Very interesting if true.
All the following is AFAIK …
Right now airliners are full of wired Ethernet and also Wi-Fi networks.
The Wi-Fi is (so far) used exclusively for passenger entertainment. On most aircraft it’s a retrofit for users to connect their own devices for email, surfing, etc. There’s enough bandwidth for a couple people to stream vid, but not everybody. So that’s mostly blocked. Some new aircraft are being delivered with Wi-Fi as the primary means to deliver IFE to the seat-back display systems. There is a competing trend to eliminate seatback systems and assume everyone will either bring their own device or not care about electronic entertainment.
There is a move afoot to add a separate, “secure” Wi-Fi signal for use in the cockpit. The idea is so we can connect our tablets to weather info, use them for communication with HQ, etc. Right now we have the silly situation that we’re using airborne radar and 6-hour old text printouts to guess where the weather is while half the passengers are using their tablets to access NWS or weather.com and can see in real time what’s going on. For us to connect to that Wi-Fi signal in flight now would be a grievous Federal offense.
The obvious problem is how do we ensure our “secure” login to the “secure” signal stays actually secure? Thousands (or tens of thousands) of pilots and tablets versus hundreds or thousands of aircraft. All have to connect and interoperate with no failures to aircraft quality levels of reliability, not laptop-at-Holiday-Inn levels of reliability. They’re still working on that one.
As to wired networks …
Older planes have all the avionics on non-Ethernet wiring busses. Which would tend to be completely isolated from even the latest Ethernet-based IFE.
Conversely, on newer planes the avionics will also be connected over Ethernet. …
There are two choices for wiring: totally separate physical wires and routers for critical and non-critical stuff, versus common physical wires and logical software-based or router-based segregation. Look up VLAN for more about how that works in a typical office or server farm setting.
I have no clue which approach was used on which aircraft. I can sure see the (non-security) engineering attraction of common wiring. Once you build a system with common fault reporting, so the IFE can report malfunctions to the central malfunction tracking software, you’re well down the road to where everything can talk to everything.
Ultimately, a lot of IFE involves traffic off the airplane, to obtain videos, bring up your email, etc. And everybody is also clamoring for aircraft to real-time report position, flight conditions, etc. to prevent the next MH370. So with just these two use cases, we have two boxes, one zero-criticality, and one high-criticality, that both eventually come together in being able to transmit data off-board over the same radio. So you’re going to have a commonality there even if you engineer out all the others. And there are hundreds more use cases for connectivity both on-board and to off-board.
It sounds to me from the Wired article in the OP like what has really happened is mostly a matter of sloppy installation, not sloppy design or manufacturing. IOW, if Security Engineering puts passwords and secure interfaces at each level, but IT at the customer company leaves all the passwords at the publicly known defaults, well you don’t have much actual in fact security.
IMO for the future we’re going to need true air-gapped systems where absolutely nothing the passengers can get to wired or wirelessly is physically capable of connecting to anything other than pure filtered entertainment. Whether that future is arriving right now or in 15 years will be interesting to watch.