A hacker can take control of a plane using a mobile device and a wi-fi connection, according to a security expert. Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems.
Santamarta who works for IOActive, is scheduled to lay out the technical details of his research at this week's Black Hat hacking conference in Las Vegas later this week. His subject is vulnerabilities in the satellite communications systems used in aerospace and other industries.
"These devices are wide open. The goal of this talk is to help change that situation," Santamarta, said.
He discovered by "reverse engineering" the firmware, used to operate communications equipment made by Cobham, Harris, EchoStar, Iridium Communications and Japan Radio he could use the inflight entertainment system to hack into its avionics equipment. He has only tested his hacks in IOActive's Madrid laboratory, and admits they might be difficult to replicate in the real world. Cobham, Harris, Hughes and Iridium said they had reviewed Santamarta's research and confirmed some of his findings.
However Cobham, whose Aviation 700 aircraft satellite communications equipment was the focus of Santamarta's research, said it is not possible for hackers to use WiFi signals to interfere with critical systems that rely on satellite communications for navigation and safety. The hackers must have physical access to Cobham's equipment, according to Cobham spokesman.
Harris spokesman Jim Burke said the company had reviewed Santamarta's paper but thought the risk was tiny.
One vulnerability that Santamarta said he found in equipment from all five manufacturers was the use of "hardcoded" log-in credentials, which are designed to let service technicians access any piece of equipment with the same login and password.
The problem is that hackers can retrieve those passwords by hacking into the firmware, then use the credentials to access sensitive systems, Santamarta said.