Alexander needs to go, yesterday. He's more inept than Ballmer.

No serving general should ever be given so much power over a civilian agency and the population as a whole. Soldiers are very good at military campaigns but they are not so good at managing by consent and they are used to protecting the state and projecting its will. To work effectively, a general has to stop being a general outside the military, especially when turning their agency against civilians. Instead, the better model is that of "policeman", to serve the people over the state.

The method posted requires, access to the car interior to get at the OBD2 port. Hopefully you would have set off the ultrasonic alarm before then.

The device shown is way overpriced, essentially you just need a custom OBD2 device. Just a bit of googling and I managed to find one for a fraction of the price.

I think these guys are able to breakin without access to the OBD2 port, probably by interception of the RFID signals.

For hardware I started with an 11/40, and then went through the range down and up. I got used to pulling and shuffling cards and even removing the wire-wrapped NPR jumper but the software was fun. For the software , we started with a monstrosity called DOS/BATCH, I went on to RSX-11M, RSX-11S (a paired down version of 11M for hard realtime), RT-11 and RSTS/E and ended up on RSX-11M-plus. The latter was a really cool multiprocessing capable O/S. The best thing is that for M and M-plus, they had to give you the kernel source so you could configure it (which was down to conditional assembly and lots of macros).

I was writing drivers and having fun. MACRO-11 was great. I used a heavily modded set of macros to provide a C like structure called SMAC and was using home-brewed structured exception handling by burying stuff in the stack frame, a bit like a VAX does. This gave me the ability to unwind quite gracefully. At one stage I managed to get hold of a copy of Unix, but we were commercial and it was hideously expensive at the time so couldn't use it for anything. The point being that a PDP-11 with EIS/CIS had a really nice instruction set and was easy to hold in the mind so I am fairly certain that a competent assembler programmer could write better code than most of the compilers. The instruction set was truly orthogonal so that all addressing modes worked whether it was real memory or registers.

The original PDP-11 standard Fortran would churn out pseudo code. This would be a list of addresses into the library with a link via R4, something like jmp @(r4)+. This was slow but actually quite elegant (easy to switch amongst the innumerable hardware variants via choice of library), but it was hard work to link because the entire program was external references. F4P cost a relative fortune though and I didn't get to use it until a time working at Digital.

I have passed long days in electromagnetic testing room, and I can say that you will be surprised by what can happens with complex and highly programmable electronics !

I had to work on a navigation system some years back, I didn't have to spend time in the "bubble" but colleagues did. We certainly did have people who were very aware of RF design and cross talk issues as we had a TEMPEST rated room as they had also been working on secure digital comms.

Your "demonstration" prove that a software modification can open up the frequency range.

True, but it is hard as the radio in a phone tends not to be open software. A USRP would be much better but then you need amplification and power. You are inside a metal tube and you need to get inside an antenna on the outside which is designed to go off when it receives a burst from a 50KW radar. The transponder squirts data back using something like 20w or so. It would be hard to overwhelm that from inside the plane. I would agree that if you hold up to a window, you could get some power outside (a phone does work on a plane on the ground up to a certain height, it is just a weak signal).

Inside the plane, RF goes by coax. Data goes by different means, usually twisted pair. Either way, the data wiring goes from the front-end in the cockpit to the avionics bay which is located underneath the cockpit (so no long cable runs). The FMS does not fly the plane (it acts more as a top-level monitoring system), there are other computers that worry about that.

If you have read the publication subject of this article, you will see that aircraft manufacturers have actually not worried at all about vulnerability.

Please remember that planes ship with standard flight control systems only. Cockpits and avionics are selected by airlines based on different options. It would be quite hard to try out every variant. However flight test has a big increase in general RF "crud" in the fuselage as you have multiple high performance logging and telemeter systems with cabling all over the place.

In the end, it seems that if you want to cause chaos, just get an airband radio and claim to be Frankfurt Radar or something.

Good point. And not only that, information is flowing into the pilot from multiple sources, visual clues, ATC and multiple instruments.

It seems that the aircraft industry is about as security conscious as the car industry.

Not really.

Aircraft typically carry different ways of getting the same vital information, passenger aircraft must do so. Equipment in former times was very unreliable, so essentially the plane must carry two (or more) of everything. Critical components, may have the "A" and "B" computers programmed by different teams or even using different architectures. They also carry a human, who may notice if their are strange instruments.

Drones are a different matter and do seem to be spoofable.

Except that TIS-B is not wired into TCAS at the moment. In fact, I have not heard of any use of ADS-B for air to air, just air to ground. Separations are controlled via time slots outside controlled air space and inside controlled airspace, by ground controller using good old fashioned PPI displays. Yes, those displays are "enhanced" by information from ADS-B but many smaller or older aircraft don't have it.

Nope.

A good demonstration of this was the issue about Nexus 4s being able by accident, to transmit a little bit on LTE (only one frequency) and only because the LTE frequencies were enabled by accident in the software. Unless there are antennas designed, the signal would be weak as hell even if you can get it out of the phone. Then you have to get the signal out of the fuselage which is normally working, more or less, as a Faraday cage to an antenna pointing at the ground or a satellite. The vulnerability that worries aircraft manufacturers (about mobile phone use) is the fact that ageing RF cabling and connectors may have faulty shielding.

Yes, the antennas are fixed but the ILS can be tweaked and often had to be (worked a long time ago at a place that built ILS equipment). They are supposed to be self maintaining using ground mounted calibration antennas but every so often an aircraft has to check the slope out by probing the ILS envelope (flying deliberately off the glide path) under VFR conditions. However, on top of the glide slope, there are radar altimeters (on the plane) and marker beacons (on the ground).

Quite simple. Use your own (or borrowed) Lear or Gulfstream, or charter one. No security. Coincidentally, many of those guys who voted in the regulations have access to their own small jets or have access to them via their lobbyists. Kerb to plane in 5 minutes. If the airport doesn't support normal passenger flights, you can even drive up to the plane.

I don't live in the UK anymore bit isn't NI capped? Isn't it also paying for other things as well such unemployment, etc?

They get their power from France (Mostly nuclear) and Switzerland (lots of Hydroelectric). When the LHC is running, it can take the same sort of power as the whole of Geneva. I am not sure how they procure their power, but given the mild winter, power has been a lot cheaper than expected unfortunately the decision to extend the run was made some months ago and they may already have locked in the price.

There is a black hole in Geneva. It is called the Paquis (drugs, street hookers, etc.).However it existed before CERN.

A big collider takes a lot of money and politicking to get started. It is a massive engineering project (the LHC was lucky, the detector chambers were new but the ring was inherited from the LEP). The CERN people already talk about what is next because they know they must start thinking now.

As for cosmic rays, yes they are incredibly powerful but undirected. You can't guarantee that the interesting particles will come into your detector any anyway, you normally end up with secondary collisions at best as the interesting particles interact at higher altitudes. Yes, you could fly a big detector, but they are extremely big and heavy,