What's new
Van's Air Force

Don't miss anything! Register now for full access to the definitive RV support community.

uAvionix configuration security

S

sf260

Member
Does anyone know if uAvionix products are secure once configured?

It appears you configure the "beacon" type devices by connecting to a unsecured Wifi network with a cellphone - and then using a cellphone app, configure the "beacon" device.

My concern is that there appears to be no authentication to the device itself and that the wifi network is always active. What then is to stop a devious individual sitting nearby with a cellphone to simply connect to your beacon device and reconfigure it with random settings?

Does the configuration wifi network disable itself after a interval subsequent to power on?
 
They are not secure. Anyone within WiFi range can set your n number and anything else as they see fit.
 
Shawn25854 said:
And someone would do this because.....................
Click to expand...

Because they are 15 years old, bored, smart and enjoy doing such things.

And later the affected owner of the aircraft holds the bag for a NPE violation.

Device security is a big deal these days and these devices appear to be insecure by design. It would be easy enough to fix by disabling the configuration wifi - 2 minutes after power on - or through other measures.
 
Shawn25854 said:
And someone would do this because.....................
Click to expand...
Does it matter? There's never a reason for people to do nefarious things, until someone figures out a reason. Yes, it does seem pretty low risk... now, at least.

Stratux is set up the same way. If you're close enough to a Stratux box and it's not been altered by the owner, you can connect to it. You can also gain root access to the Raspberry Pi and do pretty much whatever you want to with it. I doubt there's been any meaningful exploits for this since you'd need to be in pretty close proximity to the aircraft to do it.

sf260 said:
It would be easy enough to fix by disabling the configuration wifi - 2 minutes after power on - or through other measures.
Click to expand...
Easy enough to submit a request or do the work yourself... it's an open source project. It's not a bad idea.
 
sf260 said:
Because they are 15 years old, bored, smart and enjoy doing such things.

And later the affected owner of the aircraft holds the bag for a NPE violation.

Device security is a big deal these days and these devices appear to be insecure by design. It would be easy enough to fix by disabling the configuration wifi - 2 minutes after power on - or through other measures.
Click to expand...

I know, I see so many smart, bored 15 year olds hanging out at my airport running around holding up their smart phone so they can change my N number. :D

As stated by DaleB, "I doubt there's been any meaningful exploits for this since you'd need to be in pretty close proximity to the aircraft to do it."

I'm sure this is a simple fix for uAvionix and since the Stratux is open source any smart, bored 15 year old could fix the code and secure it in minutes.

I think I see one of them now lurking around your hangar. :D
 
The Beacon series are indeed secure.
Every Beacon sold comes with a unique secure password (up to 64 characters).
There is also a timeout/lockout of the WiFi signal at 5 minutes from power up or after entering airborne state.
Keeps those bored 15 year olds out of the picture. :)
We also have customers using security screws from McMaster Carr for a bit more insurance against thievery.
We'll get this info added to the website.
 
You must log in or register to reply here.
Back
Top