Researcher Can Hack Airplanes Through In-Flight Entertainment Systems

  • 4 August 2014
  • 9 replies
  • 1103 views

Userlevel 7
Badge +54
This one really is scary, the entertainment systems should be on a different network and isolated from the main aircraft network. Unless this is sorted we could be looking at an attack which could dwarf 9/11.
 
Adam Clark Estes 4th August 2014
 


 
If you're about to get on an airplane, you might want to wait until you land before you read this post. Because cyber security whiz Ruben Santamarta has devised a method that can give hackers access to a passenger jet's satellite communications equipment through the passenger Wi-Fi and in-flight entertainment systems*. And that's scary.
Santamarta will present his research to the Black Hat security conference in Las Vegas this week. Reuters says that his talk "is expected to be one of the most widely watched at the conference." That makes good sense since the exploit affects some of the most common satellite communications equipment on the market. These systems are used not only in airplanes but also ships, military vehicles, as well as industrial facilities like oil rigs, gas pipelines, and wind turbines. The hack targets the equipment's firmware and gives hackers the ability to manipulate the avionics system, which in turn could affect navigation.
 
Full Article

9 replies

Userlevel 6
I dont understand why the researchers publicize their findings before the cybercriminals have found the vulnerability. IMHO, it may better serve the public if they find the vulnerabilities and correct them before they announce it. Just saying...
 
And now I have another reason to avoid flying!
 
Good article, thanks for sharing!
Userlevel 7
Badge +56
Yikes, I'm not flying anywhere until this one is fixed!
Userlevel 7
Whoooooooooooooooo there goes my frequent flyer miles.. Will stick with my car for the time being. !!!!!!!!!!!!!!
Userlevel 7
Badge +62
Hello Jasper!
😠 Great and scary! In fact I love to fly and haven't a choice actually. But yes why does the news tell everyone how its possible and can be done! I really feel protected by these news reporters! NOT!
Userlevel 6
Well as stated in the article we don't know how practical and easy this is, so I wouldn't be too scared unless we get some details.
@Heirgashtee wrote:
I dont understand why the researchers publicize their findings before the cybercriminals have found the vulnerability. IMHO, it may better serve the public if they find the vulnerabilities and correct them before they announce it. Just saying...
 

There were many cases were companies just ignored security flaws until they were either brought to public or abused by a blackhat. So I think if you want to change something you have to publicize it.
 
 
Userlevel 7
I think that the reason researchers publicise their findings before the cybercriminals have found the vulnerability, is because the powers that be, i.e., thos in whose systems that the vulnerabilities have been found are often slow to take the threat seriously...but will do when they become public knowledge.
 
And I very much suspect that in reality the relevant authorities are made aware before the public exposure and are therefore working on or have already fixed the particular problem...after all the researchers are explaining at this year's Red Hat...I cannot believe that they have found the vulnerability just before the prime venue for the revelation...that would just be TOO coincidental for words. :D
 
Baldrick
Userlevel 6
@ wrote:
Well as stated in the article we don't know how practical and easy this is, so I wouldn't be too scared unless we get some details.
@Heirgashtee wrote:
I dont understand why the researchers publicize their findings before the cybercriminals have found the vulnerability. IMHO, it may better serve the public if they find the vulnerabilities and correct them before they announce it. Just saying...
 

There were many cases were companies just ignored security flaws until they were either brought to public or abused by a blackhat. So I think if you want to change something you have to publicize it.
 
 
Yes, I agree, I personaly feel better about it when I hear that it was found AND fixed. The article left me with the impression that it is not yet fixed.
 
That leaves me a bit scared and I already having a fear of flying.
 
Thanks everyone for all your input!
 
Great discussion!
Userlevel 7
Badge +54
Here is an update to the article with more info showing vulnerable Satellite Communication Devices devices. The added scary thought is that things like shipping are just as vulnerable, I would expect it to be anything that uses Satellite Communication that is at risk.
 
by paganinip on August 5th, 2014
 
"Satellite Communication Devices are vulnerable to cyber attacks due the presence of critical design flaws in the firmware of principal satellite terrestrial equipment. Different satellite systems manufactured by some of the world’s biggest government contractors are affected by severe vulnerabilities in software and ground-based satellite systems manufactured by British suppliers Cobham and Inmarsat.[img]http://securityaffairs.co/wordpress/wp-content/uploads/2014/04/Satellite-components-flawed.png[/img]
He discovered that bad actors can hijack and disrupt communication links used in various industries including defense, aviation and communications with serious consequences for the population.The researcher explains that ships, aircraft and industrial facilities are all potentially vulnerable to cyber attacks that could have with catastrophic results." Full Article
Userlevel 6

DON'T PANIC! Satellite comms hacking won't be able to crash an aircraft

Cute idea but it just won't fly

By Iain Thomson, 8 Aug 2014  Black Hat 2014 Nervous fliers have one less thing to worry about after it turns out that, despite some alarmist reports, hackers won't be making planes fall out of the sky any time soon.
 
The sensational headlines came after reporters learned that Ruben Santamarta, a consultant with security firm IOActive, was going to talk at Black Hat about insecure satellite communications systems on aircraft. Now that he's given the full presentation at the conference in Las Vegas on Thursday, we can tell you what the deal is.
 
"We can disrupt satellite signals and modify the data channel but that doesn't mean you can completely control the aircraft," Santamarta said.
 
Full story

Reply