Hacker claims commercial flights at risk for cyberattacks

Not all hackers are the bad guys -- for example, wearing the white techno-hat is Ruben Santamarta, a cybersecurity researcher who consults for cybersecurity firm IOActive.

Santamarta has discovered satellite communications equipment on commercial airliners can be exploited through flaws that can compromise the security of in-flight entertainment systems and Wi-Fi.

Santamarta claims that satellite communications systems in many other industries in addition to commercial aviation can be hacked through the same flaws.

He used reverse engineering on firmware to uncover these vulnerabilities. Equipment manufactured by Cobham Plc., Harris Corp., EchoStar Corp.'s Hughes Network Systems, Iridium Communications. and Japan Radio Co. were found to use firmware that is particularly at risk.

In a worst-case scenario, a hacker could manipulate an onboard Wi-Fi signal or an inflight entertainment system to break into avionics equipment, interfering with or disconnecting its satellite communications. This could play havoc with safety, communications and navigation systems.

Santamarta revealed that his research has only been conducted in a controlled environment in IOActive labs, one that does not necessarily reflect a real-world situation. Still, he warns the industries potentially affected to fix these flaws in an abundance of caution.

The companies that Santamarta specifically called to action do not seem to be concerned about their level of exposure, despite confirming some of Santamarta's findings.

One company, Cobham, claimed that hackers working remotely could not possibly get into its aircraft satellite communications equipment through Wi-Fi signals, since the hackers would need physical access to the company's equipment.

"In the aviation and maritime markets we serve, there are strict requirements restricting such access to authorized personnel only," said Cobham spokesman Greg Caires.

Santamarta will be a featured speaker at this week's Black Hat (despite the name, not the bad guys) hacking conference in Las Vegas, where Santamarta will expand on the details of his research and take questions from attendees. Perhaps he will discuss the possibility that Malaysia Airlines flight 370, which vanished during its flight from Kuala Lumpur to Beijing, was the victim of a cyberattack that crippled its communications and/or navigation systems, as some have theorized.

"These devices are wide open. The goal of this talk is to help change that situation," said Santamarta.

The Black Hat Conference is in its 17th year, and claims to set "the benchmark for all other security conferences." The six-day event includes briefings, training, education, networking and skill-building experiences.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics