Could someone be so kind as to translate this tweet so that those of us that aren't security experts can understand what was said? Or perhaps point me in the direction of some recommended, intro-level reading? I feel distinctly ignorant at the moment!
> Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)
737/800: is the type of aircraft and specific model (Boeing 737, stretched version (800)).
Box-IFE-ICE-SATCOM: Is a theoretical (or actual?) exploitation path.
Box: I'm assuming is in-flight WiFi
IFE: Is the in-flight entertainment system
ICE: Is also part of the IFE, but I'm guessing he specifically referenced that due to the "I" (in ICE) namely, the information that gets fed into the IFE from the flight systems (speed, altitude, and position)
SATCOM: The uplink used by in-flight WiFi but also the IFE to provide "latest news." If can be used to deliver information to the airline about the aircraft so they can keep track of if its on schedule and such.
EICAS messages: Used on aircraft's secure network for flight crew alerts and diagnostic information. Some of these may be relayed onto the insecure network and forwarded to the airline (similar to ACARS, but over SATCOM).
PASS OXYGEN ON: The implication is he wants to cause the oxygen masks to drop down into the passenger cabin (although in reality sending this wouldn't do that, it would just set off a warning on the flight deck letting the pilots know that the oxygen masks dropped, even if they physically hadn't).
If he could send EICAS messages to the aircraft's secure network, that would be a legitimate safety concern. However if he just witnessed EICAS messages from the insecure network, that isn't really a concern except maybe he could send misleading ones to the airline and give them a metaphorical heart attack.
I'm somewhat familiar with avionics system on a 737, and that above is a pretty accurate description. The FMS* basically forwards the messages through CANBUS for the IFE, via a gateway.
At worst this guy could send a fake message to other passengers, and maybe cause a IFE system warning in the cockpit. Oxygen Masks are controlled by a completely separate system to the IFE.
* The 737NG has various displays for warnings, but its not quite the same as the Airbus EICAS
I'm relatively uninformed in this area, but I assume it was a proposal for an exploitation path. "Box-IFE-ICE-SATCOM" would most likely be a plan meaning exploiting and escalating privileges from the actual passenger's client interface or in-seat screen(box), escalating to the in flight entertainment system (IFE), to the inter-communications system (ICE), and finally to the Satellite Communications system (SATCOM). Not sure how realistic it is, because I know really nothing about info-sec with regard to aircraft, but it's no different than planning something like web app/service vulnerability -> database -> backend systems.
