Hacking Electronic Flight Bags. Airbus NAVBLUE Flysmart+ Manager

Researchers found that the Flysmart+ Manager iOS EFB app from Airbus/NAVBLUE had App Transport Security and certificate validation disabled, permitting insecure HTTP traffic and exposing pilots to man‑in‑the‑middle attacks on untrusted Wi‑Fi that could tamper with performance and operational data (e.g., engine calculations, runway info). The issue, visible via intercepted downloads including SQLite databases, posed safety risks unlikely to be caught by SOP cross‑checks; Airbus confirmed, replicated, and remediated the flaw after coordinated disclosure, aligning fixes with aviation’s longer certification timelines.