Presenter to talk about hacking passenger jet equipment

Aug 05, 2014 by Nancy Owano weblog
Credit: Magnus Rosendahl, Public-domain-photos.com

Not the most comforting thought, but then again Black Hat is not an annual venue content with comforting its audience of hackers and security experts. They come to Black Hat events because they are out to learn more about the cybersecurity risks they need to address. A security consultant this week is to tell the Black Hat audience why and how passenger jets may be at risk of cyberattacks. Ruben Santamarta, principal security consultant at IOActive. said he has figured out how to hack satellite communications equipment on passenger jets through their Wi-Fi and inflight entertainment systems. Not surprisingly, tech sites on Monday were buzzing over his planned presentation this week, since satellite communications attacks, in the context of air travel, pose potentially such devastating consequences. Jim Finkle, Reuters correspondent, said the consultant's presentation is expected to be one of the most widely watched at the conference in Las Vegas.

According to Reuters, in theory, said Santamarta, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into avionics equipment. The result would be potentially disrupting or modifying satellite communications, and this could interfere with the aircraft's navigation and safety systems. Santamarta acknowledged that his hacks were tested only in controlled environments, such as IOActive's Madrid laboratory; they may be difficult to replicate in the real world.

The presentation is scheduled for Thursday, said Reuters. He had completed a 25-page research report earlier this year carrying details of what he said were bugs in firmware used in equipment for industries, including aerospace, military, maritime transportation, energy and communications. "The report laid out scenarios by which hackers could launch attacks, though it did not provide the level of technical details that Santamarta said he will disclose at Black Hat,"said Reuters. Santamarta said he will respond to the comments from manufacturers during his presentation, added Reuters, and then will take questions in an open Q&A session after the talk.

"Satellite Communications (SATCOM) play a vital role in the global telecommunications system," wrote IOActive in a recent news release. "We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage. The ability to disrupt, inspect, modify, or re-route traffic provides an invaluable opportunity to carry out attacks." The company said the Las Vegas presentation is to show technical details, "mainly based on static firmware analysis via reverse engineering," and is also to include a live demo.

Explore further: Satellite telecom vulnerable to hackers, researchers find

More information:www.reuters.com/article/2014/0… dUSKBN0G40WQ20140804
www.ioactive.com/news-events/i… at_DEF_CON_2014.html

add to favorites email to friend print save as pdf

Related Stories

SR Labs research to expose BadUSB next week in Vegas

Jul 31, 2014

A Berlin-based security research and consulting company will reveal how USB devices can do damage that can conduct two-way malice, from computer to USB or from USB to computer, and can survive traditional ...

Computer hackers and defenders mix in Las Vegas

Jul 24, 2012

Rival factions from the Internet security world will mix warily this week at a pair of Las Vegas conferences gathering computer security experts and software savants who make sport of hacking them.

Recommended for you

US seeks China's help after cyberattack

1 hour ago

The United States is asking China for help as it weighs potential responses to a cyberattack against Sony Pictures Entertainment that the U.S. has blamed on North Korea.

Impoverished North Korea falls back on cyber weapons

Dec 19, 2014

As one of the world's most impoverished powers, North Korea would struggle to match America's military or economic might, but appears to have settled on a relatively cheap method to torment its foe.

Five ways to make your email safer in case of a hack attack

Dec 19, 2014

The Sony hack, the latest in a wave of company security breaches, exposed months of employee emails. Other hacks have given attackers access to sensitive information about a company and its customers, such as credit-card ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

antialias_physorg
5 / 5 (2) Aug 05, 2014
a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into avionics equipment

Why are these systems even connected?
axemaster
not rated yet Aug 05, 2014
Exactly what I was thinking... it seems to be a recurrent theme that sensitive, mission critical equipment is never fully isolated from the shoddy, consumer garbage.
alfie_null
not rated yet Aug 06, 2014
a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into avionics equipment

Why are these systems even connected?

Another question to ask is: why isn't end to end security a mandated feature of all avionics? That way, regardless of the data transport, security would be maintained. Right now air to ground is a tiny pipe. In the near future as Internet connectivity for passenger entertainment takes off, that fat entertainment pipe will be irresistible for avionics also.

It's no longer particularly expensive to add security. Aviation companies just have inertia to overcome.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.