Aircraft can be hacked in flight says researcher



Ruben Santamarta, a cyber security expert, highlights problems with the satellite communication systems that open up planes to hacking through entertainment and WiFi systems.

Santamarta is a consultant at IOActive and is presenting a talk at the Black Hat conference in Las Vegas on Thursday. He claims to have reverse engineered the firmware in communications equipment from major companies such as Harris Corp and Hughes Network Systems to identify vulnerabilities in avionics equipment. 

Related: USB devices can be hacked maliciously

Santamarta's fear is that his theory identifies how hackers could get into the actual controls that manage an aircraft's navigation and safety systems through the ubiquitous inflight entertainment and WiFi systems already installed on most planes.

The hacks have not been tested outside of IOActive's Madrid labs and may not actually work in the real world, according to Santamarta, but the implications are serious enough to warrant exposure and lead to fixes from manufacturers.

Santamarta focused on the Aviation 700 aircraft satellite comms system from Cobham. Cobham spokesman Greg Caires has told Reuters news agency that hackers would have to have direct physical access to its equipment to be able to expose critical systems on a plane.

Santamarta may have identified a potential flaw but before you start panicking about watching inflight movies contributing to death in the skies, most vendors he pointed too have stated that the risks are very low.

Related: Everything is hackable including your car

In turn, Santamarta - who has published a 25-page report in April on numerous bugs in firmware in satellite communications equipment by Cobham, Harris, Hughes, as well as Iridium and Japan Radio Co -  believes that hackers can target hardcoded logins and passwords used by equipment makers to allow technicians direct access to these sensitive systems.

Black Hat believes that Santamarta is the first person to identify vulnerabilities in satellite communications equipment and Santamarta is prepared to answer his critics and supporters at the conference. Black Hat's conference organizers feel that while Santamarta isn't saying that someone could launch an attack on an airplane cockpit through its WiFi system the basic security issues are "pretty scary" and need to be addressed.




Joe Jejune

I am a gadget freak and love everything about technology. In my day job I work at a startup and help build applications for the healthcare industry. 


More

The iPhone feature people may never use – making phone calls with it

Everybody is talking about Apple selling 10 million new iPhones in the first week – well they aren’t actually talking about it, they're texting about it. Does anyone make actual phone calls with phones anymore?

Consortium, proprietary or platform agnostic? Who will control IoT?

There are so many competing 'standards' in the world of IoT that it's hard to see who might emerge as the winner.

Apple and Google enabling cop-proof encryption

Google has announced that new versions of Android will automatically enable encryption by default, and like Apple they say it will protect people from the police.