Avidyne Homepage
Forum Home Forum Home > Avidyne General > IFD 5 Series & IFD 4 Series Touch Screen GPS/NAV/COM
  New Posts New Posts RSS Feed - Question about 10.3 Wifi Block/Allow Feature
  FAQ FAQ  Forum Search   Register Register  Login Login

Question about 10.3 Wifi Block/Allow Feature

 Post Reply Post Reply
Author
Message
jimmyz80 View Drop Down
Groupie
Groupie
Avatar

Joined: 24 Jul 2016
Location: Folsom, CA
Status: Offline
Points: 96
Post Options Post Options   Thanks (0) Thanks(0)   Quote jimmyz80 Quote  Post ReplyReply Direct Link To This Post Topic: Question about 10.3 Wifi Block/Allow Feature
    Posted: 01 May 2024 at 11:59pm
I'm hoping someone from Avidyne can chime in with some insight on something I've been curious about...

In 10.3 when you connect a mobile device like an iPad to the IFD, you have to go into user settings on the IFD, locate the device in the list, and set it to ALLOW. But the devices in the list are listed by their I: address.....which will potentially change when they connect on a different flight.

So the question is, when you ALLOW a device, is the IFD really only remembering the IP address to allow, or is it behind the scenes remembering the MAC address of the device and allowing that? The MAC would remain static, so even if the IP address changed, the IFD would still be able to identify and allow the mobile device without user intervention.

Thanks!
2006 Cirrus SR22 - IFD540 IFD440 DFC90 AXP322 MLB100
Back to Top
AviSteve View Drop Down
Admin Group
Admin Group
Avatar

Joined: 12 Feb 2018
Location: Melbourne, FL
Status: Offline
Points: 2168
Post Options Post Options   Thanks (1) Thanks(1)   Quote AviSteve Quote  Post ReplyReply Direct Link To This Post Posted: 02 May 2024 at 6:48pm
It uses mac address behind the scenes.
Steve Lindsley
Avidyne Engineering
Back to Top
jimmyz80 View Drop Down
Groupie
Groupie
Avatar

Joined: 24 Jul 2016
Location: Folsom, CA
Status: Offline
Points: 96
Post Options Post Options   Thanks (0) Thanks(0)   Quote jimmyz80 Quote  Post ReplyReply Direct Link To This Post Posted: 02 May 2024 at 10:34pm
Thanks for the confirmation!
2006 Cirrus SR22 - IFD540 IFD440 DFC90 AXP322 MLB100
Back to Top
MysticCobra View Drop Down
Senior Member
Senior Member
Avatar

Joined: 29 Jan 2013
Status: Offline
Points: 653
Post Options Post Options   Thanks (0) Thanks(0)   Quote MysticCobra Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2024 at 10:02am
Originally posted by jimmyz80 jimmyz80 wrote:

The MAC would remain static, so even if the IP address changed, the IFD would still be able to identify and allow the mobile device without user intervention.

Note:  I learned recently that it's NOT necessarily true that a device's MAC address will remain static.

I was having trouble getting my Samsung phone to connect to my IFD, and finally figured out that it had a "MAC randomization" setting that defaulted to "on", apparently for privacy/security reasons.  Once I disabled that setting, I was able to see the phone's MAC address properly and allow it permission in the IFD to connect.


Edited by MysticCobra - 03 May 2024 at 10:04am
Back to Top
ricardo View Drop Down
Senior Member
Senior Member


Joined: 17 Jan 2022
Location: Seattle, wa
Status: Offline
Points: 134
Post Options Post Options   Thanks (0) Thanks(0)   Quote ricardo Quote  Post ReplyReply Direct Link To This Post Posted: 20 May 2024 at 1:42am
Originally posted by MysticCobra MysticCobra wrote:

Originally posted by jimmyz80 jimmyz80 wrote:

The MAC would remain static, so even if the IP address changed, the IFD would still be able to identify and allow the mobile device without user intervention.

Note:  I learned recently that it's NOT necessarily true that a device's MAC address will remain static.

I was having trouble getting my Samsung phone to connect to my IFD, and finally figured out that it had a "MAC randomization" setting that defaulted to "on", apparently for privacy/security reasons.  Once I disabled that setting, I was able to see the phone's MAC address properly and allow it permission in the IFD to connect.

Had a safety pilot using an iphone with the randomize mac address feature on also -- pain in the ass.. 

I seriously wish that in a future release, Avidyne makes it optional to enable these "security" features. -- i can see that they would be useful in a commercial environment, but for my little part 91 airplane, its just a pita.
Back to Top
_phm_ View Drop Down
Groupie
Groupie


Joined: 08 May 2023
Location: brazil
Status: Offline
Points: 74
Post Options Post Options   Thanks (1) Thanks(1)   Quote _phm_ Quote  Post ReplyReply Direct Link To This Post Posted: 20 May 2024 at 6:16am
From my previous IT Security background, I believe that access control and other security features, especially inside an airplane, are non-negotiable items - it really should be restrictive as possible. Having to fix your device MAC address in order to connect to your panel is a small price to pay.
Back to Top
oskrypuch View Drop Down
Senior Member
Senior Member


Joined: 09 Nov 2012
Location: CYFD
Status: Offline
Points: 3060
Post Options Post Options   Thanks (0) Thanks(0)   Quote oskrypuch Quote  Post ReplyReply Direct Link To This Post Posted: 21 May 2024 at 9:11am
Given that most folks don't even have a wifi password on the in-plane net, MAC restriction I think is prudent. You just never know, there are bad guys and script kiddies all over.

* Orest
Back to Top
PA23 View Drop Down
Senior Member
Senior Member


Joined: 12 Oct 2019
Location: MMU
Status: Offline
Points: 304
Post Options Post Options   Thanks (0) Thanks(0)   Quote PA23 Quote  Post ReplyReply Direct Link To This Post Posted: 21 May 2024 at 9:31am
Originally posted by _phm_ _phm_ wrote:

From my previous IT Security background, I believe that access control and other security features, especially inside an airplane, are non-negotiable items - it really should be restrictive as possible. Having to fix your device MAC address in order to connect to your panel is a small price to pay.


MAC address is the wrong thing to enforce security by as MAC addresses can easily be changed to look like any other device.

IMHO the proper way would be to use a password on the network, of course passwords are only as secure as the holders of the password keep it.

In my case I have 2 devices with WIFI networks (on two different WiFi channels!!!) the IFD and the NGT-9000.  There is a password on the IFD's network only because it is possible to push flight plans from a tablet to the IFD and the last thing I need is a passenger pilot screwing with their tablet and accidentally push a new flight plan,  this is why I don't give out the password to the IFD.  If my (pilot) passenger wants traffic and weather they are welcome to connect to the NGT-9000, the WiFi on that device is open and the WiFi is a transmit only meaning that it ignores anything you send to the NGT-9000.

-PA
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.01
Copyright ©2001-2018 Web Wiz Ltd.

This page was generated in 0.108 seconds.