(NaturalNews) A security consultant is sounding an alarm bell over new data he says indicates that commercial airliners can be hacked via their onboard Wi-Fi systems.
Much of the equipment that planes and ships use to access satellite communications networks is wide open like the sea and sky itself, says Reuben Santamarta, who posted his conclusions at the Black Hat website [www.blackhat.com].
As noted by CNet's Eric Mack, who reported on Santamarta's conclusions:
In a world where everything from the latest breaking news to "Lost" provides plenty of reasons to worry about your next flight, here's one more thing to justify your travel neuroses -- it's theoretically possible for a flight to be hijacked using only the in-flight Wi-Fi.
I'll wait while you strongly reconsider that weekend getaway plane ride to the beach or grandma's house.
'100 percent of devices can be abused'
Santamarta is scheduled to present his findings in early August at the annual Black Hat gathering of hackers and cyber security researchers in Las Vegas. His research focuses on the vulnerabilities of ground stations that are used to patch into the United States' global network of satellite-based communications, for navigation, communication and global positioning.
According to a preview of Santamarta's talk on the Black Hat website, his team used the same devices often used to access satellite communications networks for air and sea travel and "found that 100 percent of the devices could be abused."
The vulnerabilities he exposed could allow for remote, unauthorized users to hack into systems that "we really don't want unauthorized users going anywhere near," Mack wrote. What's more, he said, exploiting such faults "can be disturbingly simple."
"In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it," Santamarta said.
"In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it."
In his posting to the Black Hat website, Santamarta wrote:
We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage. The ability to disrupt, inspect, modify, or re-route traffic provides an invaluable opportunity to carry out attacks.
SATCOM infrastructure can be divided into two major segments, space and ground. Space includes those elements needed to deploy, maintain, track, and control a satellite. Ground includes the infrastructure required to access a satellite repeater from Earth station terminals.
"These vulnerabilities allow remote, unauthenticated attackers to fully compromise the affected products," he added.
Data management systems - not flight controls
What is perhaps most terrifying to the average air traveler, noted Mack, is "the notion that a hacker could theoretically use in-flight Wi-Fi or another entertainment system" to hack into a commercial airliner's avionics gear, thereby interfering with or altering navigational or safety systems.
"These devices are wide open. The goal of this talk is to help change that situation," Santamarta told Reuters.
But others, including many aviation experts, say that hacking a plane via its inflight entertainment system is virtually impossible. Marisa Garcia, an aviation expert who also serves as Skift.com's aviation editor, said the systems that Santamarta claims to have hacked are data management systems - not flight controls.
"They are encrypted, then encoded. They are useful only to know how the aircraft's various components perform in-flight," Garcia explained. "It's a jumble of data of value only to the manufacturer of a particular component. Even airlines can't make much sense of it, nor do they need to."
She went on to note that aircraft are not networked together like computers, so accessing one system does not give someone control to others.
"Though digital has been entering the skies slowly, it has only done so after critical issues which could compromise the aircraft have been thoroughly analyzed, tested, and satisfactorily addressed," Garcia said.