The studies of Ruben Santamarta, a security consultant, showed that a flight can be hijacked by hackers and terrorists using only the airplane's in-flight Wi-Fi.
Santamarta will be discussing his findings at the yearly Black Hat gathering this week in Las Vegas, which will be attended to by both cybersecurity researchers and hackers.
Santamarta's talk at the Black Hat, entitled Satcom Terminals: Hacking by Air, Sea and Land, focuses on the vulnerabilities of the ground stations which are used to gain access to the global network of satellite-based communications.
Santamarta's team, which studied the same devices that are usually use to gain access to satellite communications networks for sea and air travel, "found that 100% of the devices could be abused."
"These vulnerabilities allow remote, unauthenticated attackers to fully compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it," according to the description of Santamarta's talk on the Black Hat website.
The several vulnerabilities found by Santamarta's research include multiple backdoor exploits, hardcoded credentials, insecure and undocumented protocols, and weak encryption algorithms.
"These devices are wide open. The goal of this talk is to help change that situation," said Santamarta to Reuters.
The talk description added that ships, airplanes, military officers, emergency responders, media companies and industrial facilities such as gas pipelines, oil rigs, wind turbines, water treatment plants and substations can be affected and exploited by the discovered vulnerabilities.
What this means is an added fear for the average airplane traveler, who are already facing several fears in terms of safety and security. The vulnerabilities will allow a hacker to use the airplane's in-flight Wi-Fi or another entertainment device to gain access to the avionics equipment of the airplane, allowing the hacker to control or interfere with the safety and navigation systems.
The exploits have only been simulated in the laboratory by Santamarta, with no real-world incidents abusing the vulnerabilities reported so far. Santamarta, however, adds that the hacks simulated in the laboratory may be hard to replicate in a real-life situation.
Satellite communications equipment manufacturers responded to Santamarta's claims, saying that their equipments are in minimal risk of being compromised. Santamarta said that he will be responding to these claims by the manufacturers on his talk at Black Hat, which is scheduled to be held on Thursday.
Photo: Matthew Hurst | Flickr
