A cyber security expert claims to have found a way to hack passenger jets through their in-flight entertainment systems.
Ruben Santamarta revealed his research at last month’s Black Hat conference, a major hacking convention held in Las Vegas.
He explained how vulnerabilities in airlines’ satellite communications system can be exploited by hackers. Santamarta claimed that it is possible to use the Wi-Fi signal or in-flight entertainment system to hack into avionics equipment, providing access to interfere with navigation or safety systems.
He said his finding “doesn’t mean we can crash an aircraft”, although it may be possible to feed pilots erroneous data, which could be extremely dangerous.
IOActive stated 100% of satellite communications devices can be abused, including those by the world’s leading SATCOM vendors. Santamarta said: “These devices are wide open. The goal of this talk is to help change that situation”.
Multiple backdoors, hardcoded log-in details and weak encryption algorithms were just some of the issues highlighted in the communications firmware. Used on air, sea and land, the systems’ vulnerabilities provide a threat to military personnel, emergency services, industries and media providers.
The research by Santamarta, a consultant with security firm IOActive, has not yet been tested in the real world. He reverse engineered the firmware in laboratory conditions. Manufacturers have dismissed his work, claiming the risks are “small” or that hackers would need direct access to carry out an attack.
A similar issue was noted at last year’s Hack In The Box security conference in Amsterdam. Hugo Teso, a security expert and commercial pilot, raised concerns that it’s possible to take control over an aircraft’s flight path by delivering attack messages through an Android app.
His findings were dismissed by the Federal Aviation Administration. Teso, however, said he was in contact with members of the airline industry and they were working on addressing the issues.
No comments:
Post a Comment