A security researcher has discovered a Wi-Fi vulnerability that could allow hackers to attack passenger jets. Here’s what you need to know about this threat.
1. Researcher Ruben Santamarta Discovered the Vulnerability
— RT America (@RT_America) August 4, 2014
Reuters reports that Ruben Santamarta of cyber security firm IOActive has discovered a vulnerability in Wi-Fi and in-flight entertainment systems that could endanger the security of passenger flights around the globe. Hackers could compromise navigation and safety systems on the aircraft. Santamarta plans to fully outline his findings at this week’s Black Hat hacking conference in Las Vegas.
Reuters includes a comment from a Black Hat leader in their coverage of Santamarta’s discovery, which seems to indicate that the threat to airline security could be quite a big problem:
“Vincenzo Iozzo, a member of Black Hat’s review board, said Santamarta’s paper marked the first time a researcher had identified potentially devastating vulnerabilities in satellite communications equipment.
‘I am not sure we can actually launch an attack from the passenger inflight entertainment system into the cockpit,’ he said. “‘he core point is the type of vulnerabilities he discovered are pretty scary just because they involve very basic security things that vendors should already be aware of.'”
2. Airline Wi-Fi Manufacturers Are Downplaying the Risks
If you want to protect your terrestrial Wi-Fi, the podcast episode above has some great tips.
Santamarta says that the firmware used in satellite communications equipment made by Cobham, Harris, Hughes, Iridium and Japan Radio Co are all potentially vulnerable. In addition to use in airplanes, these types of equipment are also used on ships and in the military. The Reuters report includes comments from a number of spokesmen at these companies.
“Representatives for Cobham, Harris, Hughes and Iridium said they had reviewed Santamarta’s research and confirmed some of his findings, but downplayed the risks.
For instance, Cobham, whose Aviation 700 aircraft satellite communications equipment was the focus of Santamarta’s research, said it is not possible for hackers to use WiFi signals to interfere with critical systems that rely on satellite communications for navigation and safety. The hackers must have physical access to Cobham’s equipment, according to Cobham spokesman Greg Caires.”
3. Another Security Flaw Was Recently Found
This Wi-Fi vulnerability on aircraft has come to light just one week after another researcher presenting at Black Hat unveiled a security threat inherent in USB technology. In theory, an infected USB drive could infect a computer, and leave no trace of its damage.
4. Airlines Are in the Midst of Adding More Wi-Fi
The podcast above talks about the dangers of unencrypted Wi-Fi.
All of this news come in the wake of recent trends to add enhanced Wi-Fi to the in-flight experience. Consumer Reports recently ran a piece about in-flight Wi-Fi, which stated that over half of all domestic flights have on-board Wi-Fi, with US Airways offering Wi-Fi on almost 90 percent of their flights.
5. Wi-Fi Isn’t the Only Tech Vulnerability Airlines Must Contend With
The video above from last year’s Black Hat conference reveals how hackers can use Smart TVs to spy on people.
Two years ago, at a previous Black Hat conference, hackers announced they had found a vulnerability in air traffic control systems. The vulnerability was discovered by security researcher Andrei Costin, then a PhD candidate in France. Costin claimed that he could spoof air traffic controllers with about $1,000 worth of equipment.