We all love being able to enjoy our favorite shows while flying at 35,000 feet, and being able to connect to a Wi-Fi network on a plane can really help the time pass by, but a new exploit that uses the in-flight entertainment system has been found. The hack that has been uncovered by security-whiz, Ruben Santamarta can be used to attack communications satellites on the plane. On Aug. 4, Santamarta released a statement stating that he will present his research about the exploit at the Black Hat security conference in Las Vegas later this week.
Ruben Santamarta is a cyber-security expert, and it is important to state that he is not actively hacking the satellite communications equipment on-board passenger jets, he has however found a way to hack the commonly used communications equipment by hacking into the in-flight entertainment and Wi-Fi systems. Reuters have said that his research “is expected to be the most widely watched at the conference”, lets just hope that some of the people watching are from the transportation industry.
There are always major announcement like this leading up the to the Black Hat conference, and it is important to understand that just because a security researcher has found an exploit, it does not mean that just anyone can hack into a system. Santamarta has admitted that while he has been able to successfully get around the security measures that are currently in place multiple times in his lab, the exploit won’t necessarily work during flight.
The reasoning behind Santamarta’s research is pretty clear, and has obviously been needed. The communications equipment that is used today is not only used by planes, but also by ships, industrial facilities such as oil rigs and gas pipelines, and the military. The hack that Santamarta has developed attacks the equipment’s firmware and gives the hacker the ability to manipulate avionics systems, which could then be used to alter navigation.
The news that everyone is wanting to hear is that Ruben Santamarta plans on sharing all of his knowledge about the exploit at this week’s Black Hat conference. By sharing the details of the hack, the companies who make the equipment and firmware can quickly patch the holes that can currently be exploited.
Unfortunately the hack is not as elaborate as one might expect. Santamarta has revealed that the exploit simply boils down to a password vulnerability. In his research Santamarta says, "In certain cases no user interaction is required to exploit the vulnerability, just simply sending a SMS or specially crafted message from one ship to another ship can do it." The revelation that the hack is a simple one is quite concerning, and one has to wonder why the security flaw had not been found sooner.
The really upsetting news is that the exploit simply boils down to a password vulnerability. Evidently we as a race have still not come to the conclusion that strong security and strong passwords go hand-in-hand.
Source(s): BlackHat, Reuters