Planes can be hacked via in-flight entertainment system, cyber-researcher finds
Image credit: Dreamstime
An in-flight entertainment system used by some of the world’s largest airlines can be breached by hackers and even used to access wider aircraft networks, a cyber security researcher has found.
Ruben Santamarta, an ethical hacker at cyber security firm IOActive, broke into the in-flight entertainment system by Panasonic and used it to display messages, control cabin lighting and access credit card details of frequent fliers. What is worse, the vulnerability could also be used to gain control over the aircraft’s controls, Santamarta said.
“I don’t believe these systems can resist solid attacks from skilled malicious actors,” the researcher told The Telegraph. “This only depends on the attacker’s determination and intentions, from a technical perspective it’s totally feasible.”
The in-flight entertainment system is used by major companies including Virgin, American and Emirates.
The revelation, according to experts, is extremely unsettling.
“Previous hacks and vulnerabilities have always been on the ground, but we’re now in the realms of something extremely scary - hacks in mid-air with no escape,” commented Alex Cruz-Farmer from cyber security lab NSFOCUS.
“The active threats will be growing, and with thousands of planes in the air, the remediation of this is going to be extremely complicated and time consuming.”
KLM, Air France, Etihad, FinnAir, Iberia, Quatar, Scandinavian and Singapore Airlines also use the vulnerable Panasonic system.
Santamarta said the airlines need to make sure that the entertainment system is not connected to aircraft controls and that critical systems are carefully isolated.
Panasonic was reportedly warned about the vulnerability in March last year. However, it has not been revealed whether the firm has implemented any safeguards since then.
“As airlines continue to add new customer-based entertainment and information technologies, airlines need to ensure that an impenetrable barrier is in place protecting aircraft control systems,” commented Stephen Gates, chief research intelligence analyst at NSFOCUS.
“It’s not too far of a stretch to suggest that flight entertainment systems could even be hacked from the ground, via the Internet access on the plane. If remote access was gained while the plane was on the ground, or by way of a hacker planting a backdoor via an infected device while in flight, hackers could cause all kinds of disruption that would not directly impact them – since they’re not even on the plane.”
Santamarta’s research into cyber-vulnerabilities of commercial aircraft gained attention already in 2014 when the hacker, who admits to be suffering from a fear of flying, discovered that it was possible to access the planes’ navigation system through a flaw in WiFi security.