A consultant with the cyber security firm IOActive, Santamarta, is skilled in hacking and, as part of a planned presentation for the upcoming Black Hat hacking conference in Las Vegas, has released the results of an operation where he successfully hacked a passenger jet. Breaking in through the Wi-Fi and in-flight entertainment systems, Santamarta gained access to the crucial data and control over the jet’s communications equipment.
Black Hat is an annual convention that focuses thousands of hackers and security experts on solving present cyber threats in the security world, as well as forming future safety measures.
Santamarta’s Thursday presentation on airline threats is highly anticipated. His researched unveiled the hidden risks and liabilities of “reverse engineering” of highly specialized firmware that is used to control the communications equipment. Major manufacturers such as Cobham Plc, Harris Corp, EchoStar Corp's Hughes Network Systems, Iridium Communications Inc and Japan Radio Co Ltd all had products breached as part of the research and were alerted of the vulnerabilities. Spokespeople from all the companies however downplayed the research, citing nuances of the study.
Santamarta’s method was only tested in controlled environments, such as IOActive’s Madrid laboratory, and might prove difficult to repeat in real world settings. Cobham’s Aviation 700 aircraft satellite communications equipment was a major focus of the research. Cobham claimed that with their technology, hacking into a plane’s onboard Wi-Fi signal or in-flight entertainment system to subvert avionics, would require physical access to equipment rather than remote.
Santamarta stressed that his research was made public to urge manufacturers to fix flaws he saw in their security systems.
One common issue Santmarta found in all five major manufacturers’ equipment was “hardcoded” log-in credentials, which are intended to allow universal access to all equipment pieces for service technicians. Hackers have the ability to find those password and fake credentials to access the susceptible equipment.
Santamarta’s presentation will be the first, according to Black Hat review board member Vincenzo Iozzo, to address satellite communications equipment failings. Black Hat has been controversial in the past, such as in 2011, when Charlie Miller and Collin Mulliner presented on attacking iPhones through text messages, prompting a review by Apple.
Edited by Adam Brandt