Hacker Says He Can Break Into Airplane Systems Using In-Flight Wi-Fi

Cybersecurity researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their Wi-Fi and in-flight entertainment systems. i i

Cybersecurity researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their Wi-Fi and in-flight entertainment systems. Andrea Comas/Reuters/Landov hide caption

itoggle caption Andrea Comas/Reuters/Landov
Cybersecurity researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their Wi-Fi and in-flight entertainment systems.

Cybersecurity researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their Wi-Fi and in-flight entertainment systems.

Andrea Comas/Reuters/Landov

Two years ago, a group at Las Vegas' annual hacker convention announced it could break into air traffic control systems.

At this year's Black Hat convention, a cybersecurity consultant, Ruben Santamarta, will discuss how he went even further: by showing it's possible to interfere with an airplane's navigation and safety systems — while on the plane and in the air — using the plane's own Wi-Fi and in-flight entertainment systems. As Reuters reports:

"Santamarta published a 25-page research report in April that detailed what he said were multiple bugs in firmware used in satellite communications equipment made by Cobham, Harris, Hughes, Iridium and Japan Radio Co for a wide variety of industries, including aerospace, military, maritime transportation, energy and communications.

"The report laid out scenarios by which hackers could launch attacks, though it did not provide the level of technical details that Santamarta said he will disclose at Black Hat."

The manufacturers say the risk of break-ins is very small, but, according to Reuters, Santamarta says simple steps can be taken to make the systems more secure: "One vulnerability that Santamarta said he found in equipment from all five manufacturers was the use of 'hardcoded' log-in credentials, which are designed to let service technicians access any piece of equipment with the same login and password."

Other topics on tap for the Black Hat convention this week include an ad network data link that can let hackers take over Android phones; how Microsoft administrator tools can be used for nefarious purposes; uncorrected security gaps during desktop computers' boot-up processes; and the potential threat of hacks in computers' USB peripherals.

Chris Hopkins is a digital editor at NPR. His favorite in-flight entertainment is Delta Air Lines' trivia game that pits passengers against one another. @chopkinsmedia

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.