A cyber security researcher has worked out way to hack into passenger jets through the plane’s Wi-Fi and inflight entertainment systems. If confirmed, the claim could prompt a comprehensive restructure of aircraft security, and cast new scrutiny on the way aircraft electronic security has been managed in the past.
Ruben Santamarta is a consultant with cyber security firm IOActive and is scheduled to delve into the detailed technicalities of his discovery at this week’s Black Hat hacking conference in Las Vegas.
His presentation, centred around vulnerabilities in aerospace satellite communications systems, us expected to be one of the most widely watched at the annual conference.
“”These devices are wide open. The goal of this talk is to help change that situation,” the 32-year old security expert told Reuters.
Apparently Santamarta discovered the vulnerabilities through reverse engineering (or decoding) highly specialised software known as firmware. This firmware is normally used to operate communications equipment manufactured by Cobham Plc, Harris Corp, EchoStar Corp’s Hughes Network Systems, Iridium Communications Inc and Japan Radio Co Ltd.
Through doing so, he discovered a theory that an attacker could leverage a plane’s onboard Wi-Fi signal or inflight entertainment system to hack into its avionics equipment. This could allow them to disrupt or modify the plane’s satellite communications, potentially interfering with the aircraft’s navigation and safety systems.
However, Sartamarta has also acknowledged that his hacks proving the theory have been carried out in controlled test environments; in the real world they may be more difficult to execute.
Still, he says he has decided to make the research public to encourage manufacturers to fix what he perceives as dangerous security flaws.
Representatives for some of the firmware manufacturers involved said they had reviewed Santamarta’s research, but while some findings were true they are downplaying the risks.
For example, Cobham and its Aviation 700 aircraft satellite communications equipment was a key focus of Santamarta’s research, but it said that it was not possible for hackers to use the Wi-Fi signals for such nefarious purposes. According to Cobham, attackers must have physical access to Cobham’s equipment, which would be very difficult indeed.
“In the aviation and maritime markets we serve, there are strict requirements restricting such access to authorized personnel only,” explained Cobham spokesman Greg Caires.