Presenter to talk about hacking passenger jet equipment

Aug 05, 2014 by Nancy Owano weblog
Credit: Magnus Rosendahl,

Not the most comforting thought, but then again Black Hat is not an annual venue content with comforting its audience of hackers and security experts. They come to Black Hat events because they are out to learn more about the cybersecurity risks they need to address. A security consultant this week is to tell the Black Hat audience why and how passenger jets may be at risk of cyberattacks. Ruben Santamarta, principal security consultant at IOActive. said he has figured out how to hack satellite communications equipment on passenger jets through their Wi-Fi and inflight entertainment systems. Not surprisingly, tech sites on Monday were buzzing over his planned presentation this week, since satellite communications attacks, in the context of air travel, pose potentially such devastating consequences. Jim Finkle, Reuters correspondent, said the consultant's presentation is expected to be one of the most widely watched at the conference in Las Vegas.

According to Reuters, in theory, said Santamarta, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into avionics equipment. The result would be potentially disrupting or modifying satellite communications, and this could interfere with the aircraft's navigation and safety systems. Santamarta acknowledged that his hacks were tested only in controlled environments, such as IOActive's Madrid laboratory; they may be difficult to replicate in the real world.

The presentation is scheduled for Thursday, said Reuters. He had completed a 25-page research report earlier this year carrying details of what he said were bugs in firmware used in equipment for industries, including aerospace, military, maritime transportation, energy and communications. "The report laid out scenarios by which hackers could launch attacks, though it did not provide the level of technical details that Santamarta said he will disclose at Black Hat,"said Reuters. Santamarta said he will respond to the comments from manufacturers during his presentation, added Reuters, and then will take questions in an open Q&A session after the talk.

"Satellite Communications (SATCOM) play a vital role in the global telecommunications system," wrote IOActive in a recent news release. "We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage. The ability to disrupt, inspect, modify, or re-route traffic provides an invaluable opportunity to carry out attacks." The company said the Las Vegas presentation is to show technical details, "mainly based on static firmware analysis via reverse engineering," and is also to include a live demo.

Explore further: SR Labs research to expose BadUSB next week in Vegas


Related Stories

SR Labs research to expose BadUSB next week in Vegas

Jul 31, 2014

A Berlin-based security research and consulting company will reveal how USB devices can do damage that can conduct two-way malice, from computer to USB or from USB to computer, and can survive traditional ...

Computer hackers and defenders mix in Las Vegas

Jul 24, 2012

Rival factions from the Internet security world will mix warily this week at a pair of Las Vegas conferences gathering computer security experts and software savants who make sport of hacking them.

Recommended for you

NSA winds down once-secret phone-records collection program

May 24, 2015

The National Security Agency has begun winding down its collection and storage of American phone records after the Senate failed to agree on a path forward to change or extend the once-secret program ahead of its expiration ...

Adult dating website hack exposes personal data

May 22, 2015

A data breach at a website billed as "the world's largest sex and swinger" community may expose personal and sexual information on millions of users worldwide, a report said Friday.

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (2) Aug 05, 2014
a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into avionics equipment

Why are these systems even connected?
not rated yet Aug 05, 2014
Exactly what I was thinking... it seems to be a recurrent theme that sensitive, mission critical equipment is never fully isolated from the shoddy, consumer garbage.
not rated yet Aug 06, 2014
a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into avionics equipment

Why are these systems even connected?

Another question to ask is: why isn't end to end security a mandated feature of all avionics? That way, regardless of the data transport, security would be maintained. Right now air to ground is a tiny pipe. In the near future as Internet connectivity for passenger entertainment takes off, that fat entertainment pipe will be irresistible for avionics also.

It's no longer particularly expensive to add security. Aviation companies just have inertia to overcome.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.