Cyber security expert Ruben Santamarta has published a 25 page report arguing that there are several security vulnerabilities in the software used on commercial airliners. According to Santamarta, a hacker could access the aircraft’s navigation and safety systems through the plane’s WiFi signal or inflight entertainment system. This is because the communications software used by some of the leading producers of satellite equipment for the industry have several bugs that could be exploited for nefarious purposes.
One vulnerability – hardcoded log-in credentials. These credentials are designed to allow service technicians to access all equipment with the same login and password. If a hacker gains a password, he/she can use that log-in to access sensitive systems.
Manufacturers have responded to the report, stating that the likelihood of a break-in is very small. To date Santamarta has only been able to test his hacks in a controlled environment and some believe that the hacks would be impossible in a real-world situation. Santamarta, who did not outline in technical detail how these hacks could be accomplished, stands by his assertion that the planes are vulnerable and more needs to be done to protect them.
Santamarta is going to present his research and lay out the technical aspects of the hacks at this year’s Black Hat Convention; going on this week in Las Vegas. Black Hat is a five-day meeting where security professionals and hackers convene and present on the latest in cyber security.