- The vast number of cockpit simulators, with seemingly high levels of reality, seem to offer a viable place where attackers could practice. In fact, at one of my former employers, a cockpit was built on an XBox platform as a means of showing that all interactivity in the cockpit could be performed using inexpensive COTS software. My point is, are the integrated cockpit devices connected via APIs or other interfaces, PLCs that may make it open?
- And of course after the missing Malaysian flight, there were a number of warnings, particularly from the British on the very real possibility that the plane had been hijacked by cyber attackers.
- ACARS for example has been known to be vulnerable to attack. So vectors other than the inflight entertainment system have to be considered, if they're look it from a general threat perspective.
- In cars, the CANBUS is the controller area network that connects everything. Remember, the car was hacked through RFID in the tire air sensors at Blackhat a few years ago. We've had talks with folks at a very specific research center (~18 months ago), regarding OEM CANBUS issues having similar applicability in the Airline and Railway spaces. The thought that airliners may have the same issues should not come as a surprise.
I also believe that now every hacker in the world will be connecting to the under-seat USB, trying to figure out how the connection works from the inflight entertainment system, or, can someone bluetooth to the pilot's cell phone, unlock the electronic controls on the cockpit door, or find another hole that makes the seemingly impregnable system not so.
I'm thinking the Aircraft OEM companies and the ISAC are probably buzzing. I've received a number of calls from folks asking what we know (nothing) --but the assessment and the realms of possibility are not that far off.
Get ready Aviation folks. I have a feeling you're going to be really tested with questions in the next few weeks and new engineering challenges into the foreseeable future.