If you're about to get on an airplane, you might want to wait until you land before you read this post. Because cyber security whiz Ruben Santamarta has devised a method that can give hackers access to a passenger jet's satellite communications equipment through the passenger Wi-Fi and in-flight entertainment systems*.
Santamarta will present his research to the Black Hat security conference in Las Vegas this week. Reuters says that his talk "is expected to be one of the most widely watched at the conference". That makes sense since the exploit affects some of the most common satellite communications equipment on the market. These systems are used not only in airplanes but also ships, military vehicles, as well as industrial facilities like oil rigs, gas pipelines, and wind turbines. The hack targets the equipment's firmware and gives hackers the ability to manipulate the avionics system, which in turn could affect navigation.
"In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it". Santamarta says in the description to his talk. He told Reuters: "These devices are wide open. The goal of this talk is to help change that situation".
As with any of the types of announcements made at conference like Black Hat, it's important to realise that just because a security researcher can do it, doesn't mean evil hackers are doing it, too. Santamarta admits that the exploit won't necessarily work if hackers are trying to break into the cockpit during flight, but he is able to replicate it in a lab setting.
The good news is that Santamarta plans on revealing the nitty gritty details of the exploit in his Black Hat presentation so that the companies that make the vulnerable equipment can fix the problems. The bad news is that the nitty gritty details include the fact that the exploit boils down to a password vulnerability. Because evidently we still haven't learned our lesson about passwords. [Reuters, Black Hat]
* The in-flight entertainment screen above is not actually a photo of the exploit. It's just one of many examples of buggy in-flight entertainment systems.
Image via Flickr / paulmmay