Presenter to talk about hacking passenger jet equipment

August 5, 2014 by Nancy Owano weblog
Credit: Magnus Rosendahl,

Not the most comforting thought, but then again Black Hat is not an annual venue content with comforting its audience of hackers and security experts. They come to Black Hat events because they are out to learn more about the cybersecurity risks they need to address. A security consultant this week is to tell the Black Hat audience why and how passenger jets may be at risk of cyberattacks. Ruben Santamarta, principal security consultant at IOActive. said he has figured out how to hack satellite communications equipment on passenger jets through their Wi-Fi and inflight entertainment systems. Not surprisingly, tech sites on Monday were buzzing over his planned presentation this week, since satellite communications attacks, in the context of air travel, pose potentially such devastating consequences. Jim Finkle, Reuters correspondent, said the consultant's presentation is expected to be one of the most widely watched at the conference in Las Vegas.

According to Reuters, in theory, said Santamarta, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into avionics equipment. The result would be potentially disrupting or modifying satellite communications, and this could interfere with the aircraft's navigation and safety systems. Santamarta acknowledged that his hacks were tested only in controlled environments, such as IOActive's Madrid laboratory; they may be difficult to replicate in the real world.

The presentation is scheduled for Thursday, said Reuters. He had completed a 25-page research report earlier this year carrying details of what he said were bugs in firmware used in equipment for industries, including aerospace, military, maritime transportation, energy and communications. "The report laid out scenarios by which hackers could launch attacks, though it did not provide the level of technical details that Santamarta said he will disclose at Black Hat,"said Reuters. Santamarta said he will respond to the comments from manufacturers during his presentation, added Reuters, and then will take questions in an open Q&A session after the talk.

"Satellite Communications (SATCOM) play a vital role in the global telecommunications system," wrote IOActive in a recent news release. "We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage. The ability to disrupt, inspect, modify, or re-route traffic provides an invaluable opportunity to carry out attacks." The company said the Las Vegas presentation is to show technical details, "mainly based on static firmware analysis via reverse engineering," and is also to include a live demo.

Explore further: ATM hack promises teller machine jackpot


Related Stories

Computer hackers and defenders mix in Las Vegas

July 24, 2012

Rival factions from the Internet security world will mix warily this week at a pair of Las Vegas conferences gathering computer security experts and software savants who make sport of hacking them.

SR Labs research to expose BadUSB next week in Vegas

July 31, 2014

A Berlin-based security research and consulting company will reveal how USB devices can do damage that can conduct two-way malice, from computer to USB or from USB to computer, and can survive traditional "cleaning" protective ...

Recommended for you

Smart home heating and cooling

August 28, 2015

Smart temperature-control devices—such as thermostats that learn and adjust to pre-programmed temperatures—are poised to increase comfort and save energy in homes.


Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (2) Aug 05, 2014
a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into avionics equipment

Why are these systems even connected?
not rated yet Aug 05, 2014
Exactly what I was thinking... it seems to be a recurrent theme that sensitive, mission critical equipment is never fully isolated from the shoddy, consumer garbage.
not rated yet Aug 06, 2014
a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into avionics equipment

Why are these systems even connected?

Another question to ask is: why isn't end to end security a mandated feature of all avionics? That way, regardless of the data transport, security would be maintained. Right now air to ground is a tiny pipe. In the near future as Internet connectivity for passenger entertainment takes off, that fat entertainment pipe will be irresistible for avionics also.

It's no longer particularly expensive to add security. Aviation companies just have inertia to overcome.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.