Ruben Santamarta says planes are at risk of cyber attack through Wi-Fi


comments

A Berlin-based hacker claims to have found a way to infiltrate communication systems on planes through Wi-Fi and inflight entertainment systems.

Ruben Santamarta, a consultant with cyber security firm IOActive, is scheduled to explain his method at this week's Black Hat hacking conference in Las Vegas.

If his claim is confirmed, it could prompt a serious review of aircraft security.

Exposing threats: Cybersecurity researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems

Exposing threats: Cybersecurity researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems

'These devices are wide open. The goal of this talk is to help change that situation,' Mr Santamarta, 32, told Reuters.

The researcher said he discovered the vulnerabilities by 'reverse engineering' - or decoding - highly specialised software known as firmware, used to operate communications equipment.

 

This equipment is made by companies including Cobham Plc, Harris Corp, EchoStar Corp's Hughes Network Systems, Iridium Communications Inc and Japan Radio Co Ltd.

In theory, a hacker could use a plane's onboard Wi-Fi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications.

This could interfere with the aircraft's navigation and safety systems, Mr Santamarta said.

Risk: In theory, study shows a hacker could use a plane's onboard Wi-Fi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communication

Risk: In theory, study shows a hacker could use a plane's onboard Wi-Fi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communication

SHOULD WE BE WORRIED?

Cyber security experts believe it's too early to say for certain.

Mr Santamarta admits he doesn't know how practical his hack would be in the real world. He has only been able to create the exploit in a lab setting.

But if his method proves successful, the hack could give would criminals access to a plane's navigation system.

Manufacturer, Combam - whose Aviation 700 aircraft equipment was the focus of the research - said hackers must have physical access to Cobham's equipment for the hack to be successful.

More will be known later this week when Mr Santamarta reveals how he hacked the equipment.

Mr Santamarta said he decided to go public to encourage manufacturers to fix what he saw as risky security flaws.

He acknowledged that his hacks have only been tested in controlled environments, such as IOActive's Madrid laboratory, and they might be difficult to replicate in the real world.

Mr Santamarta said he decided to go public to encourage manufacturers to fix what he saw as risky security flaws.

Representatives for Cobham, Harris, Hughes and Iridium said they had reviewed Mr Santamarta's research and confirmed some of his findings, but downplayed the risks.

For instance, Cobham, whose Aviation 700 aircraft satellite communications equipment was the focus of Santamarta's research, said it is not possible for hackers to use Wi-Fi signals to interfere with critical systems that rely on satellite communications for navigation and safety.

The hackers must have physical access to Cobham's equipment, according to Cobham spokesman Greg Caires.

'In the aviation and maritime markets we serve, there are strict requirements restricting such access to authorised personnel,' said Mr Caires.

Forced to re-evaluate: Details are sketchy about how the hack was done. Mr Santamarta has revealed that one vulnerability in equipment from all five manufacturers was the use of 'hardcoded' log-in credentials

Forced to re-evaluate: Details are sketchy about how the hack was done. Mr Santamarta has revealed that one vulnerability in equipment from all five manufacturers was the use of 'hardcoded' log-in credentials

HOW WAS THE HACK ACHIEVED?

Details are still sketchy about how the hack was done.

Mr Santamarta, however, has revealed that one vulnerability in equipment from all five manufacturers was the use of 'hardcoded' log-in credentials.

These are designed to let service technicians access any piece of equipment with the same login and password.

The problem is that hackers can retrieve those passwords by hacking into the firmware, then use the credentials to access sensitive systems, Mr Santamarta said.

A Japan Radio Co spokesman declined to comment, saying information on such vulnerabilities was not public.

Black Hat, which was founded in 1997, has often been a venue for hackers to present breakthrough research.

In 2009, Charlie Miller and Collin Mulliner demonstrated a method for attacking iPhones with malicious text messages, prompting Apple Inc to release a patch.

In 2011, Jay Radcliffe demonstrated methods for attacking Medtronic Inc's insulin pumps, which helped prompt an industry review of security.

Mr Santamarta published a 25-page research report in April that detailed what he said were multiple bugs in firmware used in satellite communications equipment, including aerospace, military, maritime transportation, energy and communications.

The report laid out scenarios by which hackers could launch attacks, though it did not provide the level of technical details that Mr Santamarta said he will disclose at Black Hat.

Harris spokesman Jim Burke said the company had reviewed Santamarta's paper. 'We concluded that the risk of compromise is very small,' he said.

Fear of flying: Vincenzo Iozzo, a member of Black Hat's board said: 'The type of vulnerabilities he discovered are pretty scary just because they involve very basic security things that vendors should already be aware of'

Fear of flying: Vincenzo Iozzo, a member of Black Hat's board said: 'The type of vulnerabilities he discovered are pretty scary just because they involve very basic security things that vendors should already be aware of'

Iridium spokesman Diane Hockenberry said, 'We have determined that the risk to Iridium subscribers is minimal, but we are taking precautionary measures to safeguard our users.'

One vulnerability that Santamarta said he found in equipment from all five manufacturers was the use of 'hardcoded' log-in credentials.

These are designed to let service technicians access any piece of equipment with the same login and password.

The problem is that hackers can retrieve those passwords by hacking into the firmware, then use the credentials to access sensitive systems, Mr Santamarta said.

Hughes spokeswoman Judy Blake said hardcoded credentials were 'a necessary' feature for customer service. The worst a hacker could do is to disable the communication link, she said.

Mr Santamarta said he will respond to the comments from manufacturers during his presentation, then take questions during an open Q&A session after his talk.

Vincenzo Iozzo, a member of Black Hat's review board, said Mr Santamarta's paper marked the first time a researcher had identified potentially devastating vulnerabilities in satellite communications equipment.

'I am not sure we can actually launch an attack from the passenger inflight entertainment system into the cockpit,' he said.

'The core point is the type of vulnerabilities he discovered are pretty scary just because they involve very basic security things that vendors should already be aware of.'

Threat: As technology advances so do threats on international security. Mr Santamarta said he will respond to the comments from manufacturers during his presentation

Threat: As technology advances so do threats on international security. Mr Santamarta said he will respond to the comments from manufacturers during his presentation



IFTTT

Put the internet to work for you.

Turn off or edit this Recipe

0 comments:

Post a Comment