A security expert claims that he has found a way to break into the satellite communications systems of passenger planes while the aircraft is in motion.
Ruben Santamarta, a cyber security consultant at IOActive, conducted research on how to disrupt the navigation and safety systems of commercial aircraft. He found his way in through the in-flight entertainment and Wi-Fi systems of passenger planes.
Santamarta is expected to reveal the details of his research at the Black Hat convention, a hacking conference happening in Las Vegas later this week.
Santamarta said that he discovered the vulnerabilities by reverse engineering the firmware in communications equipment made by Cobham Plc, Iridium Communications, Harris, Japan Radio Co. Ltd and Hughes Network Systems. In his 25-page report, he said that the satellite communications equipment made by the companies had multiple software bugs.
"These devices are wide open. The goal of this talk is to help change the situation," Santamarta told Reuters.
The main security flaw unearthed by Santamarta pertains to "hardcoded" credentials. He claims that the feature, which gives technicians access to equipment with just one login and password, can be exploited by hackers to gain access to a flight's safety systems.
Santamarta also claims that a hacker can break into an aircraft's avionics equipment through the Wi-Fi signal or in-flight entertainment system. However, since his theory has only been tested in controlled environments, it is unclear whether the vulnerability can be exploited in a real flight.
Representatives from the companies that Santamarta named have downplayed his findings, even though they have addressed the flaws that he revealed.
"We have determined that the risk to Iridium subscribers is minimal, but we are taking precautionary measures to safeguard our users," Diane Hockenberry, a spokesperson for Iridium, told Reuters.
Santamarta said that he will respond to manufacturers during his talk at Black Hat. Some of the companies he named, particularly Cobham, have flat out denied that the navigation and security systems of planes can be disrupted through the Wi-Fi signal. However, if his claims turn out to be true, it may trigger a complete review of air travel security.