Categories: HackingSecurity

Hacking satellite communications equipment on passenger jets

Cyber security expert claims to be able access satellite communications equipment on passenger jets through their WiFi and in-flight entertainment systems.

Airplanes Can Be Hacked Through Wireless In-flight Entertainment System, this is not a new discovery as I explained in a post published more that one year ago and titled “Cyber Threats against the Aviation Industry“.
One year ago, the security community was surprised by the disconcerting news regarding the possibility to hack the navigation system within an airplane with an Android Smartphone. A hacker is able to take control of the entire control system on-board, including plane navigation and cockpit systems, with a mobile phone as demonstrated by the researcher Hugo Teso, a security consultant at N.runs AG, Germany. The expert demonstrated that just using an exploit framework, dubbed Simon, and an Android app, it is possible to gain remote control system inside an airplane.
The Federal Aviation Administration (FAA), the European Aviation Safety Administration (EASA) and Honeywell, which provides the vulnerable cockpit application, refused the results produced by the researcher denying any concrete risk for flight safety.

“The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot [it] does not pose a flight safety concern because it does not work on certified flight hardware.” FAA commented. 

This time a consultant with cyber security firm IOActive, Ruben Santamarta claims to be able access the satellite communications equipment on passenger jets through their WiFi and in-flight entertainment systems, with obvious consequences. The expert will present the result of his research (“SATCOM Terminals: Hacking by Air, Sea and Land”) at the next Black Hat conference, he will show how an attacker could compromise commercial airliner satellite communication systems.
In April, Santamarta presented the results of another study he conducted that allowed to uncover a variety of severe vulnerabilities in Satellite equipment widely used in numerous industries.
Satellite Communication Devices are vulnerable to cyber attacks due the presence of critical design flaws in the firmware of principal satellite terrestrial equipment. Different satellite systems manufactured by some of the world’s biggest government contractors are affected by severe vulnerabilities in software and ground-based satellite systems manufactured by British suppliers Cobham and Inmarsat.

He discovered that bad actors can hijack and disrupt communication links used in various industries including defense, aviation and communications with serious consequences for the population.
The researcher explains that ships, aircraft and industrial facilities are all potentially vulnerable to cyber attacks that could have with catastrophic results.

We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage. The ability to disrupt, inspect, modify or re-route traffic provides an invaluable opportunity to carry out attacks,” Santamarta wrote in his paper.

The researcher remarks the necessity to completely change the approach to aircraft security and other SATCOM terminals, IOActive also claimed to have verified that “100 percent of the devices could be abused” by an array of attack vectors.

In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it.” “These devices are wide open. The goal of this talk is to help change that situation.” Santamarta anticipated to the Reuters media agency.

As explained by Santamarta wrong design habit in the firmware of the device, hardcoded credentials, implementation of insecure protocols, presence of backdoors, and adoption of weak password reset processes are some sample of the flawed processed identified on the SATCOM equipment.

Santamarta doesn’t want to be alarmist, neither he will provide any exploit to support his research, but he highlights that researchers that work to the design of SATCOM systems have to carefully consider security by design.
Let me close this post with a news I published a few months ago that confirms that hacking of critical systems in an airplane could not be totally excluded, as well as any other electronic system. A report filed on the US Federal Register website indicates that Boeing has implemented additional security measures on the 777 series of aircrafts five months ago to prevent on board hacking of critical computer systems.

The improvements confirm the possibility that attackers, under particular conditions, may harm the security of the flights. Boeing announced that it was upgrading the 777-200, 777-300 and 777-300ER series with the new security features.

“These special conditions are issued for the Boeing Model 777-200, -300, and -300ER series airplanes. These airplanes, as modified by the Boeing Company, will have novel or unusual design features associated with the architecture and connectivity of the passenger service computer network systems to the airplane critical systems and data networks. This onboard network system will be composed of a network file server, a network extension device, and additional interfaces configured by customer option. The applicable airworthiness regulations do not contain adequate or appropriate safety standards for this design feature. These special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards,” states the report.

As described in the above announcement, the experts at Boing were concerned about the possibility that the passenger inflight entertainment system would be connected to critical systems of the aircraft.

The “open door” for hackers are passenger seatback entertainment systems which have USB ports and come with Ethernet. Before the modifications mentioned, there was no “separation” between entertainment systems and the overall network of the aircraft. Boeing requested the Federal Aviation Administration the permission to add a “network extension device” to separate the various systems from each other. The design features designed for Boeing Model 777-200, -300, -300ER series airplanes include an on-board computer network system and a network extension device to improve the domain separation between the airplane information services domain and the aircraft control domain. 

Let’s wait for the Santamarta presentation

Pierluigi Paganini

(Security Affairs –  satellite, hacking)  

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

2 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

14 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

18 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

23 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.