A switch on an avionics system won't be like a typical of the shelf commercial router. There's no need to have a programmable router on an airplane. Once it's configured, there's no need to log into it to change anything. It likely won't have any administrative access for configuration at all. It will be programmed at the factory with the only option to reconfigure being a complete system software load.

That's where the uncertainty comes in. Near as I can tell, it's "very unlikely" that what he built could hack an actual plane. But I can't say with 100% certainty that he hasn't found a weakness that can be exploited. I doubt he has. But it is theoretically possible.

Because that adds weight and power consumption for no good reason. When it comes to that, the airlines and the manufacturers are pretty religious about reducing both. Every extra ounce reduces fuel efficiency. Every milliwatt consumed reduces efficiency. If you don't have to have two separate GPS units, you're not going to have them on the plane. The networking standards for avionics systems are capable of having the two networks connected together to share the data without letting one impact the other. So they do it that way rather than have two receivers on board.

Logical? Yes. Physical? No.

Speaking as someone who worked for a Boeing subcontractor who designed their on board computers, I can tell you that there is a physical connection. There's only one set of SATCOM radios on board. The avionics systems use it for some of their communications and have for a long time. The airlines wanted to monetize the extra bandwidth by selling access to the passengers for a price. I am told they didn't add a second set of radios to provide bandwidth to the passengers.

So at the very least, there is a switch that connects the avionics network, the in flight entertainment network, and the SATCOM radios. And while this is a physical connection, there is a fair amount of confidence that it's still a logical separation. The AFDX/ARINC 664 standard is pretty extensive and allows for very strict connection management. While Roberts may have been able to get a packet out of the IFE network and have it look like an engine control message, there's very little chance that packet would make it anywhere close to the engine control computer. Of course, that assumes that the avionics network was set up correctly. And that's a pretty good assumption given the safety requirements in place for avionics design. Still, there's that one in a million shot that there is an exploitable flaw. It's probably less chance than that, but it's not guaranteed to be zero.

Considering that both the Avionics systems and the in flight entertainment systems are both able to reach the SATCOM radios, I'm not sure this assertion is true.

I've spent a great deal of my career working on avionics systems and did work on early Ethernet implementations in the late 90's, well before ARINC came up with AFDX/664 standards. Back then we restricted Ethernet to single point to single point dedicated channels with no switching or routing of any kind. The first vague ideas of having an in-flight entertainment network were starting to form. But at the time, it was just high level R&D.

From what I've been able to piece together is that Chris Roberts bought an under-seat device and hooked up something in his basement for proof-of-concept attacks into the avionics network. But without all of the rest of the equipment, he had to build up his system with commercial grade equipment. And that's where his "hacking the engine controls" story falls apart. Sure, he may have been able to get a specifically formatted packet through the IFE network and send it out the port that connects to the rest of the plane. And with his generic Ethernet switches, he may have been able to get that packet through to where he thought the engine control computer was. But his model is flawed.

AFDX/ARINC 664 is an entire structure built on top of the physical layer of Ethernet. While it may use Ethernet frames to pass the data, there's a ton of bandwidth management and strict routing management built on top of it. Assuming for the sake of argument that the avionics network was indeed set up correctly, there's no way an engine control packet coming from the IFE network would be routed. The filters would see that the IFE port isn't authorized to send that data and it would be dropped, perhaps with an error log of some kind. The only thing the IFE network should be able to talk to is the SATCOM radio and only within very specific parameters. There's no way a properly set up avionics network is vulnerable to an attack like this.

Of course, that begs the question. Did they set up their avionics network correctly? It's highly likely that they did, but I'm not going to say with 100% certainty that there are absolutely zero vulnerabilities. Suffice it to say, I'm extremely skeptical of Roberts' claims. But I will stop short of saying that he is, without question, full of it.

It was actually Todd Wilkinson and it was in Fryburg, CA which was a fictional San Diego suburb. But yeah, I used that address more than once myself.

Because at a number of stores, they wouldn't take "no" for an answer without a fight. They would spend a lot of time push selling their catalog or whatever the hell it was they were trying to use to distract you from the fact that they collect your data. It was just easier, not to mention a lot quicker, to give them false information than to argue for a couple of minutes with a pushy sales clerk.

Technically, you don't. But the sales clerks were pushy about it. I think they got in trouble if they had any transactions without personal information. For me, it was all about time efficiency. Take a few seconds to give them false information or stand there and argue with them for a lot longer. The one that got me out the door faster was the the route I took. As they stopped stocking the parts I wanted to buy, I stopped going to their stores. So did pretty much everyone else from what I gather.

"Clever. Still... anybody with that kind of record is gonna make a mistake. I want all party members in the tri-state district to monitor the city, county and state police on their CBs. Sooner or later Mr. Blues is gonna fuck up, and when he does... he better pray the police get to him before we do."

They would know me as Charles (Chuck) U. Farley. I made up the street address every time.

IANAL but I thought any type of coercion would qualify. Threatening people with an expensive lawsuit if they didn't pay seems to me to violate at least the spirit of the law.

I knew that my information would get out eventually. In the last 15 years I would only go in to buy specific things (none in the last 5+ years). Every time I would pay cash and give the clerk false information. I'm so very glad I did.

Not to mention that municipal broadband providers won't kick back as much in campaign finance support as the major cable companies. The FCC is really going to cut into that revenue stream pretty heavily with these rules.

I missed that. His disability would change my assumptions.

Given that they're all probably not disabled, I'm wondering what grounds they have to sue in the first place. But that's why they offer a "settlement" that's less than the cost to defend the suit, so the case never sees the inside of a courtroom. In effect, though, they're using the legal system to extort money out of people and depending on the particulars, that may qualify under RICO statutes. In theory, they might actually be breaking the law.