In 10.3 when you connect a mobile device like an iPad to the IFD, you have to go into user settings on the IFD, locate the device in the list, and set it to ALLOW. But the devices in the list are listed by their I: address.....which will potentially change when they connect on a different flight.

So the question is, when you ALLOW a device, is the IFD really only remembering the IP address to allow, or is it behind the scenes remembering the MAC address of the device and allowing that? The MAC would remain static, so even if the IP address changed, the IFD would still be able to identify and allow the mobile device without user intervention.

Thanks!

Note:  I learned recently that it's NOT necessarily true that a device's MAC address will remain static.

I was having trouble getting my Samsung phone to connect to my IFD, and finally figured out that it had a "MAC randomization" setting that defaulted to "on", apparently for privacy/security reasons.  Once I disabled that setting, I was able to see the phone's MAC address properly and allow it permission in the IFD to connect.

Had a safety pilot using an iphone with the randomize mac address feature on also -- pain in the ass.. 

I seriously wish that in a future release, Avidyne makes it optional to enable these "security" features. -- i can see that they would be useful in a commercial environment, but for my little part 91 airplane, its just a pita.

Given that most folks don't even have a wifi password on the in-plane net, MAC restriction I think is prudent. You just never know, there are bad guys and script kiddies all over.

* Orest

_phm_ wrote: From my previous IT Security background, I believe that access control and other security features, especially inside an airplane, are non-negotiable items - it really should be restrictive as possible. Having to fix your device MAC address in order to connect to your panel is a small price to pay.

MAC address is the wrong thing to enforce security by as MAC addresses can easily be changed to look like any other device.

IMHO the proper way would be to use a password on the network, of course passwords are only as secure as the holders of the password keep it.

In my case I have 2 devices with WIFI networks (on two different WiFi channels!!!) the IFD and the NGT-9000.  There is a password on the IFD's network only because it is possible to push flight plans from a tablet to the IFD and the last thing I need is a passenger pilot screwing with their tablet and accidentally push a new flight plan,  this is why I don't give out the password to the IFD.  If my (pilot) passenger wants traffic and weather they are welcome to connect to the NGT-9000, the WiFi on that device is open and the WiFi is a transmit only meaning that it ignores anything you send to the NGT-9000.

-PA