[pixelfarmer]

> Spoofing a CAN or ARINC429 bus requires physical access.

I worked for ages in the automotive industry. Here is the thing: They don't have just one CAN bus, but multiple, connected via gateways that function both as message router and also firewall between these busses. At least that is the idea, the reality is ... commercial software development with all the issues that come with it (see various hacks where they broke through these gateways).

Someone posted a story as part of this subthread here, i.e. if a passenger is able to access an airplane bus and issue engine control commands that actually do something, the overall security setup is utterly broken. The infotainment units in the passenger cabin requiring access to some internal bus is actually ok, but issuing flight control commands from these should be (silently?) ignored, and this can only happen if you partition the busses via such gateways, for example.

Funnily enough, in this case it also helps safety, because you can be more relaxed about the overall (software) quality of these infotainment units (decomposition effect in safety systems).