> "You probably remember SCADA from the starring role it played in the Stuxnet worm"
Nitpick: The article writes like 'SCADA' is a product from a single vendor. It's not. It's just an acronym for Supervisory Control and Data Acquisition, of which PLC's/DCS's/RTU's/PC's make up as a full system. SCADA didn't play a role in Stuxnet; Siemens PLC's (and a lot of specific know-how) did.
I'm not entirely sure that's what they're saying: the original post simply says "they [the engineering team] had added a new video system that ran over IP".
I would be somewhat surprised if that "new video system" was the IFE system. It's more likely to be something flight deck related.
I say this with some knowledge of working in that industry and understanding how the two biggest IFE systems manufacturers install their gear.
There is certainly nothing critical running Solaris on a 747 or any other airplane. All airborne software needs to get certified by FAA and is developed and evaluated through the lens of the DO-178B standard.
Did you click through the blogspam and read the original article?
> I was contracted to test the systems on a Boeing 747. They had added a new video system that ran over IP. They segregated this from the control systems using layer 2 - VLANs. We managed to break the VLANs and access other systems and with source routing could access the Engine management systems.
Perhaps there's nothing critical running Solaris, but apparently the critical systems are accessible from the systems running Solaris.
He states that the "engine management system" ran Solaris, and that was what he managed to access. I don't know what he means by "engine management system" but I am quite sure it was not critical ...
I hate to say it, but it seems like the author of the article had a bone to pick with ex-employers. I'd certainly never hire him, with all the names he named and specifics he published.
The embedded/industrial space is plagued with these security issues.
Sure they do. The on-board FMC is meant to enhance the capabilities of the autopilot. If you can reprogram the FMC then you can change where the aircraft is pointed.
Nitpick: The article writes like 'SCADA' is a product from a single vendor. It's not. It's just an acronym for Supervisory Control and Data Acquisition, of which PLC's/DCS's/RTU's/PC's make up as a full system. SCADA didn't play a role in Stuxnet; Siemens PLC's (and a lot of specific know-how) did.