Feds Say That Banned Researcher Commandeered a Plane

&gt;used default IDs and passwords to gain access to the inflight entertainment system. Once on that network, he was able to gain access to other systems through the network.<p>This is pretty disgraceful. We put billions of dollars into stopping terrorism and keeping people from hijacking planes and it turns out they can&#x27;t even secure the systems that control the plane. All they had to do was change the default passwords! Stories like this sound like something made up by the ministry of truth. Unbelievable.

The avionics should be isolated through hardware, through wiring, from other systems on the plane. If this is not the case, then the FAA should issue an order to change the plane wiring to make this the case. Also, if the avionics system is not isolated, it should call into question the FAA&#x27;s approval process for aircraft.

It&#x27;s one thing to demonstrate a PoC live on life&#x2F;safety critical systems, it&#x27;s another to brag about sources &amp; methods on social media, leave your machine powered-on and blab contents to anyone and everyone whom can be called as a witness (whether hostile, material or voluntary).<p>0. NEVER TALK TO THE COPS. [0]<p>1. NEVER LEAVE ENCRYPTED MACHINES HOT (decryption keys or filesystem cache in memory). FireVault 2 optionally leaves keys in memory [1, 2]<p>2. NEVER REUSE PASSWORDS OR PREVIOUSLY CONFISCATED GEAR (start fresh, beware of firmware and other hard-to-detect hw mods)<p>Presume mil&#x2F;gov vuln shops have high cost USB, FireWire and Thunderbolt DMA memory cloning capabilities. If a machine has gone out of your possession, good luck finding which injection-molded part now contains a keylogger which will allow them to unlock your cloned disk images and RAM image after-the-fact (to get your password to get your fv key). (It&#x27;s not tinfoil far-fetched if you go out of your way to get on one of the various govts department&#x27;s radar.)<p>BTW, laptop was a MacBook Pro (Retina, 15-inch, Late 2013)<p>Valid Purchase Date A validated purchase date lets Apple quickly find your product and provide the help you need.<p>Telephone Technical Support: Expired You are eligible to purchase telephone technical support from an Apple Advisor. Contact Apple Support<p>Repairs and Service Coverage: Expired Our records indicate that your product is not covered under Apple&#x27;s 1-year limited warranty or AppleCare Protection Plan for hardware repairs and service based on the estimated expiration date.<p>References:<p>0: <a href="https:&#x2F;&#x2F;youtu.be&#x2F;6wXkI4t7nuc" rel="nofollow">https:&#x2F;&#x2F;youtu.be&#x2F;6wXkI4t7nuc</a><p>1: destroyfvkeyonstandby <a href="https:&#x2F;&#x2F;developer.apple.com&#x2F;library&#x2F;mac&#x2F;documentation&#x2F;Darwin&#x2F;Reference&#x2F;ManPages&#x2F;man1&#x2F;pmset.1.html" rel="nofollow">https:&#x2F;&#x2F;developer.apple.com&#x2F;library&#x2F;mac&#x2F;documentation&#x2F;Darwin...</a><p>2: <a href="https:&#x2F;&#x2F;security.stackexchange.com&#x2F;questions&#x2F;18720&#x2F;how-secure-is-filevault-2-while-the-computer-is-in-sleep-mode" rel="nofollow">https:&#x2F;&#x2F;security.stackexchange.com&#x2F;questions&#x2F;18720&#x2F;how-secur...</a>

I would rather fly an airline that has bug bounties for critical systems.

At least it was a researcher and not someone from ISIS.