We’re starting to hear a lot about the Internet of Things (IoT) and the Industrial Internet these days. But what a lot of people aren’t aware of is that SCADA systems have been around for a long time, and more and more of these are being connected directly to the Internet. If you didn’t already know, “…a 747 is a big flying Unix host.”

The Register is reporting that at the recent Hack In The Box security summit in Amsterdam, during a presentation by Hugo Teso, a security researcher at N.Runs and a commercial airline pilot, demonstrated attack code that can take full control of a commercial airliner’s flight systems and the pilot’s displays.

The Lab

The equipment used to build the exploit; second-hand commercial flight system software and hardware picked up on eBay.

The thing you should take away from this story isn’t a fear of flying. Teso spent three years working on the attack, and for obvious reasons, the actual attack vectors weren’t divulged during the presentation. Both the Federal Aviation Administration and the European Aviation Safety Administration have been informed and should be working to fix the holes.

However, with more and more makers building systems connected to the Internet, this should be a wake up call for all of us not to make the same mistakes as the people building these legacy systems. Just because your weather station or smart meter isn’t connected to the Internet right now, or is “safe” behind your NAT and home firewall, doesn’t mean you shouldn’t think about security.

We’re right at the start of a revolution in home automation and control where (most?) everyday objects will start to have computing power, and be connected to the network. Let’s design some security in right at the start.