Embedded System Flaws Put Airlines at Risk, Researchers Reveal

Today’s topics include IOActive announcing research showing embedded systems exposing airlines to risk, and Arista agreeing to pay Cisco Systems $400 million in a patent settlement.

According to IOActive researchers, multiple systems on modern airliners are potentially at risk from a series of vulnerabilities. These flaws expose supply chain risks, where an embedded software technology puts a larger platform at risk.

Researcher Ruben Santamarta will provide full details on multiple satellite communications system vulnerabilities in a talk on Aug. 8 at Black Hat USA while his colleague Josep Rodriguez will detail embedded system flaws in airlines on Aug. 12 at Defcon.

Ahead of the talks, Rodriguez said his research found multiple vulnerabilities in the inflight WiFi operating system WiNG OS that could have exposed users to risks, including denial of service and potential code execution.

Enterprise networking rivals Cisco Systems and Arista Networks have settled their bitter patent dispute from 2014, with Arista agreeing to pay Cisco $400 million and with each company saying it will not bring legal action against the other for the next three to five years.

The agreement settling all outstanding legal issues was reached Aug. 6, the day a jury trial to hear the legal case was scheduled to begin in U.S. District Court.

Along with the $400 million payment, there will be no lawsuits brought over patents or copyrights that are related to current products and for three years the companies will use arbitration to solve patent concerns related to new products.

In addition, Arista will continue maintaining the modifications it’s made to the products as a result of the legal dispute and will make further adaptations to further differentiate its interfaces from Cisco’s.