Presenter to talk about hacking passenger jet equipment

Aug 05, 2014 by Nancy Owano weblog
Credit: Magnus Rosendahl, Public-domain-photos.com

Not the most comforting thought, but then again Black Hat is not an annual venue content with comforting its audience of hackers and security experts. They come to Black Hat events because they are out to learn more about the cybersecurity risks they need to address. A security consultant this week is to tell the Black Hat audience why and how passenger jets may be at risk of cyberattacks. Ruben Santamarta, principal security consultant at IOActive. said he has figured out how to hack satellite communications equipment on passenger jets through their Wi-Fi and inflight entertainment systems. Not surprisingly, tech sites on Monday were buzzing over his planned presentation this week, since satellite communications attacks, in the context of air travel, pose potentially such devastating consequences. Jim Finkle, Reuters correspondent, said the consultant's presentation is expected to be one of the most widely watched at the conference in Las Vegas.

According to Reuters, in theory, said Santamarta, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into avionics equipment. The result would be potentially disrupting or modifying satellite communications, and this could interfere with the aircraft's navigation and safety systems. Santamarta acknowledged that his hacks were tested only in controlled environments, such as IOActive's Madrid laboratory; they may be difficult to replicate in the real world.

The presentation is scheduled for Thursday, said Reuters. He had completed a 25-page research report earlier this year carrying details of what he said were bugs in firmware used in equipment for industries, including aerospace, military, maritime transportation, energy and communications. "The report laid out scenarios by which hackers could launch attacks, though it did not provide the level of technical details that Santamarta said he will disclose at Black Hat,"said Reuters. Santamarta said he will respond to the comments from manufacturers during his presentation, added Reuters, and then will take questions in an open Q&A session after the talk.

"Satellite Communications (SATCOM) play a vital role in the global telecommunications system," wrote IOActive in a recent news release. "We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage. The ability to disrupt, inspect, modify, or re-route traffic provides an invaluable opportunity to carry out attacks." The company said the Las Vegas presentation is to show technical details, "mainly based on static firmware analysis via reverse engineering," and is also to include a live demo.

Explore further: Satellite telecom vulnerable to hackers, researchers find

More information:www.reuters.com/article/2014/0… dUSKBN0G40WQ20140804
www.ioactive.com/news-events/i… at_DEF_CON_2014.html

add to favorites email to friend print save as pdf

Related Stories

SR Labs research to expose BadUSB next week in Vegas

Jul 31, 2014

A Berlin-based security research and consulting company will reveal how USB devices can do damage that can conduct two-way malice, from computer to USB or from USB to computer, and can survive traditional ...

Computer hackers and defenders mix in Las Vegas

Jul 24, 2012

Rival factions from the Internet security world will mix warily this week at a pair of Las Vegas conferences gathering computer security experts and software savants who make sport of hacking them.

Recommended for you

Automakers aim to drive away car computer hackers

10 hours ago

Against the team of hackers, the poor car stood no chance. Meticulously overwhelming its computer networks, the hackers showed that—given time—they would be able to pop the trunk and start the windshield ...

Man pleads guilty in New York cybercrime case

Nov 22, 2014

A California man has pleaded guilty in New York City for his role marketing malware that federal authorities say infected more than a half-million computers worldwide.

How to keep the world's eyes out of your webcam

Nov 21, 2014

There are concerns that thousands of private webcams around the world could be streaming live images to anybody who wishes to view them – without their owner knowing – thanks to a Russian website provi ...

Britain urges Russia to shut down webcam spying site

Nov 20, 2014

A Russian website offering thousands of live feeds peering into bedrooms and offices around the world by accessing poorly secured webcams should be taken down immediately, British officials said on Thursday.

NSA Director: China can damage US power grid

Nov 20, 2014

China and "one or two" other countries are capable of mounting cyberattacks to shut down the electric grid in parts of the United States. That's according to Admiral Michael Rogers, the director of the National Security Agency ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

antialias_physorg
5 / 5 (2) Aug 05, 2014
a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into avionics equipment

Why are these systems even connected?
axemaster
not rated yet Aug 05, 2014
Exactly what I was thinking... it seems to be a recurrent theme that sensitive, mission critical equipment is never fully isolated from the shoddy, consumer garbage.
alfie_null
not rated yet Aug 06, 2014
a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into avionics equipment

Why are these systems even connected?

Another question to ask is: why isn't end to end security a mandated feature of all avionics? That way, regardless of the data transport, security would be maintained. Right now air to ground is a tiny pipe. In the near future as Internet connectivity for passenger entertainment takes off, that fat entertainment pipe will be irresistible for avionics also.

It's no longer particularly expensive to add security. Aviation companies just have inertia to overcome.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.