Aircraft can be hacked in flight says researcher

Ruben Santamarta, a cyber security expert, highlights problems with the satellite communication systems that open up planes to hacking through entertainment and WiFi systems.

Santamarta is a consultant at IOActive and is presenting a talk at the Black Hat conference in Las Vegas on Thursday. He claims to have reverse engineered the firmware in communications equipment from major companies such as Harris Corp and Hughes Network Systems to identify vulnerabilities in avionics equipment. 

Santamarta’s fear is that his theory identifies how hackers could get into the actual controls that manage an aircraft’s navigation and safety systems through the ubiquitous inflight entertainment and WiFi systems already installed on most planes.

The hacks have not been tested outside of IOActive’s Madrid labs and may not actually work in the real world, according to Santamarta, but the implications are serious enough to warrant exposure and lead to fixes from manufacturers.

Santamarta focused on the Aviation 700 aircraft satellite comms system from Cobham. Cobham spokesman Greg Caires has told Reuters news agency that hackers would have to have direct physical access to its equipment to be able to expose critical systems on a plane.

Santamarta may have identified a potential flaw but before you start panicking about watching inflight movies contributing to death in the skies, most vendors he pointed too have stated that the risks are very low.

In turn, Santamarta – who has published a 25-page report in April on numerous bugs in firmware in satellite communications equipment by Cobham, Harris, Hughes, as well as Iridium and Japan Radio Co –  believes that hackers can target hardcoded logins and passwords used by equipment makers to allow technicians direct access to these sensitive systems.

Black Hat believes that Santamarta is the first person to identify vulnerabilities in satellite communications equipment and Santamarta is prepared to answer his critics and supporters at the conference. Black Hat’s conference organizers feel that while Santamarta isn’t saying that someone could launch an attack on an airplane cockpit through its WiFi system the basic security issues are “pretty scary” and need to be addressed.