Menu Sign In Contact FAQ
Banner
Welcome to our forums

Honeywell Introduces Anthem Flight Deck ( and the IT security minded folk will have nightmares about it )

https://www.avweb.com/avionics/honeywell-introduces-anthem-flight-deck/

“It also offers a web browser that allows third-party applications and websites to run in the cockpit.”

Can’t wait for the 0-day vulnerabilities, the constant patching, the firewall and anti-virus add-ons…
Maybe I should have posted it on the ‘Jokes’ thread.

On another angle, you can always browse euroga.org on long boring flights….

EHLE, Netherlands

hmng wrote:


Can’t wait for the 0-day vulnerabilities, the constant patching, the firewall and anti-virus add-ons…
Maybe I should have posted it on the ‘Jokes’ thread.

If the web browser is completely separate (separate display, processor, network etc.) from the rest of the avionics, it might not be a big deal. Until you start running mission-critical web applications, of course.

Last Edited by Airborne_Again at 08 Oct 11:26
ESKC (Uppsala/Sundbro), Sweden

“The Anthem flight deck is aimed at aircraft types ranging from large passenger and business jets to general aviation aircraft and advanced air-mobility (AAM) vehicles.”

Really? How much is it going to cost? Same $400K as Garmin G3000, probably.

EGTR

If the web browser is completely separate (separate display, processor, network etc.) from the rest of the avionics, it might not be a big deal.

They are not likely to do that. And using one CPU to run multiple RJ45 interfaces doesn’t cut the mustard even though most routers and “firewalls” do exactly that. Same with running the browser in a VM, etc.

Administrator
Shoreham EGKA, United Kingdom

Airborne_Again wrote:

If the web browser is completely separate (separate display, processor, network etc.) from the rest of the avionics, it might not be a big deal. Until you start running mission-critical web applications, of course.

Yes, but we know how these thing are done. Even sharing the internet link, which is hard to justify having a separate one, is already quite a risk if you allow any software to run on that browser. And the system is ‘always on’, allowing you to upload a flight plan before arriving at the aircraft. What can possibly go wrong?

(Of course, this is only a more visible threat, there are already lots of avionics with Wi-Fi, phoning home and allowing download and upload of data. There are already lots of risks with existing systems out there.)

EHLE, Netherlands

Peter wrote:

even though most routers and “firewalls” do exactly that.

all firewalls and routers, including the very expensive Cisco enterprise stuff. It’s not an issue if the device is designed right.

Andreas IOM

It’s not an issue if the device is designed right.

Of course

But you won’t find that in the GCHQ, public-facing, and why not?

There are already lots of risks with existing systems out there

Indeed, but the exploitation opportunity is limited because most of the stuff is powered up only briefly on the ground, and then you go flying. And to look for back doors, somebody has to borrow a $15k box, put it on the bench, and spend time on it, when it is sooo much easier and more fun to go hacking into webcams on open ports, many being in peoples’ bedrooms Or just sniffing random IPs, looking for holes (EuroGA gets at least 10 per second of those attacks).

If one had avionics which were powered 24/7 that would not be wifi (or should not be!) because most parked planes have no wifi connection. It would be a 3G/4G radio (modem) with a SIM card, and that is again harder to hack because it probably won’t be on a fixed public IP. Most likely it will be accessed via a 3rd party server, in this case something Honeywell run, for a monthly fee, and yes that would be a potential back door for trashing everybody’s avionics…

Administrator
Shoreham EGKA, United Kingdom
7 Posts
Sign in to add your message

Back to Top