In this captivating episode of Nerding Out with Viktor, host Viktor Petersson sits down with Ken Munro, a renowned cybersecurity expert and penetration tester. Together, they embark on an insightful journey into the uncharted world of aviation cybersecurity, shedding light on the intricacies and vulnerabilities that exist within modern aircraft systems.

As they delve deeper into the realm of aviation security, Ken shares his vast experience in testing aircraft systems, revealing surprising tales of hacking decommissioned planes in a scrapyard. This unique approach allowed his team to practice without compromising passenger safety or active fleets.

One of the most pressing security concerns in aviation today is the Electronic Flight Bag (EFB), a system that has replaced traditional paper-based navigation tools with digital equivalents. However, as Ken astutely points out, EFBs have introduced new vulnerabilities that can be exploited by attackers. By manipulating data within the performance calculators, hackers can mislead pilots about crucial factors like runway length or engine thrust. Viktor and Ken explore the dire implications of these weaknesses and discuss the sophisticated tactics used to secure these systems.

GPS spoofing is another critical topic discussed in this episode. Ken explains how malicious actors can use this technique to confuse an aircraft’s navigation system, leaving pilots with outdated or incorrect data until they’re able to safely land. The complexity of GPS spoofing and jamming are also explored, highlighting the need for advanced security measures to counter these threats.

The conversation then turns to responsible disclosure in the aviation industry, where Ken shares his experience working with manufacturers like Boeing and Airbus. He emphasizes the delicate balance between informing manufacturers about security issues while respecting their time-consuming processes for safety certification. Viktor is impressed by Ken’s commitment to transparency and collaboration, which has led to significant improvements in aviation security.

Viktor and Ken also discuss the industry’s gradual shift towards transparency in handling disclosures and threats. They highlight the importance of collaboration between cybersecurity professionals, manufacturers, and government regulators to continuously enhance aviation security. Ken emphasizes that, while security is critical, safety remains paramount in aviation, often requiring extended timelines for vulnerability patches.

This episode of Nerding Out with Viktor offers a compelling deep dive into the world of aviation cybersecurity, showcasing Ken Munro’s expertise and passion for making aviation safer. For anyone fascinated by cybersecurity, aviation, or the hidden challenges of keeping the skies secure, this conversation is an eye-opening exploration that reveals both the resilience and risks of modern aircraft systems.