Aircraft Communications Systems Vulnerable to Attacks – Black Hat Conference
Aircraft security at risk:
A security consultant has found out the vulnerabilities that enabled him to possibly hack the satellite communications equipment on passenger jets through the inflight WiFi and entertainment systems. Scheduled to share the details of this research at the Black Hat hacking conference in Las Vegas this week, Ruben Santamarta is being waited for his presentation that could help change the aircraft security mechanism. Black Hat hacking conference is held every year with an aim to help improve cyber security measures and identify growing threats posed to various industries globally. If this possibility of having been able to hack satellite communications proves to be right at the conference, the research could gear start an strong shift of aerospace security.
Santamarta of IOActive cyber security firm has said that he discovered these vulnerabilities by decoding the firmware used to operate the communications equipment. This inflight communications equipment is made by industry leaders like Cobham Plc, Harris Corp, EchoStar Corp's Hughes Network Systems, Iridium Communications Inc, and Japan Radio Co Ltd. By reverse engineering this seemingly highly secure software, Santamarta was successful to use a plane's WiFi signal and inflight entertainment system to hack into its avionics equipment potentially enabling any hacker to disrupt aircraft security or modify satellite communications.
Santamarta's presentation this Thursday will be one of the most watched at the conference especially by the aerospace industry as it could potentially reveal various vulnerabilities of the aircraft communications security system that could interfere with the aircraft's navigation and safety systems.
Note: Ruben Santamarta has only tested these flaws in the controlled testing environments of IOActive laboratory which could be harder to replicate in real aircraft security systems; however, researcher claims that this research can help manufacturers fix the potential security vulnerabilities.